RE: [ActiveDir] Saved Query for Distinguished Name Contains

[joe]

It seems I have been answering a lot of questions like this lately...   You can not put parts of the DN into the LDAP query. The only way to control what branches a query looks at are   1. Permissions 2. Search base 3. Search scope.   You need to be the most specific you need to be to either include or exclude various branches of the tree.   That being said, someone who wanted to have those specific branches filtered out or filtered in to the outputted return set but didn't mind actually returning a lot more data could look to see if they can find a tool that was written by someone bright enough to add options to let you do that.   Hey there is one... It is called adfind and has excldn and incldn switches to allow you to specify portions of a DN of objects you would like outputted.   FYI, there is a bug in the objects returned counter when using incldn, I have to go in and fish it out of there. It is because I cut and pasted the excldn code to produce the incldn section. ;o)   Anyway, your query would look something like   adfind -default -f objectcategory=computer -incldn ou=workstations   Keep in mind though that every computer in your org will be passed back to your client so if you have 100k computers and only 10 are in the ou=workstations ou's it will seem AWFULLY SLOW.... There is no way for me to get around that.        joe   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan Holme Sent: Sunday, December 04, 2005 2:18 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Saved Query for Distinguished Name Contains Hey, all!   I am trying to create a saved query to pull out computers that exist within a WORKSTATIONS ou; and that OU may exist within several higher-level OUs, i.e.   distinguishedName=*OU=Workstations*   but the Saved Queries interface in ADUC doesn’t seem to like distinguishedName (I’ve also tried dn= and DN=).  Any ideas, please?     Dan Holme