Windows / Active Directory - User / Groups

Question

I'm looking for a way to find a the windows login associated with a specific group. I'm trying to add permissions to a tool that only allows names formatted like:

DOMAIN\USER 
DOMAIN\GROUP

I have a list of users in active directory format that I need to add:

ou=group1;ou=group2;ou=group3

I have tried adding DOMAIN\Group1, but I get a 'user not found' error.

P.S. should also be noted that I'm not a Lan admin

Answer 1

Programatically or Manually?

Manually, i prefer AdExplorer, which is a nice Active directory Browser. You just connect to your domain controller and then you can look for the user and see all the details. Of course, you need permissions on the Domain Controller, not sure which though.

Programatically, it depends on your language of couse. On .net, the System.DirectoryServices Namespace is your friend. (I don't have any code examples here unfortunately)

For Active Directory, I'm not really an expert apart from how to query it, but here are two links I found useful:

http://www.computerperformance.co.uk/Logon/LDAP_attributes_active_directory.htm

http://en.wikipedia.org/wiki/Active_Directory (General stuff about the Structure of AD)

Answer 2

You need to go to the Active Directory Users Snap In after logging in as a domain admin on the machine:

1. Go to start --> run and type in mmc.
2. In the MMC console go to File -->
3. Add/Remove Snap-In Click Add Select
4. Active Directory Users and Computers and select Add.
5. Hit Close and then hit OK.

From here you can expand the domain tree and search (by right-clicking on the domain name).

You may not need special privileges to view the contents of the Active Directory domain, especially if you are logged in on that domain. It is worth a shot to see how far you can get.

When you search for someone, you can select the columns from View --> Choose Columns. This should help you search for the person or group you are looking for.