The Japan Page: ADUC LDAP Queries

Various LDAP queries that can be used against AD in Active DIrectory Users & Computers. Should work in Windows 2000 and Windows 2003 AD, and makes for a very nice "Saved query".

Find all non-disabled users with no Exchange Home Server
(&(objectCategory=user)(legacyExchangeDN=*)(!msExchHomeServerName=*)(!userAccountControl:1.2.840.113556.1.4.803:=2))

Find all users with "some text" anywhere in the description line
(&(objectCategory=user)(description=*some text*))

Find all users with no SMTP address, not disabled
(&(objectCategory=user)(!mail=*)(!userAccountControl:1.2.840.113556.1.4.803:=2)

Find all users needing a password reset, not disabled
(&(objectcategory=user)(pwdLastSet=0)(!userAccountControl:1.2.840.113556.1.4.803:=2))

Find all users with no SID hostory, not disabled
(&(objectCategory=user)(!sidhistory=*)(!userAccountControl:1.2.840.113556.1.4.803:=2))

Find all "ADC_" ADC created user accounts
(&(objectCategory=user)(samaccountname=ADC*))

Find all mail enabled users with no COMMA in display name
(&(objectCategory=user)(!displayName=*,*)(mail=*))

Put a ! in front of a value to make a NOT query, for example all users except "Smith" would be
(&(objectCategory=user)(!cn=Smith))

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)

Name:

Email Address:

URL:

Remember personal info?

Comments:

Today's anti-spam measures are brought to you by the letter "A". Please type it here:

The Japan Page

Photography, computers and other stuff.

ADUC LDAP Queries

Post a comment

Search

Sponsored Links

Categories

Archives

Recent Posts