How to structure an LDAP query to return computer objects within a specific Orgazinational Unit

A similar question was responded to that asked how to find all computers in AD running a specific operating system:

Open in new window

I am attempting to restrict the results for the Volume Activation Management Tool to update Office licenses. I'd like to return a subset of these computers within a specific OU structure:[computerObjectsAreHere]

This keeps returning, "The search filter is invalid.":

Open in new window

How would the LDAP filter be correctly structured?
Who is Participating?
The structure of the LDAP URL is as defined here:

You put the lowest object in the URL first:

Or more formally, as an example:

Where the server name: is the server name

The Port:

The the Fully Distiguished path to the object of the ssearch:

The ObjectClass:

The Scope:

The Query:

Here are some queries for computers at type and OS versions:
you might be missing a ?


Open in new window

cyclechipAuthor Commented:
Hi umeli. I believe the use of "domain??sub?" in the related question were just placeholders for the actual domain names. I don't see any reference to question marks in any available LDAP documentation.
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

cyclechipAuthor Commented:
I just learned on Wikipedia that the double question mark is part of a legitimate LDAP query (along with a triple forward-slash.) But this doesn't address the problem which, according to the error message, is in the filter and not in the 'server identity' part of the query.
cyclechipAuthor Commented:
I'm getting there. I didn't initially notice that the word domain?? in the linked solution is in italics, indicating that I put in my domain name there, and leave sub?? alone. With this I got a listing of all my computers:

Open in new window

But I'm still unable to specify which OU I want to search...
cyclechipAuthor Commented:
Found the solution to what I was looking for. Turns out you do need to specify a specific domain controller by its DNS entry, and I didn’t realize I had to include the FQDN in the connection string. The working query was:

Open in new window

cyclechipAuthor Commented:
I've requested that this question be closed as follows:

Accepted answer: 0 points for cyclechip's comment http:/Q_27517742.html#37400110

for the following reason:

This response answered the original question directly. I intend to add an 'assist' for the other response.
cyclechipAuthor Commented:
Just trying to assign an assist to jwilleke since the info was good but lacked the necessary syntax for the VAMT.
cyclechipAuthor Commented:
jwilleke provided accurate information for an LDAP query, then I posted the solution for plugging it into the VAMT.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.