locked
find all memberOf groups, including cross-domain, of a group using LDAP RRS feed

  • Question

  • User688110063 posted

    So this is my configuration (simplified for the sake of simplicity):

    Setup:

    I have two DCs (numbered list for reference):

    1. DC=one,DC=company,DC=com
    2. DC=two,DC=company,Dc=com

    In each of them I have a few groups:

    1. DC=one,DC=company,DC=com
      1. one.company.com\some\folder\group1
      2. one.company.com\some\other\folder\group2
      3. one.company.com\some\different\folder\here\group3
    2. DC=two,DC=company,Dc=com
      1. two.company.com\some\folder\group4
      2. two.company.com\some\other\folder\group5

    Then group1 is a memeber of:

    • one.company.com\some\other\folder\group2
    • one.comapny.com\some\different\folder\here\group3
    • two.company.com\some\folder\group4

    So group1 exists in the one.company.com DC and is a member of groups that exist in both DCs: one.company.com and two.company.com.

    Question

    I'm trying to figure out how I can query AD for group1 and get all of the groups which it is a memberOf across all the DCs?

    This is the result of various LDAP calls I've tried:

    • <LDAP://DC=one,DC=company,DC=com>;(&(objectCategory=group)(objectClass=group)(name=group1));name,memberOf;subtree
      • returns the 2 groups in one.company.com but not the group in two.company.com
    • <LDAP://DC=company,DC=com>;(&(objectCategory=group)(objectClass=group)(name=group1));name,memberOf;subtree
      • error (as expected)
    • <GC://DC=company,DC=com>;(&(objectCategory=group)(objectClass=group)(name=group1));name,memberOf;subtree
      • returns the 1 group in two.company.com but not the groups in one.company.com (but not sure why)
    • <GC://DC=corp,DC=company,DC=com>;(&(objectCategory=group)(objectClass=group)(name=group1));name,memberOf;subtree
      • returns the 1 group in two.company.com but not the groups in one.company.com (but not sure why)
    Monday, August 17, 2015 11:54 AM

Answers

  • User-166373564 posted

    Hi

    IMTheNachoMan

    I'm trying to figure out how I can query AD for group1 and get all of the groups which it is a memberOf across all the DCs?

    group4 is universal group, right?

    Please try this: GC://DC=one,DC=company,DC=com>;(&(objectCategory=group)(objectClass=group)(name=group1));name,memberOf;subtree

    Please let me know if you need any help.

    With regards,

    Angie

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Thursday, August 20, 2015 4:56 AM