Saved Queries in Active Directory Users and Computers (ADUC) allow you to create simple or advanced LDAP queries against the Active Directory that can be saved, reused and edited. Examples might be a query displaying all locked out users in the domain or all the users who have a mailbox on a particular Exchange server and have the word "Manager" in their title.
A client I worked with needed a query that displayed all the members of a certain (large) group. This would allow him to select all the users at once and move their mailboxes to another server.
Try as he might, he couldn't get the query to display the group's members. It turns out this is because the group name must be entered using its distiguished name. Here's how to do it:
- Use ADSIEdit.msc (in the Windows Support Tools) and navigate to the group
- View the properties of the group to reveal the distinguishedName attribute value and copy it to the clipboard (shown above)
- Open ADUC, right-click Saved Queries and select New query
- Enter a name for your query, "Accounting Group Members"
- Click the Define Query button
- Select Users, Contacts, and Groups from the Find: dropdown list
- Click the Advanced tab
- Click Field User Member of
- With the condition of "is (exactly)", paste the group's distinguishedName into the Value field and click Add
- Click OK twice to complete the query
Posts
.png)
2 comments:
Nice... great trick...
dont event have to use many commnad
good post bro...
Great post, I had had this problem before and never thought to resolve it like this. Big help.
Daron
Post a Comment
Thank you for your comment! It is my hope that you find the information here useful. Let others know if this post helped you out, or if you have a comment or further information.