jspωiki
Domain Users

Overview#

Domain Users usually refers to AD DOMAIN users.

Domain Users Group-AD#

Domain Users Group-AD is defined by a Well-known Security Identifier
  • SID S-1-5-21domain-513 (RID 513)
  • Name: Domain Users
Description: A Global Group Security Group that, by default, includes all user accounts in a domain. When you create a user account in a domain, it is added to this group by default.

Most methods do not reveal membership in the "primary" group. For most users, the "primary" group would be "Domain Users". Specifically, the memberOf attribute of user objects, and the member attribute of group objects, never reveals "primary" group membership. In most domains, the member attribute of the "Domain Users" group is empty, and it is safe to assume that all users belong to this group.

Domain Users LDAP Query Examples for all users that have "Domain Users" designated as their "primary", search for all users whose primaryGroupID attribute is 513 (by default). The primaryGroupID attribute of the group "Domain Users" is the same integer, 513. The LDAP syntax LDAP SearchFilter could be:

(primaryGroupID=513)

Or, to find all direct members of "Domain Users", plus all users that have this group designated as their "primary":

(|(memberOf=cn=Domain Users,cn=Users,dc=example,dc=com)(primaryGroupID=513))

To find all users that have some other group designated as their "primary", the filter could be:

(&(objectCategory=person)(objectClass=user)(!primaryGroupID=513))

More Information#

There might be more information for this subject on one of the following: