Improve company productivity with a Business Account.Sign Up

x
?
Solved

LDAP query for computer in specific OU

Posted on 2014-09-12
8
Medium Priority
?
6,688 Views
Last Modified: 2016-11-23
I want to run an LDAP query that will return me a list of computers in a specific OU.
If it matters I'm running the search through the Dell Kace software.

I can run this query which returns me all computers that start with NY-
(&(objectCategory=computer)(CN=NY-*))

I want to return all computers in the following location
OU=Accounting,OU=New York City,OU=WORKSTATIONS

I'm not having any luck combining the search variables to return all computers starting with NY- in the Accounting OU
0
Comment
Question by:Crucio606
8 Comments
 
LVL 6

Expert Comment

by:Chad Franks
ID: 40319856
This exact question was answered from a previous EE post:

http://www.experts-exchange.com/Software/Server_Software/Active_Directory/Q_23543128.html
0
 

Author Comment

by:Crucio606
ID: 40319912
Unfortunately this doesn't apply to me and I'm not running it via script but using Kace's search and filter fields.

The Kace search will work and do all the recursive work, I just need the correct variables.
0
 
LVL 16

Assisted Solution

by:Joshua Grantom
Joshua Grantom earned 1000 total points
ID: 40319963
(&(objectCategory=computer)(CN=NY-*)(OU=Accounting,OU=New York City,OU=WORKSTATIONS,DC=DOMAINNAME,DC=LOCAL))
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
LVL 16

Expert Comment

by:Joshua Grantom
ID: 40319980
It may be the other way around depending on how your AD Tree looks

(&(objectCategory=computer)(CN=NY-*)(OU=WORKSTATIONS,OU=New York City,OU=ACCOUNTING,DC=YOURDOMAINNAME,DC=LOCAL))

A screenshot of the tree from Active Directory Users and Computers would help me get the ldap query perfect
0
 
LVL 1

Assisted Solution

by:ldrose537
ldrose537 earned 1000 total points
ID: 40320011
Crucio606,

If you have already seen the following, I apologize, but I thought it was potentially relevant:

https://www.kace.com/support/resources/kb/article/~/media/Files/Support/Knowledge-Base/KACE%20Appliance%20LDAP%20Reference%20Guide.ashx

Based on what I recall about Distinguished Name paths, theoretically you would just have to replace
"CN=NY-*" with the full DN path, minus the base DN if I'm reading the Kase info correctly. However, I have not worked with Kase, so I'm not 100% positive.

This however, I do know:
so for example if a full DN is
OU=LocationA, OU=Computers, DC=fabrikam, DC=local, then the portion you need is "OU=LocationA, OU=Computers" because the base is DC=fabrikam, DC=local.

Also a side note: take a look at the icon in AD - is the 'container' really an OU (picture of a directory inside) or just a container (Plain old folder). If it is a plain old folder, it would be CN=Computer, if it has an image of a directory/phonebook, it would be OU=Computer.
(CN stands for common name, OU stands for organizational unit, DC stands for domain component)
C--Users-lrose-Pictures-OUvsContainer.pn
0
 

Accepted Solution

by:
Crucio606 earned 0 total points
ID: 40392973
The solution ended up being pretty simple but it took their support pretty damn long to figure it out.

So what you posted: OU=Accounting,OU=New York City,OU=WORKSTATIONS,DC=DOMAINNAME,DC=LOCAL
was totally correct but I had to add a Kace specific search filter to pick out only computers:

(name=KBOX_COMPUTER_NAME)

Thanks for all the info, it def pointed me in the right direction
0
 
LVL 16

Expert Comment

by:Joshua Grantom
ID: 40392983
Good to know! DELL is at it again lol
0
 

Author Closing Comment

by:Crucio606
ID: 40403695
I was required to use a Kace specific search string to finally get it to pull the computesr
0

Featured Post

Get 10% Off Your First Squarespace Website

Ready to showcase your work, publish content or promote your business online? With Squarespace’s award-winning templates and 24/7 customer service, getting started is simple. Head to Squarespace.com and use offer code ‘EXPERTS’ to get 10% off your first purchase.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Native ability to set a user account password via AD GPO was removed because the passwords can be easily decrypted by any authenticated user in the domain. Microsoft recommends LAPS as a replacement and I have written an article that does something …
The Windows Firewall provides an important layer of protection and a rich interface to configure it. Unfortunately, it lacks item level filtering. This article details my process of implementing firewall-as-code to reduce GPO bloat.
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…

584 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question