That's going to be tough. That's not indexed nor in the GC by default which may make it a little tougher/slower.
However, because you need to know that the users with that attribute equal to "S" are in fact properly in a particular group, I don't think you meet your criteria if you instead use the group as the authoritative source of information. You pretty much have to iterate each user and if they have that attribute set to "S" then check their group memberships and report if a member of the particular group. Otherwise, you could get a situation where a person should be a member of the group and somehow was missed. If the reverse is true, i.e. the user is a member and shouldn't be, you'd be looking at some other authoritative source for that information anyway. Because of that last bit, you could start with a list of those that are supposed to be in that group and then look each of them up to validate the attribute value and the group membership. Again, you run the risk of having the wrong people in the group though. Al -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Creamer, Mark Sent: Tuesday, October 26, 2004 1:08 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] script logic question I need to make sure all users where the value of attribute employeeType is "S" are members of a given group. Right now I only want to report on it, not actually change the group membership. Logically, what is the most efficient way to achieve this? 1. do I place the membership of the group into an array and then loop through all the users to see if they are in the array 2. do I loop through all the users and check each one's memberOf for the existence of the group? I think option 1 seems better than 2, but I'm willing to bet someone has a much better idea. Thanks! Mark List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
