Active Directory Computer Related LDAP Query

Overview #

These are Example computer related LDAP SearchFilters which show LDAP Query Examples that can be used to find information specific to computers within the Active Directory Domain.

More LDAP Query Examples and more AD Specific LDAP Query Examples

Table of Contents

Find All Workstations#

    (sAMAccountType=805306369)
or 
    (objectCategory=computer)

BTW: We have a table of possible SAMAccountType values.

All Domain Controllers#

    (&(objectCategory=Computer)(userAccountControl:1.2.840.113556.1.4.803:=8192))

All global catalog servers (LDAP search in the configuration partition)#

    (&(objectCategory=nTDSDSA)(options:1.2.840.113556.1.4.803:=1))

Excludes Domain Controllers#

    (!(primaryGroupID=516))

Excludes OpsMgr Management Servers and Gateways#

    (!(servicePrincipalName=MSOMHSvc/*))

Returns odd servers if their netbios names end with a number (e.g. AnySrv101)#

    (|(name=*1)(name=*3)(name=*5)(name=*7)(name=*9))

All computer accounts which are Administratively Disabled:#

    (&(objectClass=computer)(userAccountControl:1.2.840.113556.1.4.803:=2))
For information on why this works see how to use Filtering for Bit Fields.

Computers By Operating System Version#

Find all Windows Server 2003 Non-DCs#

    (&(&(&(samAccountType=805306369)(!(primaryGroupId=516)))(objectCategory=computer)(operatingSystem=Windows Server 2003*)))

Find all 2003 Servers - DCs#

    (&(&(&(samAccountType=805306369)(primaryGroupID=516)(objectCategory=computer)(operatingSystem=Windows Server 2003*))))

Find all Server Windows Server 2008#

    (&(&(&(&(samAccountType=805306369)(!(primaryGroupId=516)))(objectCategory=computer)(operatingSystem=Windows Server 2008*))))

Find all Windows 2000 SP4 computers#

    (&(&(&(objectCategory=Computer)(operatingSystem=Windows 2000 Professional)(operatingSystemServicePack=Service Pack 4))))

Find all Windows XP SP2 computers#

    (&(&(&(&(&(&(&(objectCategory=Computer)(operatingSystem=Windows XP Professional)(operatingSystemServicePack=Service Pack 2))))))))

Find all Windows XP SP3 computers#

    (&(&(&(&(&(&(&(objectCategory=Computer)(operatingSystem=Windows XP Professional)(operatingSystemServicePack=Service Pack 3))))))))

Find all Windows Vista SP1 computers#

    (&(&(&(&(sAMAccountType=805306369)(objectCategory=computer)(operatingSystem=Windows Vista*)(operatingSystemServicePack=Service Pack 1)))))

Active Directory attributes for computer accounts#

Commonly used Active Directory attributes for computer accounts
LDAP AttributeRemark
descriptionComputer description (in AD)
distinguishedNameDN: OU location of the computer account can be read from here. No wildcard matching possible!
dNSHostNameFQDN
locationLocation field
memberOfGroups the computer account is a member of. No wildcard matching possible!
nameNetbios computer name
operatingSysteme.g. Windows Server 2003
operatingSystemServicePacke.g. Service Pack 1
operatingSystemVersione.g. 5.2 (3790)
primaryGroupID515: Computers
516: Domain Controllers
sAMAccountNameComputer account name (name$)
sAMAccountTypealways 805306369 (computer account)
servicePrincipalNamelist of registered SPNs

More Information#

There might be more information for this subject on one of the following:
Please see our Copyright And Intellectual Property Page and Standard Disclaimer Pages!