Columbus Endpoint Management User Group

 View Only

  • 1.  How can I use Get User List to give me a list of users in a security group?

    Posted Aug 30, 2010 03:18 PM
    Sorry for all of the AD-related questions...

    I want to get a list of all users in a particular security group, but it appears I can only do this via the Get Users in Group component, which gives me an ADUserInfo array instead of an ADUserInfoSummary array -- I only need basic info about the user and Get Users in Group takes significantly longer than Get User List.

    For the sake of simplicity, lets say my security group is named "SecurityGroup" and it is located in Resources\SecurityGroups\ServerName\SecurityGroup.  Its AD distinguished name should be CN=SecurityGroup,OU=ServerName,OU=SecurityGroups,OU=Resources,DC=mydomain,DC=com

    Things I've tried:
    1. Container option Pick, Container type OU, value: Resources/SecurityGroups/ServerName/SecurityGroup   = Error
    2. Container option Pick, Container type OU, value: Resources/SecurityGroups/ServerName   = Not Found
    3. Container option Specify, Custom Container CN=SecurityGroup,OU=ServerName,OU=SecurityGroups,OU=Resources  = Not Found

    Logically that should work, right?  Am I missing something easy/stupid?


  • 2.  RE: How can I use Get User List to give me a list of users in a security group?
    Best Answer

    Posted Aug 30, 2010 10:13 PM
    In the Get User List component, first leave the Context tab with its default settings (Get Settings from the Default Properties, Pick, and Entire Domain).

    Then on the Input tab, choose "Set of Fields".  What you're specifying on this tab is one or more filter criteria.  So in your case, you want to filter by group membership.  But, notice how you don't see that listed as one of your available choices?  That's where the Additional Attributes field comes in handy.  There, you can specify any AD attribute (even custom ones) that you want to search on.

    I looked it up, and the name of the attribute you are looking for is "memberOf" (without quotes, of course, and not sure if it needs to be case-sensitive but I've typed it exactly as it should be).  It's looking for the DN of the group (I know this because I used ADSIEdit to see what an example value looks like).  So, you can pass it the group's DN there, as in the screenshot below.  This configuration worked correctly for me.  You could later get more details about a given user via Get User Details.

    Two sidenotes: (1) you could, of course, use additional filter criteria in addition to "memberOf"--just specify those as well, and if you want the search to use ALL of the criteria (not just ANY of them), uncheck "Match Any Criteria".  (2) If you can't or don't want to hard-code the group DN, then you can use a process variable of datatype CustomAttributeList.  Just set that (and change the value dynamically), e.g. using single or multiple value mapping components.Screenshot








  • 3.  RE: How can I use Get User List to give me a list of users in a security group?

    Posted Aug 31, 2010 08:28 AM
    I was pulling my hair out on this problem for the past few days and was at my wits end.  I tested this in my environment and it worked PERFECTLY.

    Thanks again!