Skip to the main content.

1 min read

Missing Group Memberships in AD??

I ran into something really interesting today that took some time to figure out.. Thought I should post in case anyone else is puzzled by the same scenario (and so that I can remember later).

I was running queries for group memberships and found inconsistencies between what I was seeing in ADUC and what my queries were pulling back. In ADUC, I could see user accounts in a group that did not show up in the query results or when I looked in ADSIEDIT.

I checked permissions, looked at the different attributes of the accounts, compared ldp outputs. I finally noticed that the primary group memberships were changed to the groups that I was querying and not ‘domain users’ which is the default. With the primary group designation, the account is not listed in the member attribute for the group nor is the group listed in the memberof attribute for the account.

There really aren’t any compelling reasons to update an account primary group designation, unless you want the account to have more restrictive rights than a regular domain user, like guest users. Otherwise, it is a bit confusing and requires applications to look at more than just the memberof or member attributes on users and groups to determine access.

Important 2024 Microsoft Licensing Updates

Important 2024 Microsoft Licensing Updates

There is some big news in the world of Microsoft licensing this month! In the summer of 2023, Microsoft modified the licensing for Microsoft 365,...

Transforming TCRG's Legacy Systems into a Secure Cloud Future with CloudServus

Transforming TCRG's Legacy Systems into a Secure Cloud Future with CloudServus

TCRG (The Consolidated Rehab Group), specializing in vocational rehabilitation for military personnel and veterans, partnered CloudServus, a leader...

The Power of Microsoft Copilot for Security: Insights from a Recent Whitepaper

The Power of Microsoft Copilot for Security: Insights from a Recent Whitepaper

At CloudServus, we continuously explore innovative solutions to enhance cybersecurity effectiveness and efficiency. Our team recently came across an ...