Question

Locked

How Do I Search Active Directory Properly? (Don't laugh...)

By lfruchter ·
Hello Sages,

I'm desperate and dumb here... I run my public school's net with AD on Server 2003 (Did I mention we're a public school?) and I've discovered that somehow after my last batch upload of new student accounts, I've got some students who are only members of the group "Domain Users" instead of being members of both "Domain Users" and the more restrictive group "Students".

The fix is easy, I know: simply find the students who are missing the Student group membership and add it to their accounts, but I'm stymied by the Find function in AD! Here's what I'm doing:

1) Find --> "Users, Contacts and Groups"
2) In --> Students OU (the OU that holds all the student accounts)
3) Advanced search tab
4) Field --> User / Member of
5) Condition --> Is not
6) Value --> Students

and it returns nothing!!! Not only that, but even if I tell it to find users who are members of the Student group in the Student OU it still returns nothing!

Obviously I do not know how to provide the correct search values. Can anyone tell me what I am doing wrong?

(Perhaps obviously I am also not a scripting wiz, so please try to help me without recourse to LDAP and other things that go way over my head.)

Thanks so much for any help that can open my eyes!

All best and admiration,
Lev in Brooklyn

This conversation is currently closed to new comments.

3 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Answers

Collapse -

LDAP query to find the users not present in the group

by Michael_IN In reply to How Do I Search Active Di ...

You can simply add all the missing users to the restrictive group. Please follow the below steps.

Open Active Directory Users and Computers
Create a new Search query (New query -> Define query -> Select Custom search -> Select Advanced)
And enter this ldap query
(&(objectclass=user)(objectclass=user)(!memberof=CN=restrictive,CN=Users,DC=Domain,DC=local))

Name the query and provide the description and save it.

This query will list all the users who are not present in the group restrictive (you need to use the distinguishedname format in ldap query)

Simply select all the users, right click, Add users to group, select the group "restrictive".

Collapse -

Tool

by Michael_IN In reply to LDAP query to find the us ...

Also you can try ASN Active Directory Manager to manage your Active Directory in bulk.
Please visit http://adsysnet.com/asn-active-directory-manager-features.aspx

Back to Networks Forum
3 total posts (Page 1 of 1)  

Related Discussions

Related Forums