Let me start with a basic layout of our Active Directory:
DC=com
DC=example
OU=Groups
CN=MaxGroups
CN=MaxAdmins
CN=MaxSupers
CN=MaxTechs
...
OU=ServiceAccounts
CN=maxadmin
CN=maxreg
CN=mxintadm
...
OU=Users
CN=userA
CN=userB
...
The way we have it configured is that the MaxAdmins group, MaxSupers group, and MaxTechs group are all members of the MaxGroups group (we HAD to do it this way to meet certain company guidelines). We have 3 services accounts (maxadmin, maxreg, and mxintadm) as well as a bunch of users that are members of one of those three groups (MaxAdmins, MaxSupers, and MaxTechs). What I needed to develop was two queries. One to get the groups (that was easy) and one to get all the users that are members of one of those groups.
Now I know that I could do a User query like:
(&
(objectcategory=user)
(|
(memberOf=CN=MaxAdmins,...)
(memberOf=CN=MaxSuper,...)
(memberOf=CN=MaxTech,...)
)
)
However, in the future, we may be adding more groups and I don't want to have to keep updating the User query with more "OR"'d groups. I'd like to do it like this "pseudocode" below:
Users that are members of a group that is a member of MaxGroups.
Essentially I want a query that would find all groups that are part of MaxGroups and then a list of any user that is a member of any of those groups. Is this possible? Everything I've come across in a ton of Google search for "nested memberOf" is about trying to generate a list of all groups that a user is a member of, NOT a list of users that are members of a member of a group!
Any and all help would be greatly appreciated!
Thanks!
