|
A couple of different ways
adfind -bit -b dc=domain,dc=com -f
"&(objectcategory=person)(objectclass=user)(!(useraccountcontrol:AND:=2))"
adfind -bit -b dc=domain,dc=com -f
"&(objectcategory=person)(samaccountname=*)(!(useraccountcontrol:AND:=2))"
adfind -bit -b dc=domain,dc=com -f
"&(samaccounttype=805306368)(!(useraccountcontrol:AND:=2))"
The tricky part is your
requirement of being ENABLED. The only way to do that is to make sure the
disabled flag is not set in the useraccountcontrol. That will seriously slow
down the query.
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alex Fontana Sent: Monday, February 28, 2005 5:48 PM To: [email protected] Subject: [ActiveDir] Querying for all users Is there any attribute that is
unique to real user accounts only (mail enabled and non-mail enabled)? We
tried teaming up objectclass=user and givenname=*, but of course not all users
have to have a given name. Then tried teaming up the objectclass with
useraccountcontrol=5*, then we found out about the 66048’s and 262656’s….damn
them. So, is there an ldap query that will give me all enabled active
directory user accounts? Most likely it’s so simple I would never have
even thought about it. TIA Alex. |
- RE: [ActiveDir] Querying for all users Jorge de Almeida Pinto
- RE: [ActiveDir] Querying for all users Sakari Kouti
- RE: [ActiveDir] Querying for all users Alex Fontana
- RE: [ActiveDir] Querying for all users joe
- RE: [ActiveDir] Querying for all users Saleem, Mohamed Yunus
- RE: [ActiveDir] Querying for all users Jorge de Almeida Pinto
- RE: [ActiveDir] Querying for all users Stelley, Douglas
- RE: [ActiveDir] Querying for all users Mulnick, Al
- RE: [ActiveDir] Querying for all users Stelley, Douglas
