find all members of a group, print them out

[Fletcher]

I want to do a filtered query of the AD (I have win2k3 and win2k server DCs)
to reveal all members of a group... but when I try to do a find, and then
use the "advanced" features and tell it "user" - > "member of" -> "is
exactly" then put the name of the group in there I get no results?

So my question is, how can you output all of the members of an AD group so
that you can put it in say, word.. and then print out the list? Is there an
easy way? I couldn't find anything in the KB on this either.

Thanks,
Craig

 

[Matjaz Ladava [MVP]]

You must specify a dn (distinguished name) of a group. For example, if the
group name is Group1, located in OU called Test in domain domain.com, then
you have to enter
cn=Group1,ou=Test,dc=domain,dc=com
in member of is (exactly) query
--
Regards

Matjaz Ladava, MCSE (NT4 & 2000), MVP
(e-mail address removed)
http://ladava.com

 

[Fletcher]

thank you - How do you determine the DN of a group? I looked but did not
find it anywhere obvious...

Craig

 

[Matjaz Ladava [MVP]]

Distinguish name is a LDAP path to an AD object and it is quite easy to
compose (like file path). If you know the location of a Group in AD, then
LDAP path is composed of cn=groupname, ou=ouname,ou...,dc=domain,dc=local
(for domain.local). The location of a group can be determined trough AD
Users and Computers. You can get some help, by enabling Advanced View in AD
users and computers and see object tab in group property. There you will see
a canonical name, which can be used to construct dn. Another method would be
to create a custom LDAP query, which would return dn of a group object. The
last resort is also ADSIEdit, which you can use, to browse AD objects
attributes. There is a distinguishedName attribute, that holds this
information.

--
Regards

Matjaz Ladava, MCSE (NT4 & 2000), MVP
(e-mail address removed)
http://ladava.com