Active Directory Search Overview #
A lot of the information provided here was gathered from http://systemcenterforum.org/wp-content/uploads/ADIntegration_final.pdf
The Microsoft Active Directory database is split into different stores or partitions. Microsoft often refers to these partitions as 'naming contexts'.
- The 'Schema' partition contains the definition of object classes and attributes within the Forest.
- The 'Configuration' partition contains information on the physical structure and configuration of the forest (such as the site topology).
- The 'Domain' partition holds all objects created in that domain.
The Domain partition replicates only to Domain Controllers within its domain. A subset of objects in the domain partition are also replicated to domain controllers that are configured as global catalogs.
When we look at our Domain, we see the following 'naming contexts':
The base for the search should be at the root of the domain. (ie dc=mad,dc=willeke,dc=com) unless noted otherwise.
This is one of several LDAP Query Examples.
Other helpful Information#
- Active Directory Computer Related LDAP Query
- Active Directory User Related Searches
- Active Directory Group Related Searches
All objects which can't be deleted:#
All objects which can't be renamed#
(systemFlags:1.2.840.1135220.127.116.113:=134217728)For information on why this works see how to use Filtering for Bit Fields.