Bug found with filter option using AD advanced search

  • Thread starter Thread starter andysideas
  • Start date Start date
A

andysideas

I have a Windows 2003 Active Directory server (without SP1 installed)

What I want to do is email a list of people who are NOT a member of a
specific group.

I know that a VBS script would do this simply, but I do not work with
VBscripts on a regular basis, so have opted to use the Microsoft
Advanced Find in Active Directory MMC.



I have 3091 user objects. I first perform a search using no criteria to
display all of my users.

I then click on the VIEW menu and choose FILTER.
(This display a filter menu above each colum.)

I then add a colum that display the MEMBER OF
I then click on the filter and start to type. After about 3 characters
it simply exits and closes the MMC (i.e a crash)

Can someone else test this if you have an AD with a similar number of
objects. I have tried it on several computers and the server directly
and the problem is still there.
 
I have a Windows 2003 Active Directory server (without SP1 installed)

What I want to do is email a list of people who are NOT a member of a
specific group.

I know that a VBS script would do this simply, but I do not work with
VBscripts on a regular basis, so have opted to use the Microsoft
Advanced Find in Active Directory MMC.



I have 3091 user objects. I first perform a search using no criteria to
display all of my users.

I then click on the VIEW menu and choose FILTER.
(This display a filter menu above each colum.)

I then add a colum that display the MEMBER OF
I then click on the filter and start to type. After about 3 characters
it simply exits and closes the MMC (i.e a crash)

Can someone else test this if you have an AD with a similar number of
objects. I have tried it on several computers and the server directly
and the problem is still there.
Click to expand...

The Domain Controller I have at the moment is Windows 2000, but I select
View, Filter Options, Create Custom Filter and click "Customize". On the
"Advanced" tab I enter an LDAP query. In your case, if the Distinguished
Name of the group is:

cn=MyGroup,ou=Sales,dc=MyDomain,dc=com

you can use:

(&(objectCategory=person)(!memberOf=cn=MyGroup,ou=Sales,dc=MyDomain,dc=com))

The (objectCategory=person) clause restricts to users and contacts. The "!"
symbol is the "Not" operator. The memberOf attribute is collection of the
Distinguished Names of groups the user is a direct member of. It does not
reveal nested group memberships. It also does not reveal the "Primary" group
of the user. The above LDAP query should reveal all users that are not
direct members of the group. I hope this helps.
 
Back
Top