Ldap query to list groups a user is a member of?

Discussion in 'Active Directory' started by EagleA, Feb 24, 2008.

    Hi all

    vbs-ADSI scripting apart, is there a way to build a custom LDAP query
    (that can be used in Saved Queries in ADUC to list all groups a user is
    a member of?

    I have tried to use


    EagleA, Feb 24, 2008
  2. You need the full Distinguished Name (DN) of the user. The query could be
    similar to:


    This will return all groups the specified user is a direct member of, except
    for the "primary" group of the user. If the user DN has an embedded comma,
    escape it with the backslach "\" escape character. For example:

    Richard Mueller [MVP], Feb 24, 2008
    You can follow Richard's advice, although keep in mind (as he pointed out)
    that this approach does not give you the membership in nested groups. If
    that's your goal, you might want to try approach outlined in
    http://dunnry.com/blog/TransitiveLinkValueFilterEvaluation.aspx (note that
    this still does not include the primary group)

    Marcin, Feb 24, 2008
