Query to list all users of a certain group

Question

How can I use a a search filter to display users of a specific group   I ve tried the following     amp       objectCategory user       memberOf MyCustomGroup      and this     amp       objectCategory user       memberOf cn SingleSignOn ou Groups dc tis dc eg dc ddd D  C com         but neither display users of a specific group

User · Answer

If the DC is Win2k3 SP2 or above  you can use something like     amp  objectCategory user  memberOf 1 2 840 113556 1 4 1941  CN GroupOne OU Security Groups OU Groups DC example DC com    to get the nested group membership   Source  https   ldapwiki com wiki Active 20Directory 20Group 20Related 20Searches

User · Answer

memberOf  in AD  is stored as a list of distinguishedNames   Your filter needs to be something like     amp  objectCategory user  memberOf cn MyCustomGroup ou ouOfGroup dc subdomain dc domain dc com     If you don t yet have the distinguished name  you can search for it with     amp  objectCategory group  cn myCustomGroup     and return the attribute distinguishedName  Case may matter

User · Answer

And the more complex query if you need to search in a several groups    amp  objectCategory user    memberOf CN GroupOne OU Security Groups OU Groups DC example DC com  memberOf CN GroupTwo OU Security Groups OU Groups DC example DC com  memberOf CN GroupThree OU Security Groups OU Groups DC example DC com    The same example with recursion    amp  objectCategory user    memberOf 1 2 840 113556 1 4 1941  CN GroupOne OU Security Groups OU Groups DC example DC com  memberOf 1 2 840 113556 1 4 1941  CN GroupTwo OU Security Groups OU Groups DC example DC com  memberOf 1 2 840 113556 1 4 1941  CN GroupThree OU Security Groups OU Groups DC example DC com

User · Answer

For Active Directory users  an alternative way to do this would be -- assuming all your groups are stored in OU Groups DC CorpDir DC QA DC CorpName -- to use the query   amp  objectCategory group  CN GroupCN    This will work well for all groups with less than 1500 members  If you want to list all members of a large AD group  the same query will work  but you ll have to use ranged retrieval to fetch all the members  1500 records at a time   The key to performing ranged retrievals is to specify the range in the attributes using this syntax  attribute range low-high  So to fetch all members of an AD Group with 3000 members  first run the above query asking for the member range 0-1499 attribute to be returned  then for the member range 1500-2999 attribute

[active-directory] Query to list all users of a certain group

Examples related to active-directory

Examples related to ldap

Examples related to ldap-query