How to structure an LDAP query to return computer objects within a specific Orgazinational Unit

A similar question was responded to that asked how to find all computers in AD running a specific operating system:
LDAP://domain??sub?(&(objectClass=computer)(operatingSystemVersion=6*))

Open in new window


I am attempting to restrict the results for the Volume Activation Management Tool to update Office licenses. I'd like to return a subset of these computers within a specific OU structure:
domain.com/subOU/Computers/[computerObjectsAreHere]

This keeps returning, "The search filter is invalid.":
LDAP://domain.com/CN=Computers,OU=subOU(&(objectClass=computer)(operatingSystemVersion=6*))

Open in new window

How would the LDAP filter be correctly structured?
LVL 2
cyclechipAsked:
Who is Participating?
 
jwillekeCommented:
The structure of the LDAP URL is as defined here:
http://ldapwiki.willeke.com/wiki/LDAP%20URL

You put the lowest object in the URL first:
LDAP://domain.com/OU=subOU,CN=Computers

Or more formally, as an example:
¿ldap://laura.willeke.com:389/CN=Computers,DC=mad,DC=willeke,DC=com?objectClass?sub?

Where the server name:
 laura.willeke.com is the server name

The Port:
 :389

The the Fully Distiguished path to the object of the ssearch:
 /CN=Computers,DC=mad,DC=willeke,DC=com?objectClass?sub?

The ObjectClass:
?objectClass

The Scope:
?sub

The Query:
?(&(&(&(samAccountType=805306369)(!(primaryGroupId=516)))(objectCategory=computer)(operatingSystem=Windows%20Server%202003*)))

Here are some queries for computers at type and OS versions:
http://ldapwiki.willeke.com/wiki/Active%20Directory%20Computer%20Related%20Searches
0
 
umeliCommented:
Hi
you might be missing a ?

LDAP://domain.com/CN=Computers,OU=subOU??sub?(&(objectClass=computer)(operatingSystemVersion=6*))

Open in new window

0
 
cyclechipAuthor Commented:
Hi umeli. I believe the use of "domain??sub?" in the related question were just placeholders for the actual domain names. I don't see any reference to question marks in any available LDAP documentation.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
cyclechipAuthor Commented:
I just learned on Wikipedia that the double question mark is part of a legitimate LDAP query (along with a triple forward-slash.) But this doesn't address the problem which, according to the error message, is in the filter and not in the 'server identity' part of the query.
0
 
cyclechipAuthor Commented:
I'm getting there. I didn't initially notice that the word domain?? in the linked solution is in italics, indicating that I put in my domain name there, and leave sub?? alone. With this I got a listing of all my computers:
LDAP://[i]myDomain[/i]??sub?(&(objectClass=computer)(operatingSystemVersion=6*))

Open in new window

But I'm still unable to specify which OU I want to search...
0
 
cyclechipAuthor Commented:
Found the solution to what I was looking for. Turns out you do need to specify a specific domain controller by its DNS entry, and I didn’t realize I had to include the FQDN in the connection string. The working query was:
LDAP://dc1.domain.com/OU=subOU,OU=parentOU,DC=domain,DC=com??sub?(&(objectClass=computer)(operatingSystemVersion=6*))

Open in new window

                                                 
0
 
cyclechipAuthor Commented:
I've requested that this question be closed as follows:

Accepted answer: 0 points for cyclechip's comment http:/Q_27517742.html#37400110

for the following reason:

This response answered the original question directly. I intend to add an 'assist' for the other response.
0
 
cyclechipAuthor Commented:
Just trying to assign an assist to jwilleke since the info was good but lacked the necessary syntax for the VAMT.
0
 
cyclechipAuthor Commented:
jwilleke provided accurate information for an LDAP query, then I posted the solution for plugging it into the VAMT.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.