Gary Hill and the AIDS/LIFECYCLE ride »More fun with LDAP searches in ADUC
Here's a handy query to find all non-disabled users (not contacts, groups, etc) with a specific SMTP address (primary or otherwise):
(objectCategory=person)(objectClass=user)(mailnickname=*)(proxyAddresses=smtp:*@mydomain.tld)
(!userAccountControl:1.2.840.113556.1.4.803:=2)
Detailed explanation of the fields:
By using both (objectCategory=person) and (objectClass=user) we exclude contacts and groups.
(Mailnickname=*) Limits the search to mail enabled objects in AD
(ProxyAddresses=smtp:*@mydomain.tld) Searches for the address regardless of being primary or otherwise.
And of course the old reliable: (userAccountControl:1.2.840.113556.1.4.803:=2) Signifies a disabled user account.
Now, here's my motivation: I want to find all users I migrated from an acquired company that had their mailboxes moved. These migrated users all sit in a single admin group with my original users, and I had to update the RUS with this domain, so all my new users also have a @old-domain.tld address too.
But only the migrated users have an extra smtp address @subdomain.old-domain.tld. So I query for all non-disabled mail enabled users who have 1) an address in @old-domain.tld and 2) another address in @subdomain.old-domain.tld.
The Query:(objectCategory=person)(objectClass=user)(mailnickname=*)(proxyAddresses=smtp:*@mydomain.tld)
(proxyAddresses=smtp:*@subdomain.old-domain.tld)
(!userAccountControl:1.2.840.113556.1.4.803:=2)
Note: LDAP is not case sensitive so it can't distinguish between smtp: and SMTP: . Sorry, you can't find the primary SMTP: address this way, but you can search against (mail=) which generally corresponds to the primary SMTP address.
Search
