Managed by AD Groups

Hi Experts,

I am trying to allow project managers to delegate permissions to their teams by adding and removing members from groups using AD, the dsquery tool and the managed by option for groups

I found the following article which was fantastic

However, when testing this as a test user, i'm finding that no matches are returned when searching for a group.
Are there any special permissions required to perform a search?

I obviously only want to grant the users the bare minimum permissions in order to achieve this, so presently they are only domain users and members of a PM group which has permissions to some of the other access groups under the managed by field

Any ideas?

Kind Regards
Graham HirstIT EngineerAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

No special permissions are required
by default users can view all objects in Ad as authenticated users
u need to select entire directory as search scope and group names should be correct for search
if groups are added in ou where u have restricted other users permissions by disabling inheritance, u will not be able to search
Vikas BhatExperienced IT Infrastructure Services/operations ManagerCommented:
Could you please clarify more, "no matches are returned when searching for a group" where are you searching. I assume that it is users outlook and in that case if you have followed all the steps then you can correct the group scopegroup scope as shown in the picture.
Graham HirstIT EngineerAuthor Commented:
Definitely searching the entire directory, and inheritance is enabled

@Vikas Bhat
Using the following tool
rundll32 dsquery,OpenQueryWindow
The groups are global security
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Graham HirstIT EngineerAuthor Commented:
Also, more confounding, as the user, i can browse the folder directory using the tool. Its just the groups themselves that do not appear
Graham HirstIT EngineerAuthor Commented:
Found the issue. There was a GPO confusing matters
Maximum size of active directory searches which was set to 0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Shaun VermaakTechnical Specialist/DeveloperCommented:
I would not use that. Install RSAT's DSA (Users and Computers) on these PM's computers
Graham HirstIT EngineerAuthor Commented:
Hi Shaun,

Any particular reason why you don't recommend DSQuery? And what would be the advantage of using RSAT's DSA?

Kind Regards
Shaun VermaakTechnical Specialist/DeveloperCommented:
RSAT's DSA is the preferred method to interact with AD, especially if certain functions are not woring
Graham HirstIT EngineerAuthor Commented:
Resolved the issue myself
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
group membership

From novice to tech pro — start learning today.