=?Utf-8?B?SHV3?= <Huw@discussions.microsoft.com> wrote in
news:A7C0D967-68C6-4EEA-9AD0-D1FACF2C784C@microsoft.com:

> Hi,
>
> I want to know how to script listing of users in the "Domain Users"
> group from AD.
>
> I've tried binding to the object and asking for the "members" entry
> returning a IADsMembers collection.
>
> This function returns, but there's nothing in the collection. I guess
> it's because it's a special "all" group...but there must be a way to
> list them...
>
> I tried the WinNT provider, but I need to get the objectGUID of each
> user and the guid returned from the WinNT provider is different to the
> objectGUID returned using the AD provider.
>
> Any ideas how to list all Domain Users using LDAP against AD so I can
> get their object guids?
>
> Thanks,
> Huw
>
>

The problem is that a users 'Primary Group' is not stored in the group's
'member' attribute, but in the 'primaryGroupID' attribute on the user
object. primaryGroupID stores the RID of the group, so you need to
determine the RID of Domain Users (513, it is a well known SID) and then
query for users who have that value:

(&(objectCategory=Person)(objectClass=User)(primar yGroupID=513))

HTH,

Wayne Tilton