LDAP Queries for Group Scope


Suppose you want to view all Global Groups in your domain? How would you do this? LDAP Queries! LDAP queries for group scope are a little weird… however here is the commands you need:

All Security Groups with a type of Global
(&(objectCategory=group)(groupType:1.2.840.113556.1.4.803:=2147483650))

All Security Groups with a type of Domain Local
(&(objectCategory=group)(groupType:1.2.840.113556.1.4.803:=2147483652))

All Security Groups with a type of Universal
(&(objectCategory=group)(groupType:1.2.840.113556.1.4.803:=2147483656))

All Distribution Groups with a type of Global:
(&(objectCategory=group)(groupType:1.2.840.113556.1.4.803:=2)(!(groupType:1.2.840.113556.1.4.803:=2147483648)))

All Distribution Groups with type of Domain Local:
(&(objectCategory=group)(groupType:1.2.840.113556.1.4.803:=4)(!(groupType:1.2.840.113556.1.4.803:=2147483648)))

All Distribution Groups with type of Universal:
(&(objectCategory=group)(groupType:1.2.840.113556.1.4.803:=8)(!(groupType:1.2.840.113556.1.4.803:=2147483648)))

How do you use them? AD Users and computers under queries.

Click Define Query:

Choose Custom Search from the drop down box:

Click the advanced tab then enter your query:

You can also run these queries through dsquery.

All Security Groups with a type of Global:
dsquery * dc=domain,dc=local -filter “(&(objectCategory=group)(groupType:1.2.840.113556.1.4.803:=2147483650))” -limit 0

All Security Groups with a type of Domain Local:
dsquery * dc=domain,dc=local -filter “(&(objectCategory=group)(groupType:1.2.840.113556.1.4.803:=2147483652))” -limit 0

All Security Groups with a type of Universal:
dsquery * dc=domain,dc=local -filter “(&(objectCategory=group)(groupType:1.2.840.113556.1.4.803:=2147483656))” -limit 0

All Distribution Groups with type of Global:
dsquery * dc=domain,dc=local -filter “(&(objectCategory=group)(groupType:1.2.840.113556.1.4.803:=2)(!(groupType:1.2.840.113556.1.4.803:=2147483648)))” -limit 0

All Distribution Groups with type of Domain Local:
dsquery * dc=domain,dc=local -filter “(&(objectCategory=group)(groupType:1.2.840.113556.1.4.803:=4)(!(groupType:1.2.840.113556.1.4.803:=2147483648)))” -limit 0

All Distribution Groups with type of Universal:
dsquery * dc=domain,dc=local -filter “(&(objectCategory=group)(groupType:1.2.840.113556.1.4.803:=8)(!(groupType:1.2.840.113556.1.4.803:=2147483648)))” -limit 0

Here are the values used to calculate these queries:

Global = +2
Domain Local = +4
Universal = +8
Security Group = +2147483648
Distribution Group = 0

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: