I'm trying to create a custom query in ADUaC to help me index administrators in my system. I've narrowed down security groups that I need to list the members of, but I'm misusing the 'memberOf' attribute in some way which breaks the query.
(objectClass=user)(objectCategory=user)(memberOf=*)
The above query works fine to return all users, but the when I change the wildcard to anything else (ex. (memberOf=*Administrators*)), the query returns no objects.
I have confirmed that there is a relevant Security Group for this query to get users from. I am aware that it does not work for Primary Groups or nested users, and I am simply trying to get it working on a basic level right now. Anyone know how to have the code return users that are a member of the security group?
Unfortunately, you cannot use the wildcard * character to filter distinguishedName attributes. The reason for this is the X.500 Standard.
http://www.ldapexplorer.com/en/manual/109010000-ldap-filter-syntax.htm
Perhaps Powershell can be handy. Something like this could do the trick:
#for just one group
get-adgroupmember -Recursive -Identity "domain admins"
#for a batch of groups
$adminsgroups = "Enterprise Admins","Domain admins"
foreach ($admingroup in $adminsgroups)
{
#with the recursive switch you get nested group members
get-adgroupmember -Recursive -Identity $admingroup
}