cancel
Showing results for 
Search instead for 
Did you mean: 

Performing a query to find users in an AD security group

i was told in the ePO forum to post this question here so Im hoping I can have some success here. Here I go -

So to put this simply, I want to run an LDAP query to see the users within the AD security group. The query is using the LDAP location filter. I found that I can use the distinguishedName and can only go as far as one OU but will not search any nested OU or the CanonicalName of the security group in question.

Example: OU=Support,DC=helpmeh,DC=com (Works)

Example: CN=LazyAdmins,OU=Elite,OU=Support,DC=helpmeh,DC=com (Doesnt work)

I know there is a query limitation with LDAP that allows only 1000 objects to be searched. If more are needed then you need to increase the page file. However, im trying to avoid that.

Has anyone encountered this? I opened a ticket with support but was told this needs to go to PS as its custom. Just hoping someone has seen this and could clear things up for me.

3 Replies
Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 2 of 4

Re: Performing a query to find users in an AD security group

Hello,

It depends on the required result but you need to verify if you use the Global catalog and the LDAP connection account has permissions. That article could be helpful:

https://kc.mcafee.com/corporate/index?page=content&id=KB76329

Does your query have something to do with the Encryption Users?

In case above information was useful or answered your question, please select "Accept as Solution" in my reply, or give a Kudo. Thanks!
Nino
Highlighted

Re: Performing a query to find users in an AD security group

Hey there,

Saw this article and the group we have is a Universal security group. Specifically I'm trying to use ePO to query a specific security group for DLP but figured this might be the ideal place to ask.

Thank you.

 

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 4

Re: Performing a query to find users in an AD security group

Hi @JTorrico ,

If you are looking on how to add the end user groups for DLP rules then you can do add end user groups available in AD,

end user groups.PNG

 

Kindly let us know if you have more questions in here.

 

Thank you.

Regards,
Jithendran S
McAfee Employee
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community