Create a Saved Query that Displays Group Members

Thursday, February 28, 2008

Saved Queries in Active Directory Users and Computers (ADUC) allow you to create simple or advanced LDAP queries against the Active Directory that can be saved, reused and edited. Examples might be a query displaying all locked out users in the domain or all the users who have a mailbox on a particular Exchange server and have the word "Manager" in their title.


A client I worked with needed a query that displayed all the members of a certain (large) group. This would allow him to select all the users at once and move their mailboxes to another server.


Try as he might, he couldn't get the query to display the group's members. It turns out this is because the group name must be entered using its distiguished name. Here's how to do it:


  • Use ADSIEdit.msc (in the Windows Support Tools) and navigate to the group

  • View the properties of the group to reveal the distinguishedName attribute value and copy it to the clipboard (shown above)

  • Open ADUC, right-click Saved Queries and select New query

  • Enter a name for your query, "Accounting Group Members"

  • Click the Define Query button

  • Select Users, Contacts, and Groups from the Find: dropdown list

  • Click the Advanced tab

  • Click Field > User > Member of

  • With the condition of "is (exactly)", paste the group's distinguishedName into the Value field and click Add

  • Click OK twice to complete the query

16 comments:

  1. Nice... great trick...
    dont event have to use many commnad
    good post bro...

    ReplyDelete
  2. Great post, I had had this problem before and never thought to resolve it like this. Big help.
    Daron

    ReplyDelete
  3. Thanks a lot...helped me and I wont for get this...

    ReplyDelete
  4. Good post, but it only returns users of my current domain. If I click on the "members" tab of the group, I get members of the group from other domains, which is correct. Can you help with this?

    ReplyDelete
  5. Nice post, easy without having to learn the query on the fly!!

    ReplyDelete
  6. Simply the best. I think it's the only post on the net that really explains how to get it. thank you very much!

    ReplyDelete
  7. Thanks for the tip

    ReplyDelete
  8. Great post thanks for the info.

    ReplyDelete
  9. hello - thank you for the Info Jeff. however how do go about in creating a query that also displays the names of the group members alongside their names? Do I need to add another condition in advanced? What attribute do I use? Do I use "proxyAddresses"? if so, how exactly?

    Many thanks, Max.

    ReplyDelete
  10. nice share, very helpfully :)

    ReplyDelete
  11. Thanks for sharing. How do I query multiple group members?

    ReplyDelete
  12. When I go to View... Add/RemoveColumns i don't see Members Of as a display option as it is if I am using the Find GUI. In this post you tell us how to restrict by Member Of, but is there any way to display what each user is a Member of?

    ReplyDelete
    Replies
    1. Thanks! I do have the Advanced Features checked... but in the available list of Add/Remove Columns, Member Of is not listed.

      Delete

Thank you for your comment! It is my hope that you find the information here useful. Let others know if this post helped you out, or if you have a comment or further information.