Solved

LDAP query for computer in specific OU

Posted on 2014-09-12
8
2,066 Views
Last Modified: 2016-11-23
I want to run an LDAP query that will return me a list of computers in a specific OU.
If it matters I'm running the search through the Dell Kace software.

I can run this query which returns me all computers that start with NY-
(&(objectCategory=computer)(CN=NY-*))

I want to return all computers in the following location
OU=Accounting,OU=New York City,OU=WORKSTATIONS

I'm not having any luck combining the search variables to return all computers starting with NY- in the Accounting OU
0
Comment
Question by:Crucio606
8 Comments
 
LVL 6

Expert Comment

by:Chad Franks
ID: 40319856
This exact question was answered from a previous EE post:

http://www.experts-exchange.com/Software/Server_Software/Active_Directory/Q_23543128.html
0
 

Author Comment

by:Crucio606
ID: 40319912
Unfortunately this doesn't apply to me and I'm not running it via script but using Kace's search and filter fields.

The Kace search will work and do all the recursive work, I just need the correct variables.
0
 
LVL 16

Assisted Solution

by:Joshua Grantom
Joshua Grantom earned 250 total points
ID: 40319963
(&(objectCategory=computer)(CN=NY-*)(OU=Accounting,OU=New York City,OU=WORKSTATIONS,DC=DOMAINNAME,DC=LOCAL))
0
 
LVL 16

Expert Comment

by:Joshua Grantom
ID: 40319980
It may be the other way around depending on how your AD Tree looks

(&(objectCategory=computer)(CN=NY-*)(OU=WORKSTATIONS,OU=New York City,OU=ACCOUNTING,DC=YOURDOMAINNAME,DC=LOCAL))

A screenshot of the tree from Active Directory Users and Computers would help me get the ldap query perfect
0
 
LVL 1

Assisted Solution

by:ldrose537
ldrose537 earned 250 total points
ID: 40320011
Crucio606,

If you have already seen the following, I apologize, but I thought it was potentially relevant:

https://www.kace.com/support/resources/kb/article/~/media/Files/Support/Knowledge-Base/KACE%20Appliance%20LDAP%20Reference%20Guide.ashx

Based on what I recall about Distinguished Name paths, theoretically you would just have to replace
"CN=NY-*" with the full DN path, minus the base DN if I'm reading the Kase info correctly. However, I have not worked with Kase, so I'm not 100% positive.

This however, I do know:
so for example if a full DN is
OU=LocationA, OU=Computers, DC=fabrikam, DC=local, then the portion you need is "OU=LocationA, OU=Computers" because the base is DC=fabrikam, DC=local.

Also a side note: take a look at the icon in AD - is the 'container' really an OU (picture of a directory inside) or just a container (Plain old folder). If it is a plain old folder, it would be CN=Computer, if it has an image of a directory/phonebook, it would be OU=Computer.
(CN stands for common name, OU stands for organizational unit, DC stands for domain component)
C--Users-lrose-Pictures-OUvsContainer.pn
0
 

Accepted Solution

by:
Crucio606 earned 0 total points
ID: 40392973
The solution ended up being pretty simple but it took their support pretty damn long to figure it out.

So what you posted: OU=Accounting,OU=New York City,OU=WORKSTATIONS,DC=DOMAINNAME,DC=LOCAL
was totally correct but I had to add a Kace specific search filter to pick out only computers:

(name=KBOX_COMPUTER_NAME)

Thanks for all the info, it def pointed me in the right direction
0
 
LVL 16

Expert Comment

by:Joshua Grantom
ID: 40392983
Good to know! DELL is at it again lol
0
 

Author Closing Comment

by:Crucio606
ID: 40403695
I was required to use a Kace specific search string to finally get it to pull the computesr
0

Join & Write a Comment

I was supporting a handful of Windows 2008 (non-R2) 2 node clusters with shared quorum disks. Some had SQL 2008 installed and some were just a vendor application that we supported. For the purposes of this article it doesn’t really matter which so w…
New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now