I need to search * for user group membership. Users are divided into three groups in this example. xyz.abc, xls.abc, and cts.abc are the names of the groups. I'd like to find group members using a search like this *.abc

Unfortunately, there is no possibility to perform such a search. The limitation comes from AD and LDAP. It is not related to Adaxes. However, you can create a report that will require entering just a part of group name and output members of all the groups matching the specified criteria. For information on how to create reports in Adaxes, have a look at the following tutorial: https://www.adaxes.com/tutorials_ActiveDirectoryManagement_CreateReport.htm.



Thank you for your quick response. Can you show an example query such as containing part of the group name?

Thank you



The LDAP filter for finding groups with name property ending in abc, the following LDAP filter should be used in your script:


For more details on creating LDAP filters, have a look at the following Microsoft article: https://social.technet.microsoft.com/wiki/contents/articles/5392.active-directory-ldap-syntax-filters.aspx.


Thank you for response. I found the groups. However, I actually need to get members from groups containing group name abc.



As we mentioned above, it is not possible to perform such a search directly due to AD and LDAP limitations. Such a thing can only be done using a script. For example, you can create a report with an input parameter for group name part and selection for the search scope. The report will output all members of the groups that match the pattern. If you have issues creating the report, please, confirm that the described approach meets your need and we will provide you with detailed instructions. If that is not what you need, please, describe the desired behaviour in all the possible details with live examples.



Yes, you are right. For example: I want to get members of groups with *abc in the group name.



Should the report have an option to select the location to search for groups or it should always output members of all the existing groups that match the specified pattern?



Always extract members of all existing groups that match the specified pattern.



Thank you for the confirmation. Here is the script you need to use for the report. In the script, the $namingParameter variable specifies the name of the parameter used to specify the ending of group names for search. The parameter name should be specified with the param- prefix.

$namingParameter = "param-groupNamePattern" # TODO: modify me

# Get parameter value
$groupNameEnd = $Context.GetParameterValue($namingParameter)

$Context.DirectorySearcher.VirtualRoot = $True

   # Execute search
   $searchResultIterator = $Context.DirectorySearcher.ExecuteSearch()
   $searchResults = $searchResultIterator.FetchAll()   
   # Release resources
   if ($searchResultIterator) { $searchResultIterator.Dispose() }

if ($searchResults.Length -eq 0)

# Get GUIDs of group members
$memberGuidsBytes = New-Object System.Collections.ArrayList
foreach ($searchResult in $searchResults)
   $group = $Context.BindToObjectBySearchResult($searchResult)
       $groupMemberGuidsBytes = $group.GetEx("adm-DirectMembersGuid")

# Generate report
$searcher = $Context.CreateGuidBasedSearcher($memberGuidsBytes)


Thank you for everything . I will try.


Hello, Sorry. Last quesiton. Can I do the search with this script in this way? *abc *



Yes, to do that, replace this line in the script


with the following one:



I changed it according to the code you sent. And I changed param-prefix like param-abc. I got "[Exception calling "FetchAll" with "0" argument(s): "The search filter cannot be recognized. (Server: be.orpea.net)"] Unspecified error."

$namingParameter = "param-abc" # TODO: modify me

# Get parameter value
$groupNameEnd = $Context.GetParameterValue($namingParameter)

$Context.DirectorySearcher.VirtualRoot = $True

   # Execute search
   $searchResultIterator = $Context.DirectorySearcher.ExecuteSearch()
   $searchResults = $searchResultIterator.FetchAll()   
   # Release resources
   if ($searchResultIterator) { $searchResultIterator.Dispose() }


The $namingParameter variable must contain the name of the parameter where you enter the value for search, not the value itself. The value should be passed to the parameter when generating the report.


Thank you . Yes, Actually I used like that as well. But , didnt get any result. for exmp.

$namingParameter = "param-groupname" # TODO: modify me image.png



This is the correct approach. What exactly did you enter into the parameter for report generation?


For example. I want to find members of groups that contain COST name in group name. I wrote COST in the relevant field.



Writing COST without wildcards (they are applied in the script) should work just fine. Are you sure that there are groups managed by Adaxes that have members and have the COST part in the Name property? You can find the groups using the below filter in LDAP search in Adaxes Administration console:





I can find it when I search with CN on Ldap search.




Thank you for the provided details. To achieve the desired, replace this line in the script


with the following one:



Yes . it's working now. Thank you for your patience and support.

Kind Regards.



If you don't mind, I would like to ask a short question. How to add user group name column for report

For exmp report

Search: CONST Name Email Group Alex alex@test.com XXX_CONST_WR



It can only be done using a custom column and modifying the script. The column can only be second or further as the Name column always comes first in report. Also, report columns are single-line. As such if a user is a member of multiple groups matching the pattern, they can only be specified in the column as a single line with a separator (e.g. comma).

As another option, items can be added to the report as many time as many groups matching the pattern there are members of and then grouped by the corresponding column. You can see the approach in a built-in report, Members of groups. By default, the report is located in container Reports\All Reports\Groups\Membership.

