LDAP memberOf returns no results

Question

I'm trying to create a custom query in ADUaC to help me index administrators in my system. I've narrowed down security groups that I need to list the members of, but I'm misusing the 'memberOf' attribute in some way which breaks the query.

(objectClass=user)(objectCategory=user)(memberOf=*)

The above query works fine to return all users, but the when I change the wildcard to anything else (ex. (memberOf=*Administrators*)), the query returns no objects.

I have confirmed that there is a relevant Security Group for this query to get users from. I am aware that it does not work for Primary Groups or nested users, and I am simply trying to get it working on a basic level right now. Anyone know how to have the code return users that are a member of the security group?

Answer 1

Unfortunately, you cannot use the wildcard * character to filter distinguishedName attributes. The reason for this is the X.500 Standard.

http://www.ldapexplorer.com/en/manual/109010000-ldap-filter-syntax.htm

Perhaps Powershell can be handy. Something like this could do the trick:

#for just one group
get-adgroupmember -Recursive -Identity "domain admins"

#for a batch of groups
$adminsgroups = "Enterprise Admins","Domain admins"
foreach ($admingroup in $adminsgroups)
{
     #with the recursive switch you get nested group members
     get-adgroupmember -Recursive -Identity $admingroup 
}