Saved Queries in Active Directory Users and Computers (ADUC) allow you to create simple or advanced LDAP queries against the Active Directory that can be saved, reused and edited. Examples might be a query displaying all locked out users in the domain or all the users who have a mailbox on a particular Exchange server and have the word "Manager" in their title.
A client I worked with needed a query that displayed all the members of a certain (large) group. This would allow him to select all the users at once and move their mailboxes to another server.
Try as he might, he couldn't get the query to display the group's members. It turns out this is because the group name must be entered using its distiguished name. Here's how to do it:
- Use ADSIEdit.msc (in the Windows Support Tools) and navigate to the group
- View the properties of the group to reveal the distinguishedName attribute value and copy it to the clipboard (shown above)
- Open ADUC, right-click Saved Queries and select New query
- Enter a name for your query, "Accounting Group Members"
- Click the Define Query button
- Select Users, Contacts, and Groups from the Find: dropdown list
- Click the Advanced tab
- Click Field > User > Member of
- With the condition of "is (exactly)", paste the group's distinguishedName into the Value field and click Add
- Click OK twice to complete the query
Nice... great trick...
ReplyDeletedont event have to use many commnad
good post bro...
Great post, I had had this problem before and never thought to resolve it like this. Big help.
ReplyDeleteDaron
Thanks a lot...helped me and I wont for get this...
ReplyDeleteThanks a lot...
ReplyDeleteGood post, but it only returns users of my current domain. If I click on the "members" tab of the group, I get members of the group from other domains, which is correct. Can you help with this?
ReplyDeleteNice post, easy without having to learn the query on the fly!!
ReplyDeleteSimply the best. I think it's the only post on the net that really explains how to get it. thank you very much!
ReplyDeleteU rock!! Thnx for sharing...
ReplyDeleteThanks for the tip
ReplyDeleteGreat post thanks for the info.
ReplyDeletehello - thank you for the Info Jeff. however how do go about in creating a query that also displays the names of the group members alongside their names? Do I need to add another condition in advanced? What attribute do I use? Do I use "proxyAddresses"? if so, how exactly?
ReplyDeleteMany thanks, Max.
nice share, very helpfully :)
ReplyDeleteThanks for sharing. How do I query multiple group members?
ReplyDeleteWhen I go to View... Add/RemoveColumns i don't see Members Of as a display option as it is if I am using the Find GUI. In this post you tell us how to restrict by Member Of, but is there any way to display what each user is a Member of?
ReplyDeleteTurn on Advanced in the View menu.
DeleteThanks! I do have the Advanced Features checked... but in the available list of Add/Remove Columns, Member Of is not listed.
Delete