Solved

LDAP query for computer in specific OU

Posted on 2014-09-12
8
3,781 Views
Last Modified: 2016-11-23
I want to run an LDAP query that will return me a list of computers in a specific OU.
If it matters I'm running the search through the Dell Kace software.

I can run this query which returns me all computers that start with NY-
(&(objectCategory=computer)(CN=NY-*))

I want to return all computers in the following location
OU=Accounting,OU=New York City,OU=WORKSTATIONS

I'm not having any luck combining the search variables to return all computers starting with NY- in the Accounting OU
0
Comment
Question by:Crucio606
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 6

Expert Comment

by:Chad Franks
ID: 40319856
This exact question was answered from a previous EE post:

http://www.experts-exchange.com/Software/Server_Software/Active_Directory/Q_23543128.html
0
 

Author Comment

by:Crucio606
ID: 40319912
Unfortunately this doesn't apply to me and I'm not running it via script but using Kace's search and filter fields.

The Kace search will work and do all the recursive work, I just need the correct variables.
0
 
LVL 16

Assisted Solution

by:Joshua Grantom
Joshua Grantom earned 250 total points
ID: 40319963
(&(objectCategory=computer)(CN=NY-*)(OU=Accounting,OU=New York City,OU=WORKSTATIONS,DC=DOMAINNAME,DC=LOCAL))
0
The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

 
LVL 16

Expert Comment

by:Joshua Grantom
ID: 40319980
It may be the other way around depending on how your AD Tree looks

(&(objectCategory=computer)(CN=NY-*)(OU=WORKSTATIONS,OU=New York City,OU=ACCOUNTING,DC=YOURDOMAINNAME,DC=LOCAL))

A screenshot of the tree from Active Directory Users and Computers would help me get the ldap query perfect
0
 
LVL 1

Assisted Solution

by:ldrose537
ldrose537 earned 250 total points
ID: 40320011
Crucio606,

If you have already seen the following, I apologize, but I thought it was potentially relevant:

https://www.kace.com/support/resources/kb/article/~/media/Files/Support/Knowledge-Base/KACE%20Appliance%20LDAP%20Reference%20Guide.ashx

Based on what I recall about Distinguished Name paths, theoretically you would just have to replace
"CN=NY-*" with the full DN path, minus the base DN if I'm reading the Kase info correctly. However, I have not worked with Kase, so I'm not 100% positive.

This however, I do know:
so for example if a full DN is
OU=LocationA, OU=Computers, DC=fabrikam, DC=local, then the portion you need is "OU=LocationA, OU=Computers" because the base is DC=fabrikam, DC=local.

Also a side note: take a look at the icon in AD - is the 'container' really an OU (picture of a directory inside) or just a container (Plain old folder). If it is a plain old folder, it would be CN=Computer, if it has an image of a directory/phonebook, it would be OU=Computer.
(CN stands for common name, OU stands for organizational unit, DC stands for domain component)
C--Users-lrose-Pictures-OUvsContainer.pn
0
 

Accepted Solution

by:
Crucio606 earned 0 total points
ID: 40392973
The solution ended up being pretty simple but it took their support pretty damn long to figure it out.

So what you posted: OU=Accounting,OU=New York City,OU=WORKSTATIONS,DC=DOMAINNAME,DC=LOCAL
was totally correct but I had to add a Kace specific search filter to pick out only computers:

(name=KBOX_COMPUTER_NAME)

Thanks for all the info, it def pointed me in the right direction
0
 
LVL 16

Expert Comment

by:Joshua Grantom
ID: 40392983
Good to know! DELL is at it again lol
0
 

Author Closing Comment

by:Crucio606
ID: 40403695
I was required to use a Kace specific search string to finally get it to pull the computesr
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

635 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question