0 votes

Hello ,

I need to search * for user group membership. Users are divided into three groups in this example. xyz.abc, xls.abc, and cts.abc are the names of the groups. I'd like to find group members using a search like this *.abc

Thank you

by (40 points)

1 Answer

0 votes
by (284k points)

Hello,

Unfortunately, there is no possibility to perform such a search. The limitation comes from AD and LDAP. It is not related to Adaxes. However, you can create a report that will require entering just a part of group name and output members of all the groups matching the specified criteria. For information on how to create reports in Adaxes, have a look at the following tutorial: https://www.adaxes.com/tutorials_ActiveDirectoryManagement_CreateReport.htm.

0

Hello,

Thank you for your quick response. Can you show an example query such as containing part of the group name?

Thank you

0

Hello,

The LDAP filter for finding groups with name property ending in abc, the following LDAP filter should be used in your script:

(&(objectCategory=group)(name=*abc))

For more details on creating LDAP filters, have a look at the following Microsoft article: https://social.technet.microsoft.com/wiki/contents/articles/5392.active-directory-ldap-syntax-filters.aspx.

0

Thank you for response. I found the groups. However, I actually need to get members from groups containing group name abc.

0

Hello,

As we mentioned above, it is not possible to perform such a search directly due to AD and LDAP limitations. Such a thing can only be done using a script. For example, you can create a report with an input parameter for group name part and selection for the search scope. The report will output all members of the groups that match the pattern. If you have issues creating the report, please, confirm that the described approach meets your need and we will provide you with detailed instructions. If that is not what you need, please, describe the desired behaviour in all the possible details with live examples.

0

Hello,

Yes, you are right. For example: I want to get members of groups with *abc in the group name.

0

Hello,

Should the report have an option to select the location to search for groups or it should always output members of all the existing groups that match the specified pattern?

0

Hello,

Always extract members of all existing groups that match the specified pattern.

0

Hello,

Thank you for the confirmation. Here is the script you need to use for the report. In the script, the $namingParameter variable specifies the name of the parameter used to specify the ending of group names for search. The parameter name should be specified with the param- prefix.

$namingParameter = "param-groupNamePattern" # TODO: modify me

# Get parameter value
$groupNameEnd = $Context.GetParameterValue($namingParameter)

$Context.DirectorySearcher.AppendFilter("(&(objectCategory=group)(name=*$groupNameEnd))")
$Context.DirectorySearcher.VirtualRoot = $True

try
{
   # Execute search
   $searchResultIterator = $Context.DirectorySearcher.ExecuteSearch()
   $searchResults = $searchResultIterator.FetchAll()   
}
finally
{
   # Release resources
   if ($searchResultIterator) { $searchResultIterator.Dispose() }
}

if ($searchResults.Length -eq 0)
{
    return
}

# Get GUIDs of group members
$memberGuidsBytes = New-Object System.Collections.ArrayList
foreach ($searchResult in $searchResults)
{
   $group = $Context.BindToObjectBySearchResult($searchResult)
   try
   {
       $groupMemberGuidsBytes = $group.GetEx("adm-DirectMembersGuid")
   }
   catch
   {
       continue
   }
   $memberGuidsBytes.AddRange($groupMemberGuidsBytes)
}   

# Generate report
$searcher = $Context.CreateGuidBasedSearcher($memberGuidsBytes)
$Context.Items.Add($searcher)
0

Hello,

Thank you for everything . I will try.

0

Hello, Sorry. Last quesiton. Can I do the search with this script in this way? *abc *

0

Hello,

Yes, to do that, replace this line in the script

$Context.DirectorySearcher.AppendFilter("(&(objectCategory=group)(name=*$groupNameEnd))")

with the following one:

$Context.DirectorySearcher.AppendFilter("(&(objectCategory=group)(name=*$groupNameEnd*))")
0

Hello,

I changed it according to the code you sent. And I changed param-prefix like param-abc. I got "[Exception calling "FetchAll" with "0" argument(s): "The search filter cannot be recognized. (Server: be.orpea.net)"] Unspecified error."

