Solved

Running custom LDAP query in AD

Posted on 2011-02-23
4
742 Views
Last Modified: 2013-12-24
Hi

We're running AD 2008 with 2008 Server member servers too. For some users we have a custom application that sets special AD attributes, these attributes are named

"customSync" - possible values YES, NO, SP1
"customEmail" - possible values PARTNER, SMTP1, SMTP2

What I'd like to do is run a query in AD to find users with some of these values, as below:

1. customSync=SP1
2. customEmail = SMTP1
3. customSync=YES *and* customEmail=SMTP2
4. customSync=YES *or& customEmail=SMTP2

I'd like to use ADUC to do this. I guess I can create a query within there, but after that I'm lost? All I can see is how to set queries for existing attributes (e.g. display name).

Could someone advise? I guess I need to run some sort of Custom Query but am not sure of which one and also the syntax to use for the four situations above.


0
Comment
Question by:kam_uk
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 27

Accepted Solution

by:
KenMcF earned 500 total points
ID: 34964435
You would need to create a custum Query. Do this by selecting new query and when you define the query select Custom search from the drop down.

the query should be

(&(objectcategory=person)(objectclass=user)(customSync=SP1))

(&(objectcategory=person)(objectclass=user)(customEMail=SMTP1))

(&(objectcategory=person)(objectclass=user)(customSync=YES)(customEMail=SMTP2))

(&(objectcategory=person)(objectclass=user)(|(customSync=YES)(customEMail=SMTP2)))
0
 
LVL 27

Expert Comment

by:KenMcF
ID: 34964461
Also here is a link that explains the queries

http://technet.microsoft.com/en-us/library/aa996205(EXCHG.65).aspx
0
 
LVL 3

Author Comment

by:kam_uk
ID: 34964488
Thanks!

And, instead of users only, I just wanted all objects returned for those results I wanted, would it be:

1. (customSync=SP1)
2. (customEMail=SMTP1)
3. (&(customSync=YES)(customEMail=SMTP2))
4. ??

or for #1, #2 can I omit the brackets? [the link you gave me does always have brackets though)
0
 
LVL 27

Expert Comment

by:KenMcF
ID: 34964535
Depending on how many objects you have in your AD these will not be effecient searches becuase I am assuming these attributes are not indexed. You could run them as you have listed but understand this could put some overhead on your DC when running the query.
1 & 2 need to have the ()
4 wound be
(|(customSync=YES)(customEMail=SMTP2))
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question