This project is read-only.

Unable to find active directory groups for user


I am unable to use Sushi to report AD groups for a user. The following error is generated.
Looking up Active Directory groups for user... Unable to find active directory groups for user: A referral was returned from the server.
0 Active Directory groups found.
I appreciate your efforts in resolving this issue.


jsidwell wrote Nov 11, 2008 at 2:58 PM

I have the same issue logged in as domain admin :(

wrote Dec 29, 2008 at 4:17 PM

wrote Jan 28, 2009 at 10:25 PM

wrote Mar 24, 2009 at 3:29 PM

fotw2 wrote Mar 24, 2009 at 3:31 PM

Can only echo what has been commented on before: same issue logged on as domain admin (with local admin and farm admin permissions too).

Great tool - when this gets resolved I will love it even more ;-)

wrote Jul 19, 2010 at 3:37 PM

RyannosaurusRex wrote Jul 19, 2010 at 3:40 PM

Do you still get this error when attempting to get group memberships when you are the administrator on the local machine and SharePoint administrator?

wrote Aug 19, 2010 at 8:55 PM

claudermilk wrote Aug 19, 2010 at 8:56 PM

This appears to still be an issue. I am running into this problem. Logged in as a domain admin account--the same one we use to perform AD maintenance so it has permission.

wrote Feb 2, 2011 at 7:19 PM

wrote Sep 6, 2011 at 9:39 PM

ljd144 wrote Sep 6, 2011 at 9:41 PM

Sushi is a great tool, but I'm encountering this issue as well. Was a resolution ever found? Thanks!

wrote Feb 22, 2013 at 12:14 AM

wrote Feb 27, 2014 at 10:40 AM

svandragt wrote Feb 27, 2014 at 10:41 AM

Impact of this issue is higher than low: you cannot use the Security Reports functionality accurately.

noral wrote Aug 28, 2015 at 9:41 PM

The fix is simple but requires the solution to be recompiled.

Change this line in the file ... Action->Administration->Security->ActionSecurity.cs
DirectoryEntry entry = new DirectoryEntry("LDAP://dc=" + domainName);
to (this may be different in your environment)
DirectoryEntry entry = new DirectoryEntry("LDAP://dc=" + domainName + ",dc=com");
I am using VS2010 so I had to target for .Net 3.5 then I recompiled



wrote Nov 28 at 6:39 AM