Find Groups that
contains the word admin
(objectcategory=group)(samaccountname=*admin*)
Find users who have
admin in description field
(objectcategory=person)(description=*admin*)
Find all Universal
Groups
(groupType:1.2.840.113556.1.4.803:=8)
Empty Groups with No
Members
(objectCategory=group)(!member=*)
Find all User with
the name Bob
(objectcategory=person)(samaccountname=*Bob*)
Find user accounts
with passwords set to never expire
(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=65536)
Find all users that
never log in to domain
(&(&(objectCategory=person)(objectClass=user))(|(lastLogon=0)(!(lastLogon=*))))
Find user accounts
with no log on script
(objectcategory=person)(!scriptPath=*)
Find user accounts
with no profile path
(objectcategory=person)(!profilepath=*)
Finds non disabled
accounts that must change their password at next logon
(objectCategory=person)(objectClass=user)(pwdLastSet=0)(!useraccountcontrol:1.2.840.113556.1.4.803:=2)
Finds all disabled
accounts in active directory
(objectCategory=person)(objectClass=user)(!useraccountcontrol:1.2.840.113556.1.4.803:=2)
Finds all locked out
accounts
(objectCategory=person)(objectClass=user)(useraccountcontrol:1.2.840.113556.1.4.803:=16)
Finds Domain Local
Groups
(groupType:1.2.840.113556.1.4.803:=4)
Finds all Users with
Email Address set
(objectcategory=person)(mail=*)
Finds all Users with
no Email Address
(objectcategory=person)(!mail=*)
Find all Users,
Groups or Contacts where Company or Description is Contractors
(|(objectcategory=user)(objectcategory=group)(objectcategory=contact))(|(description=North*)(company=Contractors*))
Find all Users with
Mobile numbers 712 or 155
(objectcategory=user)(|(mobile=712*)(mobile=155*))
Find all Users with
Dial-In permissions
(objectCategory=user)(msNPAllowDialin=TRUE)
Find All printers
with Color printing capability
Note: server name
must be changed
(&(&(&(uncName=*Servername*)(objectCategory=printQueue)(printColor=TRUE))))
Find Users Mailboxes
Overriding Exchange Size Limit Policies
(&(&(&objectCategory=user)(mDBUseDefaults=FALSE)))
Find all Users that
need to change password on next login.
(&(objectCategory=user)(pwdLastSet=0))
Find all Users that
are almost Locked-Out
Notice the >=
that means Greater than or equal to.
(objectCategory=user)(badPwdCount>=2)
Find all Computers
that do not have a Description
(objectCategory=computer)(!description=*)
Find all users with
Hidden Mailboxes
(&(objectCategory=person)(objectClass=user)(msExchHideFromAddressLists=TRUE))
Find all Windows
2000 SP4 computers
(&(&(&(objectCategory=Computer)(operatingSystem=Windows
2000 Professional)(operatingSystemServicePack=Service Pack 4))))
Find all Windows XP
SP2 computers
(&(&(&(&(&(&(&(objectCategory=Computer)(operatingSystem=Windows
XP Professional)(operatingSystemServicePack=Service Pack 2))))))))
Find all Windows XP
SP3 computers
(&(&(&(&(&(&(&(objectCategory=Computer)(operatingSystem=Windows
XP Professional)(operatingSystemServicePack=Service Pack 3))))))))
Find all Vista SP1
computers
(&(&(&(&(sAMAccountType=805306369)(objectCategory=computer)(operatingSystem=Windows
Vista*)(operatingSystemServicePack=Service Pack 1)))))
Find All
Workstations
(sAMAccountType=805306369)
Find all 2003
Servers Non-DCs
(&(&(&(samAccountType=805306369)(!(primaryGroupId=516)))(objectCategory=computer)(operatingSystem=Windows
Server 2003*)))
Find all 2003
Servers DCs
(&(&(&(samAccountType=805306369)(primaryGroupID=516)(objectCategory=computer)(operatingSystem=Windows
Server 2003*))))
Find all Server 2008
(&(&(&(&(samAccountType=805306369)(!(primaryGroupId=516)))(objectCategory=computer)(operatingSystem=Windows
Server 2008*))))