Skip to content
Tech Shizz Logo

An Engineers Blog

  • TechShizz
  • blog

LDAP Queries for Users and Computers Snap-in mmc.exe

Posted on February 23, 2021 By rich No Comments on LDAP Queries for Users and Computers Snap-in mmc.exe

Find Groups that
contains the word admin

(objectcategory=group)(samaccountname=*admin*)

Find users who have
admin in description field

(objectcategory=person)(description=*admin*)

Find all Universal
Groups

(groupType:1.2.840.113556.1.4.803:=8)

Empty Groups with No
Members

(objectCategory=group)(!member=*)

Find all User with
the name Bob

(objectcategory=person)(samaccountname=*Bob*)

Find user accounts
with passwords set to never expire

(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=65536)

Find all users that
never log in to domain

(&(&(objectCategory=person)(objectClass=user))(|(lastLogon=0)(!(lastLogon=*))))

 

Find user accounts
with no log on script

(objectcategory=person)(!scriptPath=*)

 

Find user accounts
with no profile path

(objectcategory=person)(!profilepath=*)

 

Finds non disabled
accounts that must change their password at next logon

(objectCategory=person)(objectClass=user)(pwdLastSet=0)(!useraccountcontrol:1.2.840.113556.1.4.803:=2)

 

Finds all disabled
accounts in active directory

(objectCategory=person)(objectClass=user)(!useraccountcontrol:1.2.840.113556.1.4.803:=2)

 

Finds all locked out
accounts

(objectCategory=person)(objectClass=user)(useraccountcontrol:1.2.840.113556.1.4.803:=16)

 

Finds Domain Local
Groups

(groupType:1.2.840.113556.1.4.803:=4)

 

Finds all Users with
Email Address set

(objectcategory=person)(mail=*)

 

Finds all Users with
no Email Address

(objectcategory=person)(!mail=*)

 

Find all Users,
Groups or Contacts where Company or Description is Contractors

(|(objectcategory=user)(objectcategory=group)(objectcategory=contact))(|(description=North*)(company=Contractors*))

 

Find all Users with
Mobile numbers 712 or 155

(objectcategory=user)(|(mobile=712*)(mobile=155*))

 

Find all Users with
Dial-In permissions

(objectCategory=user)(msNPAllowDialin=TRUE)

 

Find All printers
with Color printing capability

Note: server name
must be changed

(&(&(&(uncName=*Servername*)(objectCategory=printQueue)(printColor=TRUE))))

 

Find Users Mailboxes
Overriding Exchange Size Limit Policies

(&(&(&objectCategory=user)(mDBUseDefaults=FALSE)))

 

Find all Users that
need to change password on next login.

(&(objectCategory=user)(pwdLastSet=0))

 

Find all Users that
are almost Locked-Out

Notice the “>=”
that means “Greater than or equal to”.

(objectCategory=user)(badPwdCount>=2)

 

Find all Computers
that do not have a Description

(objectCategory=computer)(!description=*)

 

Find all users with
Hidden Mailboxes

(&(objectCategory=person)(objectClass=user)(msExchHideFromAddressLists=TRUE))

 

Find all Windows
2000 SP4 computers

(&(&(&(objectCategory=Computer)(operatingSystem=Windows
2000 Professional)(operatingSystemServicePack=Service Pack 4))))

 

Find all Windows XP
SP2 computers

(&(&(&(&(&(&(&(objectCategory=Computer)(operatingSystem=Windows
XP Professional)(operatingSystemServicePack=Service Pack 2))))))))

 

Find all Windows XP
SP3 computers

(&(&(&(&(&(&(&(objectCategory=Computer)(operatingSystem=Windows
XP Professional)(operatingSystemServicePack=Service Pack 3))))))))

 

Find all Vista SP1
computers

(&(&(&(&(sAMAccountType=805306369)(objectCategory=computer)(operatingSystem=Windows
Vista*)(operatingSystemServicePack=Service Pack 1)))))

 

Find All
Workstations

(sAMAccountType=805306369)

 

Find all 2003
Servers Non-DCs

(&(&(&(samAccountType=805306369)(!(primaryGroupId=516)))(objectCategory=computer)(operatingSystem=Windows
Server 2003*)))

 

Find all 2003
Servers – DCs

(&(&(&(samAccountType=805306369)(primaryGroupID=516)(objectCategory=computer)(operatingSystem=Windows
Server 2003*))))

 

Find all Server 2008

(&(&(&(&(samAccountType=805306369)(!(primaryGroupId=516)))(objectCategory=computer)(operatingSystem=Windows
Server 2008*))))

Post navigation

❮ Previous Post: Configure Trusted Time Source
Next Post: WMI Failed Error ❯

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors

Subscribe to our newsletter!

Recent Posts

  • How to implement a lightning-fast ransomware playbook
  • How to achieve defence in depth in your business
  • How to implement a SecOps team phishing response plan
  • How to block an Office 365 Sign-in correctly
  • Microsoft finally patched serious Exchange 0-day over a month old!

Recent Comments

    Archives

    • November 2022
    • July 2021
    • March 2021
    • February 2021

    Categories

    • Cyber Security
    • Uncategorized

    Meta

    • Log in
    • Entries feed
    • Comments feed
    • WordPress.org

    Copyright © 2023 .

    Theme: Oceanly News Dark by ScriptsTown