Overview #
These are Example computer related LDAP SearchFilters which show LDAP Query Examples that can be used to find information specific to computers within the Active Directory Domain.More LDAP Query Examples and more AD Specific LDAP Query Examples
Table of Contents
- Overview
- Find All Workstations
- All Domain Controllers
- All global catalog servers (LDAP search in the configuration partition)
- Excludes Domain Controllers
- Excludes OpsMgr Management Servers and Gateways
- Returns odd servers if their netbios names end with a number (e.g. AnySrv101)
- All computer accounts which are Administratively Disabled:
- Computers By Operating System Version
- Find all Windows Server 2003 Non-DCs
- Find all 2003 Servers - DCs
- Find all Server Windows Server 2008
- Find all Windows 2000 SP4 computers
- Find all Windows XP SP2 computers
- Find all Windows XP SP3 computers
- Find all Windows Vista SP1 computers
- Active Directory attributes for computer accounts
- More Information
Find All Workstations#
(sAMAccountType=805306369)
or
(objectCategory=computer)
BTW: We have a table of possible SAMAccountType values.
All Domain Controllers#
(&(objectCategory=Computer)(userAccountControl:1.2.840.113556.1.4.803:=8192))
All global catalog servers (LDAP search in the configuration partition)#
(&(objectCategory=nTDSDSA)(options:1.2.840.113556.1.4.803:=1))
Excludes Domain Controllers#
(!(primaryGroupID=516))
Excludes OpsMgr Management Servers and Gateways#
(!(servicePrincipalName=MSOMHSvc/*))
Returns odd servers if their netbios names end with a number (e.g. AnySrv101)#
(|(name=*1)(name=*3)(name=*5)(name=*7)(name=*9))
All computer accounts which are Administratively Disabled:#
(&(objectClass=computer)(userAccountControl:1.2.840.113556.1.4.803:=2))
For information on why this works see how to use Filtering for Bit Fields.
Computers By Operating System Version#
Find all Windows Server 2003 Non-DCs#
(&(&(&(samAccountType=805306369)(!(primaryGroupId=516)))(objectCategory=computer)(operatingSystem=Windows Server 2003*)))
Find all 2003 Servers - DCs#
(&(&(&(samAccountType=805306369)(primaryGroupID=516)(objectCategory=computer)(operatingSystem=Windows Server 2003*))))
Find all Server Windows Server 2008#
(&(&(&(&(samAccountType=805306369)(!(primaryGroupId=516)))(objectCategory=computer)(operatingSystem=Windows Server 2008*))))
Find all Windows 2000 SP4 computers#
(&(&(&(objectCategory=Computer)(operatingSystem=Windows 2000 Professional)(operatingSystemServicePack=Service Pack 4))))
Find all Windows XP SP2 computers#
(&(&(&(&(&(&(&(objectCategory=Computer)(operatingSystem=Windows XP Professional)(operatingSystemServicePack=Service Pack 2))))))))
Find all Windows XP SP3 computers#
(&(&(&(&(&(&(&(objectCategory=Computer)(operatingSystem=Windows XP Professional)(operatingSystemServicePack=Service Pack 3))))))))
Find all Windows Vista SP1 computers#
(&(&(&(&(sAMAccountType=805306369)(objectCategory=computer)(operatingSystem=Windows Vista*)(operatingSystemServicePack=Service Pack 1)))))
Active Directory attributes for computer accounts#
Commonly used Active Directory attributes for computer accounts| LDAP Attribute | Remark |
|---|---|
| description | Computer description (in AD) |
| distinguishedName | DN: OU location of the computer account can be read from here. No wildcard matching possible! |
| dNSHostName | FQDN |
| location | Location field |
| memberOf | Groups the computer account is a member of. No wildcard matching possible! |
| name | Netbios computer name |
| operatingSystem | e.g. Windows Server 2003 |
| operatingSystemServicePack | e.g. Service Pack 1 |
| operatingSystemVersion | e.g. 5.2 (3790) |
| primaryGroupID | 515: Computers 516: Domain Controllers |
| sAMAccountName | Computer account name (name$) |
| sAMAccountType | always 805306369 (computer account) |
| servicePrincipalName | list of registered SPNs |
