How to return all users within nested groups?

0
votes

I'm attempting to return all users contained in a top level AD group. Let's assume the following:

App_Role (top level AD group)

This group contains both users, and other nested AD groups: Joe | Bob | Role1 | Role2

The nested AD group Role1 contains users: Jim | Tim

The nested AD Group Role2 contains users: Jon | Ron

Is there a way to return all users from the top level group App_Role, while also searching through the nested groups? Ultimately, the search filter should return: Joe | Bob | Jim | Tim | Jon | Ron

I've tried playing with 

(&(objectClass=Group)(|(cn=*)
(memberOf:1.2.840.113556.1.4.1941:.....)

but can't seem to return all users within the nested groups.

1
ldapldap-query
You may add flag 'Active Directory' as in LDAPv3 compliant Directory Services this would work on server side but the client has to perform it itself.Bernhard Thalmayr

1 Answers

0
votes

This filter will return all the users in the nested groups:

(memberOf:1.2.840.113556.1.4.1941:=CN=App_Role,OU=Groups,DC=YOURDOMAIN,DC=NET)

You must use the Fully Distinguished Name of the group.

Remember, that these LDAP_MATCHING_RULE_IN_CHAIN type searches may fail if there are too many nested groups of the search for some other reason takes a long time to perform.