Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 5148
  • Last Modified:

LDAP query for computer in specific OU

I want to run an LDAP query that will return me a list of computers in a specific OU.
If it matters I'm running the search through the Dell Kace software.

I can run this query which returns me all computers that start with NY-
(&(objectCategory=computer)(CN=NY-*))

I want to return all computers in the following location
OU=Accounting,OU=New York City,OU=WORKSTATIONS

I'm not having any luck combining the search variables to return all computers starting with NY- in the Accounting OU
0
Crucio606
Asked:
Crucio606
3 Solutions
 
Chad FranksCommented:
This exact question was answered from a previous EE post:

http://www.experts-exchange.com/Software/Server_Software/Active_Directory/Q_23543128.html
0
 
Crucio606Author Commented:
Unfortunately this doesn't apply to me and I'm not running it via script but using Kace's search and filter fields.

The Kace search will work and do all the recursive work, I just need the correct variables.
0
 
Joshua GrantomSenior EngineerCommented:
(&(objectCategory=computer)(CN=NY-*)(OU=Accounting,OU=New York City,OU=WORKSTATIONS,DC=DOMAINNAME,DC=LOCAL))
0
Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

 
Joshua GrantomSenior EngineerCommented:
It may be the other way around depending on how your AD Tree looks

(&(objectCategory=computer)(CN=NY-*)(OU=WORKSTATIONS,OU=New York City,OU=ACCOUNTING,DC=YOURDOMAINNAME,DC=LOCAL))

A screenshot of the tree from Active Directory Users and Computers would help me get the ldap query perfect
0
 
ldrose537Commented:
Crucio606,

If you have already seen the following, I apologize, but I thought it was potentially relevant:

https://www.kace.com/support/resources/kb/article/~/media/Files/Support/Knowledge-Base/KACE%20Appliance%20LDAP%20Reference%20Guide.ashx

Based on what I recall about Distinguished Name paths, theoretically you would just have to replace
"CN=NY-*" with the full DN path, minus the base DN if I'm reading the Kase info correctly. However, I have not worked with Kase, so I'm not 100% positive.

This however, I do know:
so for example if a full DN is
OU=LocationA, OU=Computers, DC=fabrikam, DC=local, then the portion you need is "OU=LocationA, OU=Computers" because the base is DC=fabrikam, DC=local.

Also a side note: take a look at the icon in AD - is the 'container' really an OU (picture of a directory inside) or just a container (Plain old folder). If it is a plain old folder, it would be CN=Computer, if it has an image of a directory/phonebook, it would be OU=Computer.
(CN stands for common name, OU stands for organizational unit, DC stands for domain component)
C--Users-lrose-Pictures-OUvsContainer.pn
0
 
Crucio606Author Commented:
The solution ended up being pretty simple but it took their support pretty damn long to figure it out.

So what you posted: OU=Accounting,OU=New York City,OU=WORKSTATIONS,DC=DOMAINNAME,DC=LOCAL
was totally correct but I had to add a Kace specific search filter to pick out only computers:

(name=KBOX_COMPUTER_NAME)

Thanks for all the info, it def pointed me in the right direction
0
 
Joshua GrantomSenior EngineerCommented:
Good to know! DELL is at it again lol
0
 
Crucio606Author Commented:
I was required to use a Kace specific search string to finally get it to pull the computesr
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now