LKBEN10662: Howto find all users or objects with a user defined ldap query in active directory

Symptom

You need to find all users or certain objects with a self defined ldap query

Cause

none

Solution

You can use the following ldap query syntax to search for all users. Please not the exclamation mark which negates the objectClass computer. The cn can be anything.

(&(!objectClass=computer)(objectClass=user)(cn=*))

Here we serach for all users where the name starts with a-

(&(objectCategory=person)(objectClass=user)(name=a-*))

This ldap query searches for all computers with srv in the name

(&(&(objectCategory=computer)(name=*srv*)))

Here we search for all users

(&(objectCategory=person)(objectClass=user))

Here we search for all deactivated accounts in active directory

(&(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=2))

This query will find all acounts with "password does not expire"

(&(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=65536))

Here we search for all groups containing rw in the name

(&(objectCategory=group)(name=*rw*))

A bit more complex is the search for all printers starting with hp for the name, standing in the location starting with hh and supporting duplex printing

(&(&(&(uncName=*)(objectCategory=printQueue)(printerName=hp*)(printDuplexSupported=TRUE))(objectCategory=printQueue)(location=hh*)))

Search for all Organisational units starting with hh

(&(&(ou>="")(objectCategory=organizationalUnit)(ou=hh*)))

Disclaimer:

About the Author

Author: Wim Peeters - Keskon GmbH & Co. KG

Wim Peeters is electronics engineer with an additional master in IT and over 30 years of experience, including time spent in support, development, consulting, training and database administration. Wim has worked with SQL Server since version 6.5. He has developed in C/C++, Java and C# on Windows and Linux. He writes knowledge base articles to solve IT problems and publishes them on the Lubby Knowledge Platform.