VAMT LDAP query RRS feed

  • Question

  • God help me I can not for the life of me figure out Microsoft's rediculous Forums/Answers/Technet/LiveAnswers/etc format.  So I am going to take a wild shot in the dark and hope to hell this is even remotely a related forum to the help that I need.

    I'm trying to use VAMT 3.0 to query a bunch of servers out of a sub-OU.  How the heck do you format the LDAP query correctly??

    I've gotten this far: LDAP://corp.mydomain.com??sub?(&(objectClass=computer)) 

    And that populates nearly every computer in my domain until VAMT crashes.  How do I add to that query to select the sub-OU "OU=Test and QA"?  I've tried everything and I just can't get it to work at all.

    Thursday, August 4, 2011 7:24 PM


All replies

  • :)
    you got the right forum for VAMT, but not sure there are many LDAP gurus that lurk in here.
    and I guess you mean VAMT2.0, cos there isn't a VAMT3.0 that I can find?
    your LDAP syntax example looks way off to me, but I don't use VAMT that way (I almost always use KMS).
    I'll dig around a bit, but you might want to look into some of the LDAP library material on technet.

    Thursday, August 4, 2011 9:42 PM
    • Marked as answer by Nick Wan Thursday, August 18, 2011 2:24 AM
    Thursday, August 4, 2011 9:44 PM
  • found this:

    How is this a legitimate answer? It points to a thread where the indicated answer is:

    You could do what you need to set everything up without VAMT.


    It would save me a lot of time if there were a real-world working solution to the original question:

    I'm trying to use VAMT 3.0 to query a bunch of servers out of a sub-OU.  How the heck do you format the LDAP query correctly??
    Thursday, January 5, 2012 2:51 PM
  • Hi IamTheGorf. Here is the syntax that worked for me:


    Note that I had to specify a domain controller first, then identified the OUs in order of deepest to shallowest. Replace the "6*" with your specific OS from this page:


    I'm not certain how to specify a server OS rather than a generation, but maybe something from here:


    Monday, January 9, 2012 3:01 PM
  • I am unable to perform a similar search on an OU that has a space in the name. Tried quoting the DN with single and double quotes, using the UTC-8 code for a space (%20), and tried escaping the space with a backslash (\), all with no success. If anyone has a solution, post it.
    Monday, January 9, 2012 4:54 PM
  • Hi Mike,

    I have posted to the DS forum, requesting an assist from an LDAP guru for you:

    • Edited by DonPick Monday, January 9, 2012 9:09 PM
    Monday, January 9, 2012 9:09 PM
  • Thanks Don. I appreciate your efforts.
    Tuesday, January 10, 2012 2:23 PM
  • According to the "The LDAP URL Format" RFC 2255
    "Note that any URL-illegal characters (e.g., spaces), URL special characters (as defined in section 2.2 of RFC 1738) and the reserved character '?' (ASCII 63) occurring inside a dn, filter, or other element of an LDAP URL MUST be escaped using the % method described in RFC 1738 [5]. If a comma character ',' occurs inside an extension value, the character MUST also be escaped using the % method."
    However, some tools will compensate differently than the RFC.

    Friday, January 13, 2012 9:56 AM
  • Hi Jim. Thanks for the information about the right way to program an LDAP query. If you follow the thread that Don started over in the Directory Services forum I think you'll find that this is a bug in the LDAP query method used in the VAMT.

    And if you read a couple posts up, you'll see that '%20' was already attempted. For kicks I tried escaping the space with '%20' and received, yet again, "The object does not exist."

    Friday, January 13, 2012 2:33 PM
  • How is the above post reported as abusive? Is someone offended that I found a syntax that works? LOL! I sense a conspiracy!!
    Mods, please evaluate the previous post for abuse so it might be published.
    Friday, January 13, 2012 2:47 PM
  • Mike,

    Not sure what happened... The automatic spam filter flagged that post. I have fixed it for you.


    Friday, January 13, 2012 3:43 PM
  • Thanks for the quick fix David!
    Friday, January 13, 2012 3:44 PM
  • Dear Mike

    the last message on this issue has been posted about a year ago. Since we are facing the same problem in January 2013, I'd like to get back to you. Has this ever been solved? Did Microsoft confirm that this is a bug?


    Monday, January 7, 2013 9:07 AM
  • Hi Dirk,

    I abandoned the efforts to use the VAMT since there seemed to be no workaround for OUs that contain spaces. I am not aware of MS acknowledging or confirming this bug and believe there is no solution/hotfix for it. I use the following to register computers:

    cd "Program Files\Microsoft Office\Office14"
    cd "Program Files (x86)\Microsoft Office\Office14"
    cscript ospp.vbs /dstatus
    cscript ospp.vbs /inpkey:xxxxx-xxxxx-xxxxx-xxxxx-xxxxx
    cscript ospp.vbs /act

    I've been running it manually because I have a fairly small number of systems to manage and only some of them are "off-site" and require a MAK key, but I'm sure it would work fine in a script. Just remove the 'dstatus' line since it is superfluous when automated.

    Good luck finding a resolution!


    Monday, January 7, 2013 2:31 PM
  • Used this to search the OU named Servers and OS version 2016


    Sunday, September 15, 2019 11:18 AM