SyntaxFix

[active-directory] Query to list all users of a certain group

How can I use a a search filter to display users of a specific group?

I've tried the following:

(&
    (objectCategory=user)
    (memberOf=MyCustomGroup)
)

and this:

(&
    (objectCategory=user)
    (memberOf=cn=SingleSignOn,ou=Groups,dc=tis,dc=eg,dc=ddd,D??C=com)
)

but neither display users of a specific group.

This question is related to active-directory ldap ldap-query

The answer is

And the more complex query if you need to search in a several groups:

(&(objectCategory=user)(|(memberOf=CN=GroupOne,OU=Security Groups,OU=Groups,DC=example,DC=com)(memberOf=CN=GroupTwo,OU=Security Groups,OU=Groups,DC=example,DC=com)(memberOf=CN=GroupThree,OU=Security Groups,OU=Groups,DC=example,DC=com)))

The same example with recursion:

(&(objectCategory=user)(|(memberOf:1.2.840.113556.1.4.1941:=CN=GroupOne,OU=Security Groups,OU=Groups,DC=example,DC=com)(memberOf:1.2.840.113556.1.4.1941:=CN=GroupTwo,OU=Security Groups,OU=Groups,DC=example,DC=com)(memberOf:1.2.840.113556.1.4.1941:=CN=GroupThree,OU=Security Groups,OU=Groups,DC=example,DC=com)))

If the DC is Win2k3 SP2 or above, you can use something like:

(&(objectCategory=user)(memberOf:1.2.840.113556.1.4.1941:=CN=GroupOne,OU=Security Groups,OU=Groups,DC=example,DC=com))

to get the nested group membership.

Source: https://ldapwiki.com/wiki/Active%20Directory%20Group%20Related%20Searches

For Active Directory users, an alternative way to do this would be -- assuming all your groups are stored in OU=Groups,DC=CorpDir,DC=QA,DC=CorpName -- to use the query (&(objectCategory=group)(CN=GroupCN)). This will work well for all groups with less than 1500 members. If you want to list all members of a large AD group, the same query will work, but you'll have to use ranged retrieval to fetch all the members, 1500 records at a time.

The key to performing ranged retrievals is to specify the range in the attributes using this syntax: attribute;range=low-high. So to fetch all members of an AD Group with 3000 members, first run the above query asking for the member;range=0-1499 attribute to be returned, then for the member;range=1500-2999 attribute.

Source: Stackoverflow.com

Examples related to active-directory

Powershell: A positional parameter cannot be found that accepts argument "xxx" How to switch to another domain and get-aduser How can I verify if an AD account is locked? Powershell script to see currently logged in users (domain and machine) + status (active, idle, away) Querying Windows Active Directory server using ldapsearch from command line How to list AD group membership for AD users using input list? Import-Module : The specified module 'activedirectory' was not loaded because no valid module file was found in any module directory What are CN, OU, DC in an LDAP search? PowerShell script to return members of multiple security groups How do I get specific properties with Get-AdUser

Examples related to ldap

LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1 Querying Windows Active Directory server using ldapsearch from command line What are CN, OU, DC in an LDAP search? LDAP server which is my base dn Easy way to test an LDAP User's Credentials LDAP filter for blank (empty) attribute LDAP Authentication using Java How to create and add users to a group in Jenkins for authentication? Query to list all users of a certain group using wildcards in LDAP search filters/queries

Examples related to ldap-query

What are CN, OU, DC in an LDAP search? Query to list all users of a certain group Active Directory LDAP Query by sAMAccountName and Domain

Tags

Actor-model Compilation Subnet Malware Django-custom-tags Concrete-inheritance Registerclientscriptblock Asp.net-mvc-beta1 Groff Bump Pywin32 Development-process String-externalization Numeric-keypad Recent-file-list Windows-live-writer Pdf-extraction Dbd Sampling Deque Friend-function Run-length-encoding Fuzz-testing Msxml3 Nspreferencepane Andromda Dataprovider Compression Percentage Rtf Jzmq Geodjango Sqlalchemy Chop Newsequentialid Scroll-lock Srs Selectlistitem Openflashchart2 Ibm-jdk Libvpx Python-egg-cache Cloud Diamond-problem Idbcommand Php Time-precision Ll Libsndfile Xml-configuration Gridviewcolumn Sha512 Open4 Social-media Intermittent Floppy Grid-computing Tapi Activity-indicator Knn Unity-interception Direction Android-preferences Hyperion Cpropertysheet Dsdt Dex Lockless Ip-restrictions String-table Binding-expressions Iis-express Flexbuilder Leaderboard Xml-encoding Inspect Documents Nspr Wifstream Zeromq Neato Robots.txt Stack-unwinding Python-db-api Sqldbtype Clustered-index Linq-to-nhibernate Mathml Vml Fabric Weak-events Visiblox Procedural-programming Bamboo Core-services Nsset N-queens Adview Gtkbuilder Ruby-ripper