Se connecter
 
AccueilLibrairieFormationTéléchargementsSupport techniqueCommunautésForums
Pour les professionnels de l’informatique >
Search Filter Help

Traitée Search Filter Help

  • lundi 30 avril 2012 13:24
     
     
    Connectez-vous pour voter
    0

    Hi,

     I want to get a list of Containers  in The AD which are capable of  containing specified object like user,computer,groups contact...<i dont want the list of All containers>

     Is there any way to form or get a hierarchical representation of OU and Containers in AD?

    bin hex

     

Toutes les réponses

  • lundi 30 avril 2012 13:28
    Modérateur
     
     
    Connectez-vous pour voter
    0

    Hi,

    You might get some scripts in Technet Gallery 

    http://gallery.technet.microsoft.com/site/search?f%5B0%5D.Type=RootCategory&f%5B0%5D.Value=activedirectory&f%5B0%5D.Text=Active%20Directory

    A UNIVERSE without WINDOWS is CHAOS !

    This posting is provided "AS IS" with no warranties or guarantees and confers no rights.

    About Me !!!

     
  • lundi 30 avril 2012 13:28
     
     
    Connectez-vous pour voter
    0

    Bin,

     Please refer bleow link which contains Dsquery commandlet .

    It might help you

    http://social.technet.microsoft.com/wiki/contents/articles/2195.dsquery-commands-en-us.aspx

    Regards,

    _Prashant_

    MCSA|MCITP SA|Microsoft Exchange 2003 Blog - http://prashant1987.wordpress.com Disclaimer: This posting is provided AS-IS with no warranties/guarantees and confers no rights.

     
  • lundi 30 avril 2012 13:47
     
      A du code
    Connectez-vous pour voter
    0

    The LDAP syntax filter for container objects in AD is:

    (objectCategory=container)

    -----

    Note, this does not include organizational units. However, all containers can contain user, group, computer, and contact objects. Do you want to filter on empty containers, or some other attribute or condition?

    Richard Mueller - MVP Directory Services


     
  • lundi 30 avril 2012 13:57
     
     
    Connectez-vous pour voter
    0

    Richard,

       First i want to get the fine list of Container along with OU if possible... If i simply search for (objectCategory=container) it will display lot of containers...but i need the list of container&ou which is showed by default in AD users& computers snap-in (under the domain)....

    bin hex

     
  • lundi 30 avril 2012 15:30
     
      A du code
    Connectez-vous pour voter
    0

    To filter for both use:

    (|(objectCategory=container)(objectCategory=organizationalUnit))

    -----

    The "|" character (the pipe symbol) is the "Or" operator, so this retrieves objects that meet either of the two conditions. Does this help? For more on using LDAP syntax filters, see this link:

    http://social.technet.microsoft.com/wiki/contents/articles/5392.active-directory-ldap-syntax-filters-en-us.aspx

    Richard Mueller - MVP Directory Services

     
  • mercredi 2 mai 2012 05:03
     
     
    Connectez-vous pour voter
    0

    Muller,

      I dont want all the containers in AD... i want the containers list which is capable of  containing User & Computer objects...

    bin hex

     
  • mercredi 2 mai 2012 15:55
     
     Traitée
    Connectez-vous pour voter
    1

    Each AD object has an allowedChildClasses attribute, which is a collection of all of the classes of objects which can be contained within the object. I checked in my domain, and every container and OU has (allowedChildClasses=user) and (allowedChildClasses=computer). There are no containers or OU's which cannot contain users or computers.

    There are some objects that appear at first glance to be containers, and which cannot contain user or computer objects. For example the "cn=NTDS  Quotas". However, these objects do not have (objectCategory=container). The "cn=NTDS Quotas" object has (objectCategory=msDS-QuotaContainer). Similarily, the object "cn=Builtin" cannot container user or computer objects, but has (objectCategory=builtinDomain).

    Do you have any container or OU objects which cannot contain user or computer objects? If so, how can you tell? Perhaps using ADSI Edit you can tell if your Schema has been modified to remove user and/or computer classes from the allowedChildClasses attribute for some objects.

    If your schema has been modified, you cannot filter on this attribute, as it is operational, but you can retrieve it and check each container/OU object to make sure the allowedChildClasses attribute includes both of these classes.

    Richard Mueller - MVP Directory Services


     
  • mercredi 2 mai 2012 16:54
     
     Traitée
    Connectez-vous pour voter
    1

    I did my research on this question on a Windows 2003 Server DC using ADSI Edit to view the allowedChildClasses attribute of objects. However, I just noticed that neither ADUC nor ADSI Edit reveals this attribute on a Windows Server 2008 R2 DC, probably because the attribute is operational. You cannot verify my previous statements unless you user ADSI Edit on a W2k3 DC, or use a script. Still, how do you know you have containers that cannot contain user or computer objects?

    Richard Mueller - MVP Directory Services

     
  • jeudi 3 mai 2012 05:46
     
     
    Connectez-vous pour voter
    0

    Richard,

     Thanks for your Valuable Research...It gives me a clear idea...So every container & OU can contain User and Computer objects...So i have to find another approach :(...

    My Target is, I just want a Tree view which is displayed in Left side of Users&Computers snap-in... The windows server must use some query to filter these container and OU right..I am looking for that query... If i simply search for all OUs and Containers it display lot of blah-blah things... I just need a clear list as shown in Users&Computers snap-in...

    bin hex