From 757b6410c7b8b1b0bc9864b611683cf09ae41f48 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Cl=C3=A9ment=20Notin?= <clement@notin.org>
Date: Tue, 8 Oct 2019 13:03:19 +0200
Subject: [PATCH] "DnsAdmins" group is under the "CN=Users" container by
 default (not at domain root)

---
 Healthcheck/HealthcheckAnalyzer.cs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Healthcheck/HealthcheckAnalyzer.cs b/Healthcheck/HealthcheckAnalyzer.cs
index f71168e..966ac5c 100644
--- a/Healthcheck/HealthcheckAnalyzer.cs
+++ b/Healthcheck/HealthcheckAnalyzer.cs
@@ -1159,7 +1159,7 @@ private void GeneratePrivilegedGroupData(ADDomainInfo domainInfo, ADWebService a
 					dnsAdminFound = true;
 				};
 			// we do a one level search just case the group is in the default position
-			adws.Enumerate(domainInfo.DefaultNamingContext, "(&(objectClass=group)(description=DNS Administrators Group))", properties, callback, "OneLevel");
+			adws.Enumerate("CN=Users," + domainInfo.DefaultNamingContext, "(&(objectClass=group)(description=DNS Administrators Group))", properties, callback, "OneLevel");
 			if (!dnsAdminFound)
 			{
 				// then full tree. This is an optimization for LDAP request