Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Query to list all users of a certain group

Tags:

active-directory

ldap

ldap-query

How can I use a a search filter to display users of a specific group?

I've tried the following:

(&     (objectCategory=user)     (memberOf=MyCustomGroup) )

and this:

(&     (objectCategory=user)     (memberOf=cn=SingleSignOn,ou=Groups,dc=tis,dc=eg,dc=ddd,D‌​C=com) )

but neither display users of a specific group.

like image 576
Madam Zu Zu Avatar asked Mar 27 '12 13:03

Madam Zu Zu

People also ask

How do I list all users in ad group?

Use Get-ADGroupMember cmdlet to List Members of an Active Directory Group. The PowerShell Get-ADGroupMember cmdlet is used to list the members of an Active Directory group. You can just type the cmdlet in a PowerShell window and you'll be prompted to enter the name of the group you want to use.

How do I list users in LDAP?

On the navigation tree, select Device User > LDAP Users from the navigation tree. The list displays all LDAP users and includes the following columns: Account Name—Account name of the LDAP user. Device User Group—Device user group to which the LDAP user belongs.

What is MemberOf in LDAP?

MemberOf is an LDAP AttributeType where the value is the DN of an LDAP Entry is the Group that the current LDAP Entry is a member in a Group and is referred to as a Forward Reference. ( or Virtual Attribute)

2 Answers

memberOf (in AD) is stored as a list of distinguishedNames. Your filter needs to be something like:

(&(objectCategory=user)(memberOf=cn=MyCustomGroup,ou=ouOfGroup,dc=subdomain,dc=domain,dc=com))

If you don't yet have the distinguished name, you can search for it with:

(&(objectCategory=group)(cn=myCustomGroup))

and return the attribute distinguishedName. Case may matter.

like image 143
Kodra Avatar answered Oct 06 '22 06:10

Kodra

For Active Directory users, an alternative way to do this would be -- assuming all your groups are stored in OU=Groups,DC=CorpDir,DC=QA,DC=CorpName -- to use the query (&(objectCategory=group)(CN=GroupCN)). This will work well for all groups with less than 1500 members. If you want to list all members of a large AD group, the same query will work, but you'll have to use ranged retrieval to fetch all the members, 1500 records at a time.

The key to performing ranged retrievals is to specify the range in the attributes using this syntax: attribute;range=low-high. So to fetch all members of an AD Group with 3000 members, first run the above query asking for the member;range=0-1499 attribute to be returned, then for the member;range=1500-2999 attribute.

like image 23
sigint Avatar answered Oct 06 '22 08:10

sigint
Sign in to Comment

Related questions

AD vs ADFS vs LDAP: Explain it like I'm 5
Connect to Active Directory via LDAP
Adding and removing users from Active Directory groups in .NET
Powershell script to see currently logged in users (domain and machine) + status (active, idle, away)
Powershell v3.0 pipe issue
ASP.NET Core 2.0 LDAP Active Directory Authentication
See if user is part of Active Directory group in C# + Asp.net
Error 0x80005000 and DirectoryServices
Querying Windows Active Directory server using ldapsearch from command line
Sql Server 2005 how to change dbo login name
ldap nested group membership
IIS application using application pool identity loses primary token?
Configure ASP.NET MVC for authentication against AD
User Group and Role Management in .NET with Active Directory
How to check if a user belongs to an AD group?
How do I use MS-XCEP and MS-WSTEP in .NET or JavaScript to get a certificate from AD CS?
Can I get more than 1000 records from a DirectorySearcher?
How to determine if user account is enabled or disabled
How to keep the shell window open after running a PowerShell script?
Authenticating against Active Directory with Java on Linux

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!