Overview#

Active Directory Configuration Related Searches are used to determine the configuration items for the AD DOMAIN or AD Forest

Active Directory Configuration Related Searchess might be part of the AD DOMAIN or Configuration Directory Partition from the AD Forest

Conf: serviceConnectionPoint#

ldapsearch -H ldaps://serverdc.example.com:636 -x -D "adminguy@example.com" -W -b "DC=example,DC=com" -s sub -a always -z 1000 "(objectClass=serviceConnectionPoint)" "serviceClassName" "serviceDNSName" "objectClass"

Conf: trusts established domain#

ldapsearch -H ldaps://serverdc.example.com:636 -x -D "adminguy@example.com" -W -b "DC=example,DC=com" -s sub -a always -z 1000 "(objectClass=trustedDomain)" "cn" "trustType" "trustDirection" "trustAuthIncoming" "trustAuthOutgoing" "trustPartner" "objectClass"

Conf: Domain Controllers that are Global Catalogs#

ldapsearch -H ldaps://serverdc.example.com:636 -x -D "adminguy@example.com" -W -b "CN=Configuration,DC=exampleroot,DC=com" -s sub -a always -z 1000 "(&(objectCategory=nTDSDSA)(options:1.2.840.113556.1.4.803:=1))" "objectClass"

Conf: Domain Controllers#

ldapsearch -H ldaps://serverdc.example.com:636 -x -D "adminguy@example.com" -W -b "DC=example,DC=com" -s sub -a always -z 1000 "(&(objectCategory=Computer)(userAccountControl:1.2.840.113556.1.4.803:=8192))" "dNSHostName" "objectClass"

Conf: AD DOMAIN Flexible Single Master Operation (FSMOs)#

ldapsearch -H ldaps://serverdc.example.com:636 -x -D "adminguy@example.com" -W -b "DC=example,DC=com" -s sub -a always -z 1000 "(|(ObjectClass=rIDManager)(ObjectClass=infrastructureUpdate)(ObjectClass=domainDNS))" "fSMORoleOwner" "objectClass"

Conf: AD Forest Flexible Single Master Operation (FSMO) Domain Naming Master FSMO Role#

ldapsearch -H ldaps://serverdc.example.com:636 -x -D "adminguy@example.com" -W -b "CN=Configuration,DC=exampleroot,DC=com" -s sub -a always -z 1000 "(ObjectClass=crossRefContainer)" "fSMORoleOwner" "objectClass

Conf: AD Forest Schema Master FSMO Role#

ldapsearch -H ldaps://serverdc.example.com:636 -x -D "adminguy@example.com" -W -b "CN=Schema,CN=Configuration,DC=exampleroot,DC=com" -s sub -a always -z 1000 "(ObjectClass=dMD)" "fSMORoleOwner" "objectClass"

Conf: Group Policy Objects#

ldapsearch -H ldaps://serverdc.example.com:636 -x -D "adminguy@example.com" -W -b "CN=Policies,CN=System,DC=example,DC=com" -s sub -a always -z 1000 "(objectClass=groupPolicyContainer)" "displayName" "objectClass"

Conf: Active Directory Sites#

ldapsearch -H ldaps://serverdc.example.com:636 -x -D "adminguy@example.com" -W -b "CN=Sites,CN=Configuration,DC=exampleroot,DC=com" -s sub -a always -z 1000 "(objectclass=site)" "cn" "siteObjectBL" "objectClass"

Conf: Active Directory Sites Sites-Servers#

ldapsearch -H ldaps://serverdc.example.com:636 -x -D "adminguy@example.com" -W -b "CN=Sites,CN=Configuration,DC=exampleroot,DC=com" -s sub -a always -z 1000 "(objectclass=server)" "cn" "distinguishedName" "objectClass"

Conf: Subnets Used for Active Directory Sites#

ldapsearch -H ldaps://serverdc.example.com:636 -x -D "adminguy@example.com" -W -b "CN=Subnets,CN=Sites,CN=Configuration,DC=exampleroot,DC=com" -s sub -a always -z 1000 "(cn=*)" "cn" "siteObject" "objectClass"

conf: INTERDOMAIN_TRUST_ACCOUNTs#

ldapsearch -H ldaps://serverdc.example.com:636 -x -D "adminguy@example.com" -W -b "DC=example,DC=com" -s sub -a always -z 1000 "(userAccountControl:1.2.840.113556.1.4.803:=2048)" "sAMAccountName" "pwdLastSet" "objectClass"

More Information#

There might be more information for this subject on one of the following:

This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthorTop