dsget - query users *NOT* part of a group
-
Monday, December 03, 2012 9:13 PM
Hi all,
Is it possible to query a distribution group, to display users *NOT* part of that group? Basically I need to work out which users are missing from a particular group. I can use dsget to obtain a list of members in part of a group but I need to do the reverse; "tell me who are missing from groupA". Is this possible?
Thanks,
Christian
All Replies
-
Monday, December 03, 2012 11:47 PM
You can retrieve the DN of all users in the domain that are not direct members of a specified group using dsquery. For example (this is one line):
dsquery * -filter "(&(objectCategory=person)(objectClass=user)(!(memberOf=TestGroup,ou=West,dc=MyDomain,dc=com))) -limit 0 > NotInGroup.txt
-----
You must specify the full Distinguished Name of the group in the (memberOf=xxx) clause. In this case I redirected the output to a text file, NotInGroup.txt. However, since the "Primary" group of a user is never included in the memberOf attribute of the user, this will not work if the specified group is the "primary" for any users. This limitation should only apply to the group "Domain Users", which by default is "primary" for all users. There are other ways to handle this if the group is "primary" for anyone.
Richard Mueller - MVP Directory Services
- Proposed As Answer by i.biswajith Tuesday, December 04, 2012 3:46 AM
- Marked As Answer by Cicely FengMicrosoft Contingent Staff, Moderator Tuesday, December 04, 2012 6:33 AM
.png)
