<meta charset="UTF-8">
<meta name="robots" content="noindex,nofollow" />
<link rel="shortcut icon" type="image/x-icon" href="/wiki/images/favicon.ico" />
<link rel="icon" type="image/x-icon" href="/wiki/images/favicon.ico" />

<pre>
[{TableOfContents}]
!!!Active Directory Search Overview 

A lot of the information provided here was gathered from http://systemcenterforum.org/wp-content/uploads/ADIntegration_final.pdf

The [Microsoft Active Directory] [database] is split into different stores or [partitions]. [Microsoft Active Directory] often refers to these [partitions] as 'naming contexts'. 
* The [Schema Directory Partition] contains the definition of object classes and attributes within the [AD Forest]. 
* The [Configuration Directory Partition] contains information on the physical structure and configuration of the forest (such as the site topology). 
* The [Domain Directory Partition] holds all objects created in that [domain|AD DOMAIN]. 

The [Schema Directory Partition] and [Configuration Directory Partition] [replicate|Replication] to all [Domain Controllers] in the [AD Forest]. 

The [Domain Directory Partition] replicates only to [Domain Controllers] within its [domain|AD DOMAIN]. 
A subset of objects in the [domain|AD DOMAIN] [partition] are also replicated to [Domain Controllers] that are configured as [Global Catalogs].

When we look at our [domain|AD DOMAIN], we see the following [NamingContext] values:
* CN=Configuration,DC=mad,DC=willeke,DC=com
* CN=Schema,CN=Configuration,DC=mad,DC=willeke,DC=com
* DC=DomainDnsZones,DC=mad,DC=willeke,DC=com (assuming DNS is performed by [Microsoft Active Directory])
* DC=ForestDnsZones,DC=mad,DC=willeke,DC=com (assuming DNS is performed by [Microsoft Active Directory])
* DC=mad,DC=willeke,DC=com

!! [LDAP Search Filters Example] to obtain all [AD DOMAINs] in a [AD Forest]
You should use a [baseObject] similar to: CN=Configuration,DC=mad,DC=example,DC=com \\ and a [LDAP Search Scope] of [wholeSubtree]
%%prettify 
{{{
(nETBIOSName=*)
}}} /%

The base for the search should be at the root of the domain. (ie dc=mad,dc=willeke,dc=com) unless noted otherwise.

!! Specific [Example] [{$pagename}] 
* [Active Directory Computer Related LDAP Query]
* [Active Directory User Related Searches]
* [Active Directory Group Related Searches]
* [Active Directory RISK Related Searches]
* [Active Directory Schema Related LDAP Searches]
* [Active Directory Configuration Related Searches]

!! [Microsoft Active Directory] [Search Filters Limitations]

This is one of several [LDAP Query Examples].

!! Other helpful Information
* [Filtering for Bit Fields]
* [Ambiguous Name Resolution]


!! More Examples
[{$applicationname}] found this excellent and simple and extensive reference is at: [Filter on objectCategory and objectClass|https://social.technet.microsoft.com/wiki/contents/articles/5392.active-directory-ldap-syntax-filters.aspx|target='_blank']

!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
* [#1] - [Filter on objectCategory and objectClass|https://social.technet.microsoft.com/wiki/contents/articles/5392.active-directory-ldap-syntax-filters.aspx|target='_blank'] - based on information obtained 2020-05-30 
</pre>