Ldapwiki: LDAP Query Examples for AD

Active Directory Search Overview #

A lot of the information provided here was gathered from http://systemcenterforum.org/wp-content/uploads/ADIntegration_final.pdf

The Microsoft Active Directory database is split into different stores or partitions. Microsoft Active Directory often refers to these partitions as 'naming contexts'.

The Schema Directory Partition contains the definition of object classes and attributes within the AD Forest.
The Configuration Directory Partition contains information on the physical structure and configuration of the forest (such as the site topology).
The Domain Directory Partition holds all objects created in that domain.

The Domain Directory Partition replicates only to Domain Controllers within its domain. A subset of objects in the domain partition are also replicated to Domain Controllers that are configured as Global Catalogs.

When we look at our domain, we see the following NamingContext values:

CN=Configuration,DC=mad,DC=willeke,DC=com
CN=Schema,CN=Configuration,DC=mad,DC=willeke,DC=com
DC=DomainDnsZones,DC=mad,DC=willeke,DC=com (assuming DNS is performed by Microsoft Active Directory)
DC=ForestDnsZones,DC=mad,DC=willeke,DC=com (assuming DNS is performed by Microsoft Active Directory)
DC=mad,DC=willeke,DC=com

You should use a baseObject similar to: CN=Configuration,DC=mad,DC=example,DC=com
and a LDAP Search Scope of wholeSubtree

(nETBIOSName=*)

The base for the search should be at the root of the domain. (ie dc=mad,dc=willeke,dc=com) unless noted otherwise.

This is one of several LDAP Query Examples.

Ldapwiki found this excellent and simple and extensive reference is at: Filter on objectCategory and objectClass

There might be more information for this subject on one of the following:

[#1] - Filter on objectCategory and objectClass - based on information obtained 2020-05-30