This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links
LDAP Query Examples for AD
LDAP Query Examples for AD

Version management

Difference between version and

At line 1 added 56 lines
[{TableOfContents}]
!!!Active Directory Search Overview
A lot of the information provided here was gathered from http://systemcenterforum.org/wp-content/uploads/ADIntegration_final.pdf
The [Microsoft Active Directory] [database] is split into different stores or [partitions]. [Microsoft Active Directory] often refers to these [partitions] as 'naming contexts'.
* The [Schema Directory Partition] contains the definition of object classes and attributes within the [AD Forest].
* The [Configuration Directory Partition] contains information on the physical structure and configuration of the forest (such as the site topology).
* The [Domain Directory Partition] holds all objects created in that [domain|AD DOMAIN].
The [Schema Directory Partition] and [Configuration Directory Partition] [replicate|Replication] to all [Domain Controllers] in the [AD Forest].
The [Domain Directory Partition] replicates only to [Domain Controllers] within its [domain|AD DOMAIN].
A subset of objects in the [domain|AD DOMAIN] [partition] are also replicated to [Domain Controllers] that are configured as [Global Catalogs].
When we look at our [domain|AD DOMAIN], we see the following [NamingContext] values:
* CN=Configuration,DC=mad,DC=willeke,DC=com
* CN=Schema,CN=Configuration,DC=mad,DC=willeke,DC=com
* DC=DomainDnsZones,DC=mad,DC=willeke,DC=com (assuming DNS is performed by [Microsoft Active Directory])
* DC=ForestDnsZones,DC=mad,DC=willeke,DC=com (assuming DNS is performed by [Microsoft Active Directory])
* DC=mad,DC=willeke,DC=com
!! [LDAP Search Filters Example] to obtain all [AD DOMAINs] in a [AD Forest]
You should use a [baseObject] similar to: CN=Configuration,DC=mad,DC=example,DC=com \\ and a [LDAP Search Scope] of [wholeSubtree]
%%prettify
{{{
(nETBIOSName=*)
}}} /%
The base for the search should be at the root of the domain. (ie dc=mad,dc=willeke,dc=com) unless noted otherwise.
!! Specific [Example] [{$pagename}]
* [Active Directory Computer Related LDAP Query]
* [Active Directory User Related Searches]
* [Active Directory Group Related Searches]
* [Active Directory RISK Related Searches]
* [Active Directory Schema Related LDAP Searches]
* [Active Directory Configuration Related Searches]
!! [Microsoft Active Directory] [Search Filters Limitations]
This is one of several [LDAP Query Examples].
!! Other helpful Information
* [Filtering for Bit Fields]
* [Ambiguous Name Resolution]
!! More Examples
[{$applicationname}] found this excellent and simple and extensive reference is at: [Filter on objectCategory and objectClass|https://social.technet.microsoft.com/wiki/contents/articles/5392.active-directory-ldap-syntax-filters.aspx|target='_blank']
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
* [#1] - [Filter on objectCategory and objectClass|https://social.technet.microsoft.com/wiki/contents/articles/5392.active-directory-ldap-syntax-filters.aspx|target='_blank'] - based on information obtained 2020-05-30
This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthorTop