Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

LDAP Query for Active Users -

3,263 views
Skip to first unread message

WILDPACKET

unread,
Nov 30, 2007, 12:36:05 PM11/30/07
to
Hi All,

Looking for an LDAP Query to pull out Active Users with and without email
address from an OU. Here is an idea of our OU lay out.

Root Domain OU.
| |___OU1
| |______OU2
| |_______OU3 and so on.
|
|
|
|
|
|_____Other OUA
|________Other OUB and so on

I want to pull out a list of all the active users with and without email
addresses from the OU1 and all the OU beneth it only?

I have this query but this pulls all the users with emails only and from all
over the AD, so this does not help me.......:

(&(objectClass=user)(homeMDB=*)(!userAccountControl:1.2.840.113556.1.4.803:=2))

Advise Please.

Thank you


Bharat Suneja [MVP]

unread,
Nov 30, 2007, 1:18:32 PM11/30/07
to
How you set the ADSI search path will depend on what you're using the query
in...
- ADUC saved queries
- LDIFDE/CSVDE
- VBScript or other code using ADSI


--
Bharat Suneja
MVP - Exchange
www.zenprise.com
NEW blog location:
exchangepedia.com/blog
----------------------------------------------


"WILDPACKET" <WILDP...@discussions.microsoft.com> wrote in message
news:49DC3EB7-C800-4D04...@microsoft.com...

Ed Crowley [MVP]

unread,
Nov 30, 2007, 2:39:58 PM11/30/07
to
The query you've posted is only part of the LDAP query, it's the search
filter part. And I'm not sure that it does what you want it to do.

(&(objectClass=user)(homeMDB=*)(!userAccountControl:1.2.840.113556.1.4.803:=2))

This will return all non-disabled users with an Exchange mailbox. It does
not return "all users without an e-mail address", since users can have
e-mail addresses with no mailbox. A full LDAP query for your stated purpose
would be something like this (all should be on one line):

LDAP://dc.company.com/ou=OU1,ou=Root Domain OU.,dc=domain,dc=com;
(&(objectCategory=person)(objectClass=user)(!proxyAddresses=*));distinguishedName;subtree

This would query domain controller dc.company.com for all users without an
e-mail address in the organizational unit "Root Domain OU.\OU1" and its
child OUs, returning the distinguished name attribute.
--
Ed Crowley
MVP - Exchange
"Protecting the world from PSTs and brick backups!"

"WILDPACKET" <WILDP...@discussions.microsoft.com> wrote in message
news:49DC3EB7-C800-4D04...@microsoft.com...

WILDPACKET

unread,
Nov 30, 2007, 3:17:01 PM11/30/07
to

Thank you for your respose.

I ran the query from my PDC by creating a new query under my Saved Quries
and when create the new query I selected the Query Root to my OU1 and
selected the Include Subcontainers option and select the Custom Search and
pasted the following

(&(objectCategory=person)(objectClass=user)(!proxyAddresses=*));distinguishedName;subtree

but gives me an error about bad string?

Advise Please.

Thank you.

and paste this

Bharat Suneja [MVP]

unread,
Nov 30, 2007, 4:39:30 PM11/30/07
to
As I posted earlier, it depends on the method you use - script, ADUC saved
queries, LDIFDE/CSVDE, etc.

For ADUC, remove the following part from Ed's query string:
;distinguishedName;subtree

The above specifies what attribute to get in the cache (allows you to bind
to those users in scripts and then get additional attributes).
The "subtree" part specifies whether to get objects from the immediate child
objects of the container/OU or include objects from child containers/OUs
under the selected container/OU.

If you use the following in Saved Queries, it should work:
(&(objectCategory=person)(objectClass=user)(!proxyAddresses=*))

To exclude disabled users:
(&(objectCategory=person)(objectClass=user)(!proxyAddresses=*)(!userAccountControl:1.2.840.113556.1.4.803:=2))

--
Bharat Suneja
MVP - Exchange
www.zenprise.com
NEW blog location:
exchangepedia.com/blog
----------------------------------------------

"WILDPACKET" <WILDP...@discussions.microsoft.com> wrote in message

news:063322C1-65DC-4D85...@microsoft.com...

0 new messages