Not getting all the groups when searching by OU in Active Directory

Question

I am trying to fetch all the group names within the Active Directory. The group should be filtered by OU name. There is also an option to get all groups without any OU filtration. Fetching all groups is giving more than 20 groups. But when I'm trying to get the groups by OU name, few of the groups are showing(6 groups) from different OU.

I have tried DirectorySearcher with filter but failed to get all groups.

DirectoryEntry root = null;
                if (ou == "")
                {
                    // This is giving all groups
                    root = new DirectoryEntry("LDAP://RootDSE");
                    root = new DirectoryEntry("LDAP://" + root.Properties["defaultNamingContext"][0]);
                }
                else
                {
                    // When passed 1 by 1 OU name, few of the groups are showing
                    string cName = getExactDomainName(domain);
                    root = new DirectoryEntry("LDAP://OU=" + ou + "," + cName);
                }

Need the search filter query to give all the groups by OU name.

EDIT: 1. I am fetching all the OUs in a certain domain and showing them in a checklist box. 2. User can check one or multiple groups from the checklist box. Depending on the groups checked and OU selected (in the 1st step) the users will be shown. The filter looks like:

var search = new DirectorySearcher(new DirectoryEntry())
{
    search.Filter = "(&(objectCategory=user)(memberOf=cn=" + groupName + ",ou=" + OUName + ",dc=dev,dc=local))";
};

Now the problem is, when No OU is selected in the 1st step, 20 groups are appearing. But, when OU is selected 1 by 1, the total numbers of groups are not 20. I think, I'm messing with the filter query. I just need an option where user will select OU, then all the groups will be shown to the user. User now will check groups and all the users under that group(s) and OU will be fetched.

Answer 1

If I understand you correctly, the issue is that if you search for all groups on the domain, you get one number. If you search for groups in each OU separately, you get a smaller number.

The reason is likely that not all groups are in an OU. You either:

1. Have groups at the root of the domain (e.g. CN=Group1,dc=dev,dc=local), or
2. Have groups in containers (objectClass=container), which are like OUs, but not. Really, the only difference between OUs and containers is that OUs can have group policies applied to them and containers cannot. When you collect all the names of the OUs, if you are genuinely looking for only OUs (objectClass=organizationalUnit), then you'll miss containers and the groups within. A new domain comes with several default containers, like Users, Computers, System, etc.