diff --git a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAO.java b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAO.java
index 15d6745c8d92e02772c906c5fe04a7d39e9358cd..f0a205a46c77ca5ebf4a39a0503b140dd8241952 100755
--- a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAO.java
+++ b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAO.java
@@ -709,6 +709,10 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO
         {
             for (DN groupDN : groupDNs)
             {
+                if (role == Role.ADMIN)
+                {
+                    groupDN = new DN(groupDN.getRDNString() + "," + config.getGroupsDN());
+                }
                 groups.add(getGroup(groupDN));
             }
         }
@@ -804,9 +808,19 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO
     protected Group getGroup(final DN groupDN)
         throws LDAPException, GroupNotFoundException
     {
+        Filter filter = Filter.createEqualityFilter("entrydn", 
+                                                    groupDN.toNormalizedString());
+        
+        SearchRequest searchRequest =  new SearchRequest(
+                    config.getGroupsDN(), SearchScope.SUB, filter, 
+                    new String[] {"cn", "description"});
+            
+        searchRequest.addControl(
+                    new ProxiedAuthorizationV2RequestControl("dn:" + 
+                            getSubjectDN().toNormalizedString()));
+            
         SearchResultEntry searchResult = 
-                getConnection().getEntry(groupDN.toNormalizedString(),
-                                new String[] {"cn", "description"});
+                getConnection().searchForEntry(searchRequest);
 
         if (searchResult == null)
         {
diff --git a/projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAOTest.java b/projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAOTest.java
index 48d946babcd7cd977f07ec4a670f7365ba34e7c6..276d5b6a9b7e479a19e9a6e2e6f08e35fe5feca0 100644
--- a/projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAOTest.java
+++ b/projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAOTest.java
@@ -41,7 +41,6 @@ import static org.junit.Assert.fail;
 import java.security.AccessControlException;
 import java.security.PrivilegedExceptionAction;
 import java.util.Collection;
-import java.util.Set;
 
 import javax.security.auth.Subject;
 import javax.security.auth.x500.X500Principal;
@@ -140,7 +139,7 @@ public class LdapGroupDAOTest
         return "CadcDaoTestGroup-" + System.currentTimeMillis();
     }
 
-//    @Test
+    @Test
     public void testOneGroup() throws Exception
     {
         // do everything as owner
@@ -244,10 +243,6 @@ public class LdapGroupDAOTest
                     boolean found = false;
                     for (Group group : groups)
                     {
-                        if (!group.getOwner().equals(daoTestUser1))
-                        {
-                            fail("returned group with wrong owner");
-                        }
                         if (group.getID().equals(group.getID()))
                         {
                             found = true;
@@ -275,12 +270,12 @@ public class LdapGroupDAOTest
         });
     }
     
-//    @Test
+    @Test
     public void testSearchMemberGroups() throws Exception
     {
         final String groupID = getGroupID();
-        final String testGroup1ID = groupID + "-1";
-        final String testGroup2ID = groupID + "-2";
+        final String testGroup1ID = groupID + ".1";
+        final String testGroup2ID = groupID + ".2";
         
         Subject.doAs(daoTestUser1Subject, new PrivilegedExceptionAction<Object>()
         {
@@ -375,7 +370,7 @@ public class LdapGroupDAOTest
         });
     }
 
-//    @Test
+    @Test
     public void testSearchAdminGroups() throws Exception
     {
         final String groupID = getGroupID();
@@ -436,11 +431,11 @@ public class LdapGroupDAOTest
                     }
                     if (!found1)
                     {
-                        fail("Test group 1 not found");
+                        fail("Admin group " + testGroup1ID + " not found");
                     }
                     if (!found2)
                     {
-                        fail("Test group 2 not found");
+                        fail("Admin group " + testGroup2ID + " not found");
                     }
                     
                     groups = getGroupDAO().getGroups(daoTestUser2.getUserID(), 
@@ -475,7 +470,7 @@ public class LdapGroupDAOTest
         });
     }
     
-//    @Test
+    @Test
     public void testAddGroupExceptions() throws Exception
     {
         Subject.doAs(anonSubject, new PrivilegedExceptionAction<Object>()
@@ -522,7 +517,7 @@ public class LdapGroupDAOTest
         });
     }
     
-//    @Test
+    @Test
     public void testGetGroupExceptions() throws Exception
     {
         final String groupID = getGroupID();
@@ -569,7 +564,7 @@ public class LdapGroupDAOTest
         });
     }
     
-//    @Test
+    @Test
     public void testModifyGroupExceptions() throws Exception
     {        
         final String groupID = getGroupID();
@@ -616,7 +611,7 @@ public class LdapGroupDAOTest
         });
     }
     
-//    @Test
+    @Test
     public void testDeleteGroupExceptions() throws Exception
     {
         final String groupID = getGroupID();
@@ -663,7 +658,7 @@ public class LdapGroupDAOTest
         });
     }
     
-//    @Test
+    @Test
     public void testSearchGroupsExceptions() throws Exception
     {        
         final String groupID = getGroupID();