This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links
Active Directory Computer Related LDAP Query
Active Directory Computer Related LDAP Query

Version management

Difference between version and

At line 1 added 113 lines
!!! Overview
These are [Example] computer related [LDAP SearchFilters] which show [LDAP Query Examples] that can be used to find information specific to computers within the Active Directory Domain.
More [LDAP Query Examples] and more [AD Specific LDAP Query Examples|LDAP Query Examples for AD]
[{TableOfContents}]
!Find All Workstations
{{{
(sAMAccountType=805306369)
or
(objectCategory=computer)
}}}
BTW: We have a table of possible [SAMAccountType] values.
! All [Domain Controllers]
{{{
(&(objectCategory=Computer)(userAccountControl:1.2.840.113556.1.4.803:=8192))
}}}
!All global catalog servers (LDAP search in the configuration partition)
{{{
(&(objectCategory=nTDSDSA)(options:1.2.840.113556.1.4.803:=1))
}}}
!Excludes [Domain Controllers]
{{{
(!(primaryGroupID=516))
}}}
!Excludes OpsMgr Management Servers and Gateways
{{{
(!(servicePrincipalName=MSOMHSvc/*))
}}}
!Returns odd servers if their netbios names end with a number (e.g. AnySrv101)
{{{
(|(name=*1)(name=*3)(name=*5)(name=*7)(name=*9))
}}}
!All computer accounts which are [Administratively Disabled]:
{{{
(&(objectClass=computer)(userAccountControl:1.2.840.113556.1.4.803:=2))
}}}
For information on why this works see how to use [Filtering for Bit Fields].
!!Computers By [Operating System] Version
!Find all [Windows Server 2003] Non-DCs
{{{
(&(&(&(samAccountType=805306369)(!(primaryGroupId=516)))(objectCategory=computer)(operatingSystem=Windows Server 2003*)))
}}}
!Find all 2003 Servers - DCs
{{{
(&(&(&(samAccountType=805306369)(primaryGroupID=516)(objectCategory=computer)(operatingSystem=Windows Server 2003*))))
}}}
!Find all Server [Windows Server 2008]
{{{
(&(&(&(&(samAccountType=805306369)(!(primaryGroupId=516)))(objectCategory=computer)(operatingSystem=Windows Server 2008*))))
}}}
!Find all Windows 2000 SP4 computers
{{{
(&(&(&(objectCategory=Computer)(operatingSystem=Windows 2000 Professional)(operatingSystemServicePack=Service Pack 4))))
}}}
!Find all Windows XP SP2 computers
{{{
(&(&(&(&(&(&(&(objectCategory=Computer)(operatingSystem=Windows XP Professional)(operatingSystemServicePack=Service Pack 2))))))))
}}}
!Find all Windows XP SP3 computers
{{{
(&(&(&(&(&(&(&(objectCategory=Computer)(operatingSystem=Windows XP Professional)(operatingSystemServicePack=Service Pack 3))))))))
}}}
!Find all [Windows Vista] SP1 computers
{{{
(&(&(&(&(sAMAccountType=805306369)(objectCategory=computer)(operatingSystem=Windows Vista*)(operatingSystemServicePack=Service Pack 1)))))
}}}
!!! Active Directory attributes for computer accounts
Commonly used Active Directory attributes for computer accounts
%%zebra-table
%%sortable
%%table-filter
||LDAP Attribute||Remark
|description|Computer description (in AD)
|distinguishedName|DN: OU location of the computer account can be read from here. No wildcard matching possible!
|dNSHostName|FQDN
|location|Location field
|memberOf|Groups the computer account is a member of. No wildcard matching possible!
|name|Netbios computer name
|operatingSystem|e.g. Windows Server 2003
|operatingSystemServicePack|e.g. Service Pack 1
|operatingSystemVersion|e.g. 5.2 (3790)
|primaryGroupID|515: Computers\\516: Domain Controllers
|[sAMAccountName|SamAccountName]|Computer account name ([name]$)
|[sAMAccountType]|always 805306369 (computer account)
|servicePrincipalName|list of registered SPNs
/%
/%
/%
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthorTop