Ldap query to list groups a user is a member of?

Discussion in 'Active Directory' started by EagleA, Feb 24, 2008.

  1. EagleA

    EagleA Guest

    Hi all

    vbs-ADSI scripting apart, is there a way to build a custom LDAP query
    (that can be used in Saved Queries in ADUC to list all groups a user is
    a member of?

    I have tried to use

    (group=*)(&(user=User1)(MemberOf=*))

    ?
     
    EagleA, Feb 24, 2008
    #1
    1. Advertisements

  2. You need the full Distinguished Name (DN) of the user. The query could be
    similar to:

    (&(objectCategory=group)(member=cn=Jim
    Smith,ou=Sales,ou=West,dc=MyDomain,dc=com))

    This will return all groups the specified user is a direct member of, except
    for the "primary" group of the user. If the user DN has an embedded comma,
    escape it with the backslach "\" escape character. For example:

    (&(objectCategory=group)(member=cn=Smith\,
    James,ou=Sales,ou=West,dc=MyDomain,dc=com))
     
    Richard Mueller [MVP], Feb 24, 2008
    #2
    1. Advertisements

  3. EagleA

    Marcin Guest

    You can follow Richard's advice, although keep in mind (as he pointed out)
    that this approach does not give you the membership in nested groups. If
    that's your goal, you might want to try approach outlined in
    http://dunnry.com/blog/TransitiveLinkValueFilterEvaluation.aspx (note that
    this still does not include the primary group)

    hth
    Marcin
     
    Marcin, Feb 24, 2008
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.