I'm trying to do something that should be relatively simple.  I am trying to have a perl script interface with active directory and retrieve a list of all users in a specified group.  I know I could call a system command `net group` or lanman or something similar but I am trying to do it through the ADSI/LDAP interface.

I couldn't seem to find much documentation on the net about how add users to group through ADSI but I did manage to cobble together this script :

use strict;

use Win32::OLE 'in';

my $dc=<INSERT DOMAIN CONTROLLER HERE>;
my $group=<INSERT GROUP NAME TO BE CHECKED HERE>;

# GET ALL MEMBERS OF GROUP

my $ADsPath="$dc/cn=$group,cn=Users,dc=restricted,dc=hmce,dc=local";
my $adsobjs=Win32::OLE->GetObject("LDAP://".$ADsPath) or die "Unable t
+o get $ADsPath\n";
my (@users,$user);

foreach $user(in $adsobjs->{member}) {
    push(@users,lc($user));
}

foreach $user(sort @users) { print "$user\n"; }
[download]

It's a pretty simple script that should just just connect to a specified dc and retrieve all members, the thing is we are running in a multi DC environment (20-30 dc's) and the script seems to produce a different result for each dc I connect to.  Each time it only seems to produce a partial result, for example I connect to the central hub dc and it tells me there are 2 users in the specified group who's username begins with GT, when I connect using the admin tools there are 11 members beginning with GT!

Could anyone shed any light here at all?