8 Replies Latest reply on May 27, 2009 12:41 PM by rjordan

    Query for AD Groups

    rjordan Rookie

      I have done a search on how to do what I am about to ask, but have not found anything that seems to work.  If the answer is out there, my apologies.


      I have created an AD group (for instance) called Visio 2007 and have placed some users into this group.  I want to query against the group for all users in this group and have it show the results listing those users.  I cannot seem to find how to perform this task and I have tried several different options to get to the information I am looking for.


      Has anyone been able to do this?

        • 1. Re: Query for AD Groups

          I would take a look at the 3rd party add-in on droppedpackets.org. It is not supported by LANDesk but I beleive it will assist you to accomplish your goal.



          1 of 1 people found this helpful
          • 2. Re: Query for AD Groups
            rjordan Rookie

            That is an interesting document to read and is appreciated, but it does not really help get the results I need.  Has anyone successfully implemented this (or similar) method to get the results I am also looking for?

            • 3. Re: Query for AD Groups

              Hi again. That document actually pulls in the AD users and groups into inventory so you could create your query. That is what several users have used to perform the query you mentioned in the original post. I wish you luck!

              • 4. Re: Query for AD Groups
                irishmn76 SupportEmployee

                What are you looking to do with the results?  There is a utility that comes with LANDesk on each client called ldapwhoami.exe.  It will resolve all AD groups for the currently logged in user, as well as all the groups the computer account would be in.  It can be turned on by a registry key either via the LANDesk agent deployment or via a package or custom patch that changes the registry.  The registry key is HKLM\SOFTWARE\LANDesk\ManagementSuite\WinClient\DisableLdapGroupEnumeration.  If you set that equal to 0 you'll then see this work.  LDAPwhoami.exe gets called everytime the policy.sync.exe runs as well as everytime the inventory scanner runs.  When the inventory scanner runs it will look at the primary owner for the machine and gather that person's info.  Otherwise when the policy.sync.exe runs it uses the currently logged in user.  So if I understand the whole picture you are trying to paint, you create a group in AD called Visio 2007, add users to that group then schedule a policy in LANDesk to distribute visio 2007 to the AD group you just created.  Then when that person logs on they will be able to go and install that software on demand via the software portal, or it will automatically install when they log on depending on how you setup the policy.  Is that right?

                • 5. Re: Query for AD Groups
                  rjordan Rookie

                  I went back and re-read the page that Corrie linked to and missed the small blurb at the end that referenced AD groups.  My apologies on that.  Denny, you are spot on with what I want to do.  We will look at what you suggest here and if it works, then hoo-rah!

                  • 6. Re: Query for AD Groups
                    rjordan Rookie

                    Denny, that did the trick.  That HAS be be in the documentation somewhere, so I feel silly now for asking.  Corrie, many thanks for your help as well!

                    • 7. Re: Query for AD Groups
                      irishmn76 SupportEmployee

                      Glad to hear that worked.  Sorry to say, but ldapwhoami is not in the documentation.  In fact the only reference I know of it is here: http://community.landesk.com/support/docs/DOC-5662  That's only because there is another way to query eDirectory users now too in 8.8 SP3.  Glad to hear you got it working.

                      • 8. Re: Query for AD Groups
                        rjordan Rookie

                        Then I don't feel so silly!  Thanks again!