开发者

Active Directory - Query Group for all machines

I'm trying to obtain a list of all Machines that are members of a known group. I have the group GUID and am constructing a query using the "memberof=" format and filtering by ObjectClass.

This works fine but doesn't return machines if the PrimaryGroup attribute of a machine is set to be the known group. In this case, that machine won't be returned.

I've found the explanation of why this is in the following link (See Joe Kaplan's response) http://www.eggheadcafe.com/software/aspnet/29773581/active-directory-query-c.aspx

Unfortunately the outlined answer is how to obtain the list of groups from a given 开发者_开发技巧user. I'd like to do the reverse and from a given group obtain the list of machines.

It seems that the PrimaryGroup information is stored on the Machine/User side so I'm not sure if what I want to do is even possible.

I had thought I would be able to query the TokenGroup attribute of the known group and then construct a query to return all machines that have the TokenGroup attribute set but it seems that not all groups have this attribute.

Does anyone have any ideas or suggestions? If any clarification is needed let me know!

Much appreciated,

Ben


Solution is to issue the following query:

(|(&(objectclass=computer)(memberof=))(&(objectclass=computer)(primarygroupid={1})))

The first part ensures that computers belonging to the group with the given guid are returned. The second part ensures that computers that have the primarygroupid set to the given primarygrouptoken (taken from the known group) are returned.

This query returns all computers for the group!

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