# samba-tool group listmembers my_group --hide-expired
does not list contacts (or other group member objects without the accountExpires attribute).
Have patch, need bug number.
There is another bug here as well, the search doesn't list members of nested groups either.
sudo samba-tool group listmembers 'domain admins'
But using what I believe to be the correct search filter:
sudo ldbsearch -H /var/lib/samba/private/sam.ldb -b 'dc=samdom,dc=example,dc=com' -s sub '(memberOf:1.2.840.1135220.127.116.111:=CN=Domain Admins,CN=Users,DC=samdom,DC=example,DC=com)' sAMAccountName | grep 'sAMAccountName' | sed 's/sAMAccountName: //'
It clearly shows that I am a member of Domain Admins via the Unix Admins group.
Shall I wait until you fix your bug and then file another bug, or do you want to fix it at the same time as you fix yours ?
(In reply to Rowland Penny from comment #1)
Hi Rowland, I would like to fix these different issues separately.
I've created a merge request:
This bug was referenced in samba master:
Created attachment 16597 [details]
fix for 4.14, cherry-picked from master
Closing as it is fixed.