Windows DatabaseebooksStatistical Information

LWE10099 : Howto find all users or objects with a user defined ldap query in active directory

Symptom:

You need to find all users or certain objects with a self defined ldap query

Cause:

none

Solution:

You can use the following ldap query syntax to search for all users. Please not the exclamation mark which negates the objectClass computer. The cn can be anything.

(&(!objectClass=computer)(objectClass=user)(cn=*))

Here we serach for all users where the name starts with a-

(&(objectCategory=person)(objectClass=user)(name=a-*))

This ldap query searches for all computers with srv in the name

(&(&(objectCategory=computer)(name=*srv*)))

Here we search for all users

(&(objectCategory=person)(objectClass=user))

Here we search for all deactivated accounts in active directory

(&(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=2))

This query will find all acounts with "password does not expire"

(&(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=65536))

Here we search for all groups containing rw in the name

(&(objectCategory=group)(name=*rw*))

A bit more complex is the search for all printers starting with hp for the name, standing in the location starting with hh and supporting duplex printing

(&(&(&(uncName=*)(objectCategory=printQueue)(printerName=hp*)(printDuplexSupported=TRUE))(objectCategory=printQueue)(location=hh*)))

Search for all Organisational units starting with hh

(&(&(ou>="")(objectCategory=organizationalUnit)(ou=hh*)))

Disclaimer:

The information provided in this document is intended for your information only. Lubby makes no claims to the validity of this information. Use of this information is at own risk!
Copyright © 2004-2011 Lubby (V3.0.10 Aug 2011)
Sponsored by Keskon.
Statistical information by Google Analytics