how do I use dsquery to list all members of a group?
how do I use dsquery to list all members of a group?
joey wrote:
> how do I use dsquery to list all members of a group?
>
Command line tools like dsquery are difficult to use. If it can be done with
dsquery, I can't figure it out. I would suggest using Joe Richards' free
adfind utility. See this link:
http://www.joeware.net/freetools/tools/adfind/index.htm
The syntax for finding all direct members of a group would be similar to:
adfind -b dc=MyDomain,dc=com -f "(memberOf=cn=Test
Group,ou=West,dc=MyDomain,dc=com)" dn
The reasons this utility is so useful is that you can use standard LDAP
filters and refer to attributes by their real names, rather than trying to
remember some shortcut. If you want to see the sAMAccountName's of the
members, add that attribute at the end. If you want to restrict the members
to user objects (not groups or computers), adjust the filter. For example
(watch line wrapping, this is one line):
adfind -b dc=MyDomain,dc=com -f
"(&(objectCategory=person)(objectClass=user)(memberOf=cn=Test
Group,ou=West,dc=MyDomain,dc=com))" dn sAMAccountName
--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--
Bookmarks