Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Active Directory Query for "Non-Disabled Computers"& Expanded Query by Partial Computer Name *lt*

Posted on 2009-04-29
1
Medium Priority
?
2,115 Views
Last Modified: 2012-05-06
I need to adjust my LDAP query so that I get only computers that are not disabled.

The query I use to return only disabled workstations is (&(objectCategory=computer)(userAccountControl:1.2.840.113556.1.4.803:=2))

I need the exact same query, but in reverse so I get only the "non-disabled" workstations.

I also need to expand the query so that I can specify a partial computer name and get all the non-disabled computers that have the partial name *lt*
0
Comment
Question by:ACECORP
1 Comment
 
LVL 57

Accepted Solution

by:
Mike Kline earned 500 total points
ID: 24262359
(&(objectCategory=computer)(!userAccountControl:1.2.840.113556.1.4.803:=2)(name=*lt*))
Some comments,
This is not going to be an efficient query.  First because the ! is used (not).  Generally it is best to avoid those and the *text* string is also not efficient
http://msdn.microsoft.com/en-us/library/ms808539.aspx#efficientadapps_topic01kk
  • Avoid using the logical NOT operator
    Avoid using the logical NOT operator because the query processor returns objects that you do not have access to or specific attributes that do not have a value. The query processor considers those objects and attributes as satisfying the query.  

  • Do not perform medial searches on attributes without medial indices
    Place wildcards at the end of, rather than at the beginning of, the search string. For example, use cn=smi* instead of cn=*hill* or cn=*mith. The standard indexes that were introduced with Windows 2000 are only useful for substring or exact match queries. If you want to perform medial searches, then you need to create a medial index on the attribute that will be part of a filter. The creation of a medial index is described later in this document.
If you are only using this query once or twice you won't kill the performance of AD but if you are going to use it in some applications and doing it on a massive scale then you could run into issues.  You can also enable certain logging levels to help you identify those.  For more on field engineering logging see the recommendation here:
http://adisfun.blogspot.com/2009/04/lessons-learned-from-eric-fleischman.html
Thanks
Mike
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

581 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question