memberOf property only showing groups in the same domain even if it has cross-domain memberships

Question

I am trying to figure out how to query AD for a group and get its memberOf attribute to show all the members, even cross-domain ones.

I will give an example:

I have two domains:
- one.company.com
- two.company.com
I have three groups:
- one\group1
- one\group2
- two\group3
one\group1 is a member of one\group2 and two\group3

I am trying to write a query to find all memberOf for one\group1.

No matter what query I try, the memberOf attribute only returns one\group2.

<GC://DC=company,DC=com>;(&(objectCategory=group)(objectClass=group)(distinguishedName=CN=group1,OU=....,DC=one,DC=company,DC=com));name,memberOf;subtree
<GC://DC=one,DC=company,DC=com>;(&(objectCategory=group)(objectClass=group)(distinguishedName=CN=group1,OU=....,DC=one,DC=company,DC=com));name,memberOf;subtree
<LDAP://DC=company,DC=com>;(&(objectCategory=group)(objectClass=group)(distinguishedName=CN=group1,OU=....,DC=one,DC=company,DC=com));name,memberOf;subtree
<LDAP://DC=one,DC=company,DC=com>;(&(objectCategory=group)(objectClass=group)(distinguishedName=CN=group1,OU=....,DC=one,DC=company,DC=com));name,memberOf;subtree

I am trying to do it this way because ultimately there are multiple groups I want to get memberOf for so if I can get this to work then I can just put them all in (|...) in the search filter and only make one call.

Take a look at this answer: https://stackoverflow.com/questions/39574449/active-directory-cross-domains/39583452#39583452 — oldovets, Jan 08 '18 at 23:07

memberOf property only showing groups in the same domain even if it has cross-domain memberships

0 Answers0