Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

LDAP query not work for group Domain Users

I run a query (memberof=CN=Domain Users,DC=MYDOMAIN, DC=MYCOM)

but it return zero result, same query if I run for other group it return results.

like image 800
BreakHead Avatar asked Apr 22 '11 11:04

BreakHead


1 Answers

As far as I understand, when you create a user it's by default member of Domain Users. You can't see it in the memberOf attribute, but you can see it in the primaryGroupID (513=(GROUP_RID_USERS)). You can't suppress it unless you add a group and make it primaryGoup for a given user.

enter image description here

A command like the following can allow you to build the list of people belonging to Domain Users.

ldifde -f file.ldf -d "ou=Monou,dc=dom,dc=fr" -r "(&(objectclass=user)(|(primaryGroupID=513)(memberOf=CN=Utilisateurs du domaine,CN=Users,DC=dom,DC=fr)))"

Be Careful

  1. Here french names are used ("Utilisateurs du domaine"="Domain Users")
  2. on my Windows 2008 R2 I HAVE TO RUN the ldifde command as Administrator to be able to filter on memberOf attribute.

Changing the Primary group.

There is just ONE primary group. You can change the primary group. For that, you add the user to another group and make it primary. Then Primary group will be change to the RID of the other group

Here under the primary Group is MonGroupe.

enter image description here

You can see the RID when it's selected as primary group.

enter image description here

like image 99
JPBlanc Avatar answered Oct 10 '22 01:10

JPBlanc