Discussion:
LDAP Query Empty Groups
(too old to reply)
RLGx
2007-03-29 16:08:05 UTC
Permalink
I'm trying to create a query on AD 2003 DC that lists any group that has no
members. I found this but it doesn't saeem valid:

(&(objCategory=group)(!memberof=*)")

Anyone have any suggestions?

Thanks.
Lee Flight
2007-03-29 16:37:19 UTC
Permalink
Hi,

maybe,

(&(objectCategory=group)(!(member=*)))

note that presence queries can lead to false positives due to access
controls.

Lee Flight
Post by RLGx
I'm trying to create a query on AD 2003 DC that lists any group that has no
(&(objCategory=group)(!memberof=*)")
Anyone have any suggestions?
Thanks.
Wayne Tilton
2007-03-29 17:51:36 UTC
Permalink
Post by RLGx
I'm trying to create a query on AD 2003 DC that lists any group that
(&(objCategory=group)(!memberof=*)")
Anyone have any suggestions?
Thanks.
You want member, not memberOf:

(&(objectCategory=Group)(!member=*))

HTH,

Wayne Tilton
RLGx
2007-03-29 21:34:02 UTC
Permalink
Thanks guys. I'm not having any luck, keep getting "not a valid query
string". Arrrrgh!
Post by Wayne Tilton
Post by RLGx
I'm trying to create a query on AD 2003 DC that lists any group that
(&(objCategory=group)(!memberof=*)")
Anyone have any suggestions?
Thanks.
(&(objectCategory=Group)(!member=*))
HTH,
Wayne Tilton
RLGx
2007-03-29 21:40:01 UTC
Permalink
Ooops - spoke too soon, got it to work. Weird. I had to delete the original
queries instead of modify, and then something kicked in right!

Thanks!
Post by RLGx
Thanks guys. I'm not having any luck, keep getting "not a valid query
string". Arrrrgh!
Post by Wayne Tilton
Post by RLGx
I'm trying to create a query on AD 2003 DC that lists any group that
(&(objCategory=group)(!memberof=*)")
Anyone have any suggestions?
Thanks.
(&(objectCategory=Group)(!member=*))
HTH,
Wayne Tilton
Wayne Tilton
2007-03-29 21:44:04 UTC
Permalink
Post by RLGx
Thanks guys. I'm not having any luck, keep getting "not a valid query
string". Arrrrgh!
Post by Wayne Tilton
Post by RLGx
I'm trying to create a query on AD 2003 DC that lists any group that
(&(objCategory=group)(!memberof=*)")
Anyone have any suggestions?
Thanks.
(&(objectCategory=Group)(!member=*))
HTH,
Wayne Tilton
You haven't told us what tool(s) you are using, so let us assume that you
are using Joe's most excellent adfind (www.joeware.net). In that case,
you could use this command to get the DNs of all groups without members:

adfind -default -f "(&(objectCategory=Group)(!member=*))" -dsq

Note that because the command line includes an & you have to include it
in quotes.

If you're using another command line tool, e.g. ldifde, csvde, the same
applies. If you're using the Find dialog in dsa.msc, do a 'Custom
Search' and enter the query, sans the quotes, into the Advanced tab.

HTH,

Wayne Tilton
nik nick
2010-09-24 15:28:05 UTC
Permalink
Active Directory Plus allows you to list groups dependent on any number of members, and then export the data to txt or excel file, or send it directly to your printer.

It can be downloaded from http://www.vision-it.org.
Post by RLGx
I'm trying to create a query on AD 2003 DC that lists any group that has no
(&(objCategory=group)(!memberof=*)")
Anyone have any suggestions?
Thanks.
Post by Lee Flight
Hi,
maybe,
(&(objectCategory=group)(!(member=*)))
note that presence queries can lead to false positives due to access
controls.
Lee Flight
Post by Wayne Tilton
(&(objectCategory=Group)(!member=*))
HTH,
Wayne Tilton
Thanks guys. I am not having any luck, keep getting "not a valid query
string". Arrrrgh!
Post by RLGx
Ooops - spoke too soon, got it to work. Weird. I had to delete the original
queries instead of modify, and then something kicked in right!
Thanks!
Post by Wayne Tilton
You haven't told us what tool(s) you are using, so let us assume that you
are using Joe's most excellent adfind (www.joeware.net). In that case,
adfind -default -f "(&(objectCategory=Group)(!member=*))" -dsq
Note that because the command line includes an & you have to include it
in quotes.
If you're using another command line tool, e.g. ldifde, csvde, the same
applies. If you're using the Find dialog in dsa.msc, do a 'Custom
Search' and enter the query, sans the quotes, into the Advanced tab.
HTH,
Wayne Tilton
Submitted via EggHeadCafe - Software Developer Portal of Choice
ObjectDumper LINQ To Export Collection Via .NET Reflection
http://www.eggheadcafe.com/tutorials/aspnet/21737599-5a63-4672-a32c-a36cca282a3f/objectdumper-linq-to-export-collection-via-net-reflection.aspx
Loading...