Searching Groups based on Group Scope

Posted: August 20, 2012 in Active Directory
Tags:

As far as i know ADfind.exe is one of the best tool which is used to pull object details from AD database. In this tool we can use any LDAP query that you can think of.

So here I’m going to use the same tool to pull this group details based on group scope ie. Universal Distribution Group, Universal Security Group, Security Distribution Group, Security Security Group, DomainLocal Distribution Group & DomainLocal Security Group

Before we start we should know the grouptype attribue & samaccounttype attribute of these group scope.

1) Adfind -f objectcategory=group :- List groups in present domain

2) Adfind -bit -f “(&(objectcategory=group)(samaccounttype=268435457)(grouptype:=AND=8))”  :- List all the universal distribution groups.

3) Adfind  -bit –f  “(&(objectcategory=group)(grouptype:AND= -2147483640))”  :- List all the universal security  groups

4) Adfind  -bit –f “(&(objectcategory=group)(grouptype:OR:=8))”  :- List all the universal  security  & distribution groups

5) adfind -bit -f “(&(objectcategory=group)(samaccounttype=268435457)(grouptype:=2) :- List all the global distribution groups

6) adfind -bit -f “(&(objectcategory=group)(grouptype:AND:=2147483646))” :- List all the global security group.

7) adfind -bit -f “(&(objectcategory=group)(grouptype:OR:=2))” :- List all the global security & distribution groups

8) adfind -bit -f “(&(objectcategory=group)(!member=*))” name :- list the empty groups in domain.

Enjoy!!!

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s