LDAP Query for all active users

모든 응답

• 

  

  4

  로그인하여 투표

  Hello,

   

  You can use this LDAP filter:

  (&(objectCategory=person)(objectClass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2))

   

  More example:

  Active Directory: LDAP Syntax Filters (Richard Mueller - MVP)

   

  Regards

  • 답변으로 제안됨 Richard MuellerMVP, Banned 2012년 1월 9일 월요일 오후 11:59

  2012년 1월 9일 월요일 오후 10:05
• 

  

  0

  로그인하여 투표

  Thanks for the query and the link.  I had tried using  (objectCategory=person)(!userAccountControl:1.2.840.113556.1.4.803:=2) But it was returning over 1000 objects, which included non-user objects.  Wasn't sure how to remove everything except users.  I'll have to go through that link and try to figure some of this out. 

  2012년 1월 10일 화요일 오후 2:02
• 

  

  0

  로그인하여 투표

  Hello,

  you have not use the objectClass "(objectClass=user)" as mentioned or did you modified it?

  ---

  Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

  • 답변으로 제안됨 Santhosh Sivarajan-MVP 2012년 1월 10일 화요일 오후 3:24

  2012년 1월 10일 화요일 오후 2:05
• 

  

  0

  로그인하여 투표

  What do you mean by “active sign other than User accounts that have an active sign on”

  You can get all enabled users by using above LDAP syntax. 

  ---

  Santhosh Sivarajan | MCTS, MCSE (W2K3/W2K/NT4), MCSA (W2K3/W2K/MSG), CCNA, Network+| Houston, TX
  Blogs - http://blogs.sivarajan.com/
  
  
  
  This posting is provided AS IS with no warranties,and confers no rights.

  2012년 1월 10일 화요일 오후 3:25
• 

  

  0

  로그인하여 투표

  Is there a powershell command that can be ran instead?  I'd like to find active users in a particular OU.  Any thoughts?

  2012년 1월 10일 화요일 오후 4:55
• 

  

  0

  로그인하여 투표

  This worked perfectly... thank you for your help!

  2012년 1월 10일 화요일 오후 6:05
• 

  

  0

  로그인하여 투표

  Here is the PowerShell way to do this which can be way more flexible when needed.

  $sb='CN=Computers,dc=TestNet,dc=local'
  $targetPath='ou=testou,dc=TestNet,dc=local'
  
  Get-ADcomputer -SearchBase $sb -LDAPFilter '(userAccountControl:1.2.840.113556.1.4.803:=2)' |
       Move-ADObject -TargetPath $targetPath -whatif

  
  

  ---

  ¯\_(ツ)_/¯

  2014년 9월 20일 토요일 오후 3:21
• 

  

  0

  로그인하여 투표

  I used the dsquery and needed to use "-Limit 1000" option because I had more than 100 responses. If you just need a quick count you can just pipe it to find /c "=" to get an count. You need to subtract one due to the first line not being an active user, it is just a header with the query criteria.

  Thanks for the help.

   David Tersigni

  2016년 3월 2일 수요일 오전 3:12
• 

  

  0

  로그인하여 투표

  (&(objectCategory=person)(objectClass=user)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))

  2018년 2월 22일 목요일 오후 7:47
• 

  

  0

  로그인하여 투표

  Hi, the query string you provided

  (&(objectCategory=person)(objectClass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2))

  was not recognized as a valid query string by the Advanced query filter in the interactive ADUC filter dialog.
  

  
  

  
  

  • 편집됨 Spencer Simpson 2020년 4월 10일 금요일 오후 2:15

  2020년 4월 10일 금요일 오후 2:14
• 

  

  0

  로그인하여 투표

  Hi, the query string you provided

  (&(objectCategory=person)(objectClass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2))

  was not recognized as a valid query string by the Advanced query filter in the interactive ADUC filter dialog.
  

  
  

  
  

  Please don't reopen old topics.  The filter works fine in ADUC and is used commonly.

  ---

  \_(ツ)_/

  2020년 4월 10일 금요일 오후 2:33