$namingParameter = "param-abc" # TODO: modify me

# Get parameter value
$groupNameEnd = $Context.GetParameterValue($namingParameter)

$Context.DirectorySearcher.AppendFilter("(&(objectCategory=group)(name=*$groupNameEnd*))")
$Context.DirectorySearcher.VirtualRoot = $True

try
{
   # Execute search
   $searchResultIterator = $Context.DirectorySearcher.ExecuteSearch()
   $searchResults = $searchResultIterator.FetchAll()   
}
finally
{
   # Release resources
   if ($searchResultIterator) { $searchResultIterator.Dispose() }
}
0

Hello,

The $namingParameter variable must contain the name of the parameter where you enter the value for search, not the value itself. The value should be passed to the parameter when generating the report.

0

Hello ,

Thank you . Yes, Actually I used like that as well. But , didnt get any result. for exmp.

$namingParameter = "param-groupname" # TODO: modify me image.png

0

Hello,

This is the correct approach. What exactly did you enter into the parameter for report generation?

0

For example. I want to find members of groups that contain COST name in group name. I wrote COST in the relevant field.

0

Hello,

Writing COST without wildcards (they are applied in the script) should work just fine. Are you sure that there are groups managed by Adaxes that have members and have the COST part in the Name property? You can find the groups using the below filter in LDAP search in Adaxes Administration console:

(&(objectCategory=group)(name=*COST*)

image.png

0

Hello,

I can find it when I search with CN on Ldap search.

(&(objectCategory=group)(cn=CONST))

0

Hello,

Thank you for the provided details. To achieve the desired, replace this line in the script

$Context.DirectorySearcher.AppendFilter("(&(objectCategory=group)(name=*$groupNameEnd))")

with the following one:

$Context.DirectorySearcher.AppendFilter("(&(objectCategory=group)(cn=*$groupNameEnd*))")
0

Hello,

Yes . it's working now. Thank you for your patience and support.

Kind Regards.

0

Hello,

If you don't mind, I would like to ask a short question. How to add user group name column for report

For exmp report

Search: CONST Name Email Group Alex alex@test.com XXX_CONST_WR

0

Hello,

It can only be done using a custom column and modifying the script. The column can only be second or further as the Name column always comes first in report. Also, report columns are single-line. As such if a user is a member of multiple groups matching the pattern, they can only be specified in the column as a single line with a separator (e.g. comma).

As another option, items can be added to the report as many time as many groups matching the pattern there are members of and then grouped by the corresponding column. You can see the approach in a built-in report, Members of groups. By default, the report is located in container Reports\All Reports\Groups\Membership.

Related questions

0 votes
1 answer

Is it possible using PowerShell to copy group memberships from an already existing user without copying 2 specific groups named for example test and test 1 ? We are currently ... groups are not included. I can share the PowerShell script if needed. KR, Cas

asked Oct 30, 2023 by Cas (150 points)
0 votes
1 answer

Hello, is it possible to update a user attribute (extensionAttribute5) with the name of the group (Name), the user was just added to? Example: In Group A gets a new ... A should be written in the attribute extensionAttribute5 of User A. Can you please help me?

asked Jun 27, 2023 by lohnag (160 points)
0 votes
1 answer

Our Help Desk currently 'mirrors' the group membership of a new user based on another existing user in our AD. I'd like to be able to automate this so that the initiator ... and 'paste' it on the new user being created. Any help on this would be appreciated!

asked Apr 21, 2020 by RayBilyk (240 points)
0 votes
1 answer

Hello, I've done some digging in the script repo and have not found an exact answer to my question so I figured I'd post here. When it comes to ... ask if with the recent upgrade there is any different capabilities regarding this functionality? Thanks!

asked Sep 7, 2018 by AdaxesUser1985 (140 points)
0 votes
1 answer

Hello Back when we first started using Adaxes you created a couple of great scripts which worked together really well, the first one copied one users group membership and put in ... an addition to what groups the second user is already a member of? Thank you.

asked Aug 4, 2015 by CBurn (700 points)
3,504 questions
3,196 answers
8,148 comments
547,418 users