Directory Services

Querying for Groups in a Domain

Groups can be placed in any container or organizational unit in a domain as well as the root of the domain. Groups may not always be in one container. Therefore, it is necessary to search the entire domain to find all groups in the domain.

To search for all groups in a domain, set the search start point to the root of the domain, set the search scope to subtree and search for all objects that have an objectClass value of "group".

If groups that contain particular ADS_GROUP_TYPE_ENUM values must be found, the LDAP_MATCHING_RULE_BIT_AND matching rule OID can be used to search for groups that have particular bits set in the groupType attribute. For more information about using matching rules, see How to Specify Comparison Values.

For more information and a code example that shows how to search for groups in a domain, see Example Code for Searching for Groups in a Domain.