This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links
Domain Users
Domain Users

Version management

Difference between version and

At line 1 added 137 lines
!!! Overview
[{$pagename}] usually refers to [AD DOMAIN] users.
!! [{$pagename}] [Group-AD]
[{$pagename}] [Group-AD] is defined by a [Well-known Security Identifier]
* [SID] S-1-5-21domain-513 ([RID] 513)
* Name: [{$pagename}]
Description: A [Global Group] [Security Group] that, by default, includes all user accounts in a domain. When you create a user account in a domain, it is added to this group __by default__.
Most methods do not reveal membership in the "primary" group. For most users, the "primary" group would be "[{$pagename}]". Specifically, the [memberOf] attribute of user objects, and the member attribute of group objects, never reveals "primary" group membership. In most domains, the [member] [attribute] of the "[{$pagename}]" [group] is empty, and it is safe to assume that all users belong to this group.
[{$pagename}] [LDAP Query Examples|LDAP Query Examples for AD] for all users that have "[{$pagename}]" designated as their "primary", search for all users whose [primaryGroupID] attribute is 513 (__by default__). The primaryGroupID attribute of the group "Domain Users" is the same integer, 513. The [LDAP] syntax [LDAP SearchFilter] could be:
{{{(primaryGroupID=513)}}}
Or, to find all direct members of "[{$pagename}]", plus all users that have this group designated as their "primary":
{{{(|(memberOf=cn=Domain Users,cn=Users,dc=example,dc=com)(primaryGroupID=513))}}}
To find all users that have some other group designated as their "primary", the filter could be:
{{{(&(objectCategory=person)(objectClass=user)(!primaryGroupID=513))}}}
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
* [#1] - [Can't get all member objects from Domain Users in LDAP|https://social.technet.microsoft.com/Forums/windowsserver/en-US/373febac-665c-494d-91f7-834541c74bee/cant-get-all-member-objects-from-domain-users-in-ldap?forum=winserverDS&prof=required|target='_blank'] - based on information obtained 2012-06-05
* [#2] - [Active Directory: Finding all of a user’s groups|https://www.gabescode.com/active-directory/2018/06/08/finding-all-of-a-users-groups.html#the-primary-group|target='_blank'] - based on information obtained 2019-05-08
This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthorTop