LDAP query does not work for group domain users

Question

LDAP query does not work for group domain users

I am running a query (memberof=CN=Domain Users,DC=MYDOMAIN, DC=MYCOM)

but it returns a null result, the same query, if I run for another group, returns the results.

+4

active-directory

Breakhead Apr 22 '11 at 11:25

source share

2 answers

, . Domain Users . - , , - , .

. AD.

, , ....

+2

marc_s 22 . '11 11:30

JPBlanc · Accepted Answer · 2011-04-25T07:38:02+0000

As far as I understand, when you create a user, he is a member by default Domain Users. You cannot see it in the attribute memberOf, but you can see it in primaryGroupID (513=(GROUP_RID_USERS)). You cannot suppress it unless you add a group and make it primaryGoup for a given user.

enter image description here

A command like the one below allows you to create a list of people related to Domain Users.

ldifde -f file.ldf -d "ou=Monou,dc=dom,dc=fr" -r "(&(objectclass=user)(|(primaryGroupID=513)(memberOf=CN=Utilisateurs du domaine,CN=Users,DC=dom,DC=fr)))"

be careful

French names are used here ("Utilisateurs du domaine" = "Domain Users")
Windows 2008 R2 ldifde Administrator, memberOf.

.

. . . .

MonGroupe.

RID, .

LDAP query does not work for group domain users

More articles: