jspωiki
LDAP Query Examples for AD
Your trail: 

Table of Contents

Active Directory Search Overview #

A lot of the information provided here was gathered from http://systemcenterforum.org/wp-content/uploads/ADIntegration_final.pdf

The Microsoft Active Directory database is split into different stores or partitions. Microsoft Active Directory often refers to these partitions as 'naming contexts'.

  • The 'Schema' partition contains the definition of object classes and attributes within the Forest.
  • The 'Configuration' partition contains information on the physical structure and configuration of the forest (such as the site topology).
  • The 'Domain' partition holds all objects created in that domain.
The first two partitions replicate to all Domain Controllers in the AD Forest.

The Domain partition replicates only to Domain Controllers within its domain. A subset of objects in the domain partition are also replicated to domain controllers that are configured as global catalogs.

When we look at our domain, we see the following 'naming contexts':

  • CN=Configuration,DC=mad,DC=willeke,DC=com
  • CN=Schema,CN=Configuration,DC=mad,DC=willeke,DC=com
  • DC=DomainDnsZones,DC=mad,DC=willeke,DC=com
  • DC=ForestDnsZones,DC=mad,DC=willeke,DC=com
  • DC=mad,DC=willeke,DC=com

LDAP Search Filters Example to obtain all AD DOMAINs in a AD Forest#

You should use a baseObject similar to: CN=Configuration,DC=mad,DC=example,DC=com
and a LDAP Search Scope of wholeSubtree 
(nETBIOSName=*)

The base for the search should be at the root of the domain. (ie dc=mad,dc=willeke,dc=com) unless noted otherwise.

Microsoft Active Directory Search Filters Limitations#

This is one of several LDAP Query Examples.

Other helpful Information#

Specific Examples LDAP Query Examples for AD #

Misc#

All objects which can't be deleted:#

(systemFlags:1.2.840.113556.1.4.803:=-2147483648)

All objects which can't be renamed#

(systemFlags:1.2.840.113556.1.4.803:=134217728)
For information on why this works see how to use Filtering for Bit Fields.

More Information#

There might be more information for this subject on one of the following:
This page (revision-37) was last changed on 19-Jun-2017 13:20 by jim Top

Main page
About
Recent Changes
Tools Page

Lead Pages#

WikiEtiquette
Find pages
Unused pages
Undefined pages
Page Index
News


Site Maintained By -jim

Costs of Wiki

Donations#

If you like Ldapwiki, please consider a donation.

Donation for LDAPWiki


Active Sessions28
Uptime44d, 6h 50m 2s
Number of pages15572

JSPWiki v2.10.1
jspωiki
Please see our Copyright And Intellectual Property Page and Standard Disclaimer Pages!
JSPWiki v2.10.1