!!! Overview 
These are [Example] computer related [LDAP SearchFilters] which show [LDAP Query Examples] that can be used to find information specific to computers within the Active Directory Domain.

More [LDAP Query Examples] and more [AD Specific LDAP Query Examples|LDAP Query Examples for AD] 

[{TableOfContents}]

!Find All Workstations
{{{
    (sAMAccountType=805306369)
or 
    (objectCategory=computer)
}}}

BTW: We have a table of possible [SAMAccountType] values.

! All [Domain Controllers]
{{{
    (&(objectCategory=Computer)(userAccountControl:1.2.840.113556.1.4.803:=8192))
}}}

!All global catalog servers (LDAP search in the configuration partition)
{{{
    (&(objectCategory=nTDSDSA)(options:1.2.840.113556.1.4.803:=1))
}}}

!Excludes [Domain Controllers]
{{{
    (!(primaryGroupID=516))
}}}

!Excludes OpsMgr Management Servers and Gateways
{{{
    (!(servicePrincipalName=MSOMHSvc/*))
}}}

!Returns odd servers if their netbios names end with a number (e.g. AnySrv101)
{{{
    (|(name=*1)(name=*3)(name=*5)(name=*7)(name=*9))
}}}

!All computer accounts which are [Administratively Disabled]:
{{{
    (&(objectClass=computer)(userAccountControl:1.2.840.113556.1.4.803:=2))
}}}    
For information on why this works see how to use [Filtering for Bit Fields].

!!Computers By [Operating System] Version
!Find all [Windows Server 2003] Non-DCs
{{{
    (&(&(&(samAccountType=805306369)(!(primaryGroupId=516)))(objectCategory=computer)(operatingSystem=Windows Server 2003*)))
}}}

!Find all 2003 Servers - DCs
{{{
    (&(&(&(samAccountType=805306369)(primaryGroupID=516)(objectCategory=computer)(operatingSystem=Windows Server 2003*))))
}}}

!Find all Server [Windows Server 2008]
{{{
    (&(&(&(&(samAccountType=805306369)(!(primaryGroupId=516)))(objectCategory=computer)(operatingSystem=Windows Server 2008*))))
}}}

!Find all Windows 2000 SP4 computers
{{{
    (&(&(&(objectCategory=Computer)(operatingSystem=Windows 2000 Professional)(operatingSystemServicePack=Service Pack 4))))
}}}

!Find all Windows XP SP2 computers
{{{
    (&(&(&(&(&(&(&(objectCategory=Computer)(operatingSystem=Windows XP Professional)(operatingSystemServicePack=Service Pack 2))))))))
}}}

!Find all Windows XP SP3 computers
{{{
    (&(&(&(&(&(&(&(objectCategory=Computer)(operatingSystem=Windows XP Professional)(operatingSystemServicePack=Service Pack 3))))))))
}}}

!Find all [Windows Vista] SP1 computers
{{{
    (&(&(&(&(sAMAccountType=805306369)(objectCategory=computer)(operatingSystem=Windows Vista*)(operatingSystemServicePack=Service Pack 1)))))
}}}


!!! Active Directory attributes for computer accounts
Commonly used Active Directory attributes for computer accounts
%%zebra-table
%%sortable
%%table-filter
||LDAP Attribute||Remark
|description|Computer description (in AD)
|distinguishedName|DN: OU location of the computer account can be read from here. No wildcard matching possible!
|dNSHostName|FQDN
|location|Location field
|memberOf|Groups the computer account is a member of. No wildcard matching possible!
|name|Netbios computer name
|operatingSystem|e.g. Windows Server 2003
|operatingSystemServicePack|e.g. Service Pack 1
|operatingSystemVersion|e.g. 5.2 (3790)
|primaryGroupID|515: Computers\\516: Domain Controllers
|[sAMAccountName|SamAccountName]|Computer account name ([name]$)
|[sAMAccountType]|always 805306369 (computer account)
|servicePrincipalName|list of registered SPNs
/%
/%
/%




!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]