An Engineers Notebook

LDAP Queries for Users and Computers Snap-in mmc.exe

Find Groups that
contains the word admin

(objectcategory=group)(samaccountname=*admin*)

Find users who have
admin in description field

(objectcategory=person)(description=*admin*)

Find all Universal
Groups

(groupType:1.2.840.113556.1.4.803:=8)

Empty Groups with No
Members

(objectCategory=group)(!member=*)

Find all User with
the name Bob

(objectcategory=person)(samaccountname=*Bob*)

Find user accounts
with passwords set to never expire

(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=65536)

Find all users that
never log in to domain

(&(&(objectCategory=person)(objectClass=user))(|(lastLogon=0)(!(lastLogon=*))))

 

Find user accounts
with no log on script

(objectcategory=person)(!scriptPath=*)

 

Find user accounts
with no profile path

(objectcategory=person)(!profilepath=*)

 

Finds non disabled
accounts that must change their password at next logon

(objectCategory=person)(objectClass=user)(pwdLastSet=0)(!useraccountcontrol:1.2.840.113556.1.4.803:=2)

 

Finds all disabled
accounts in active directory

(objectCategory=person)(objectClass=user)(!useraccountcontrol:1.2.840.113556.1.4.803:=2)

 

Finds all locked out
accounts

(objectCategory=person)(objectClass=user)(useraccountcontrol:1.2.840.113556.1.4.803:=16)

 

Finds Domain Local
Groups

(groupType:1.2.840.113556.1.4.803:=4)

 

Finds all Users with
Email Address set

(objectcategory=person)(mail=*)

 

Finds all Users with
no Email Address

(objectcategory=person)(!mail=*)

 

Find all Users,
Groups or Contacts where Company or Description is Contractors

(|(objectcategory=user)(objectcategory=group)(objectcategory=contact))(|(description=North*)(company=Contractors*))

 

Find all Users with
Mobile numbers 712 or 155

(objectcategory=user)(|(mobile=712*)(mobile=155*))

 

Find all Users with
Dial-In permissions

(objectCategory=user)(msNPAllowDialin=TRUE)

 

Find All printers
with Color printing capability

Note: server name
must be changed

(&(&(&(uncName=*Servername*)(objectCategory=printQueue)(printColor=TRUE))))

 

Find Users Mailboxes
Overriding Exchange Size Limit Policies

(&(&(&objectCategory=user)(mDBUseDefaults=FALSE)))

 

Find all Users that
need to change password on next login.

(&(objectCategory=user)(pwdLastSet=0))

 

Find all Users that
are almost Locked-Out

Notice the “>=”
that means “Greater than or equal to”.

(objectCategory=user)(badPwdCount>=2)

 

Find all Computers
that do not have a Description

(objectCategory=computer)(!description=*)

 

Find all users with
Hidden Mailboxes

(&(objectCategory=person)(objectClass=user)(msExchHideFromAddressLists=TRUE))

 

Find all Windows
2000 SP4 computers

(&(&(&(objectCategory=Computer)(operatingSystem=Windows
2000 Professional)(operatingSystemServicePack=Service Pack 4))))

 

Find all Windows XP
SP2 computers

(&(&(&(&(&(&(&(objectCategory=Computer)(operatingSystem=Windows
XP Professional)(operatingSystemServicePack=Service Pack 2))))))))

 

Find all Windows XP
SP3 computers

(&(&(&(&(&(&(&(objectCategory=Computer)(operatingSystem=Windows
XP Professional)(operatingSystemServicePack=Service Pack 3))))))))

 

Find all Vista SP1
computers

(&(&(&(&(sAMAccountType=805306369)(objectCategory=computer)(operatingSystem=Windows
Vista*)(operatingSystemServicePack=Service Pack 1)))))

 

Find All
Workstations

(sAMAccountType=805306369)

 

Find all 2003
Servers Non-DCs

(&(&(&(samAccountType=805306369)(!(primaryGroupId=516)))(objectCategory=computer)(operatingSystem=Windows
Server 2003*)))

 

Find all 2003
Servers – DCs

(&(&(&(samAccountType=805306369)(primaryGroupID=516)(objectCategory=computer)(operatingSystem=Windows
Server 2003*))))

 

Find all Server 2008

(&(&(&(&(samAccountType=805306369)(!(primaryGroupId=516)))(objectCategory=computer)(operatingSystem=Windows
Server 2008*))))

Leave a Reply

Your email address will not be published.