LDAP Query for all active users

All replies

• 

  

  4

  Sign in to vote

  Hello,

   

  You can use this LDAP filter:

  (&(objectCategory=person)(objectClass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2))

   

  More example:

  Active Directory: LDAP Syntax Filters (Richard Mueller - MVP)

   

  Regards

  • Proposed as answer by Richard MuellerMVP, Banned Monday, January 9, 2012 11:59 PM

  Monday, January 9, 2012 10:05 PM
• 

  

  0

  Sign in to vote

  Thanks for the query and the link.  I had tried using  (objectCategory=person)(!userAccountControl:1.2.840.113556.1.4.803:=2) But it was returning over 1000 objects, which included non-user objects.  Wasn't sure how to remove everything except users.  I'll have to go through that link and try to figure some of this out. 

  Tuesday, January 10, 2012 2:02 PM
• 

  

  0

  Sign in to vote

  Hello,

  you have not use the objectClass "(objectClass=user)" as mentioned or did you modified it?

  ---

  Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

  • Proposed as answer by Santhosh Sivarajan-MVP Tuesday, January 10, 2012 3:24 PM

  Tuesday, January 10, 2012 2:05 PM
• 

  

  0

  Sign in to vote

  What do you mean by “active sign other than User accounts that have an active sign on”

  You can get all enabled users by using above LDAP syntax. 

  ---

  Santhosh Sivarajan | MCTS, MCSE (W2K3/W2K/NT4), MCSA (W2K3/W2K/MSG), CCNA, Network+| Houston, TX
  Blogs - http://blogs.sivarajan.com/
  
  
  
  This posting is provided AS IS with no warranties,and confers no rights.

  Tuesday, January 10, 2012 3:25 PM
• 

  

  0

  Sign in to vote

  Is there a powershell command that can be ran instead?  I'd like to find active users in a particular OU.  Any thoughts?

  Tuesday, January 10, 2012 4:55 PM
• 

  

  0

  Sign in to vote

  This worked perfectly... thank you for your help!

  Tuesday, January 10, 2012 6:05 PM
• 

  

  0

  Sign in to vote

  Here is the PowerShell way to do this which can be way more flexible when needed.

  $sb='CN=Computers,dc=TestNet,dc=local'
  $targetPath='ou=testou,dc=TestNet,dc=local'
  
  Get-ADcomputer -SearchBase $sb -LDAPFilter '(userAccountControl:1.2.840.113556.1.4.803:=2)' |
       Move-ADObject -TargetPath $targetPath -whatif

  
  

  ---

  ¯\_(ツ)_/¯

  Saturday, September 20, 2014 3:21 PM
• 

  

  0

  Sign in to vote

  I used the dsquery and needed to use "-Limit 1000" option because I had more than 100 responses. If you just need a quick count you can just pipe it to find /c "=" to get an count. You need to subtract one due to the first line not being an active user, it is just a header with the query criteria.

  Thanks for the help.

   David Tersigni

  Wednesday, March 2, 2016 3:12 AM
• 

  

  0

  Sign in to vote

  (&(objectCategory=person)(objectClass=user)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))

  Thursday, February 22, 2018 7:47 PM
• 

  

  0

  Sign in to vote

  Hi, the query string you provided

  (&(objectCategory=person)(objectClass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2))

  was not recognized as a valid query string by the Advanced query filter in the interactive ADUC filter dialog.
  

  
  

  
  

  • Edited by Spencer Simpson Friday, April 10, 2020 2:15 PM

  Friday, April 10, 2020 2:14 PM
• 

  

  0

  Sign in to vote

  Hi, the query string you provided

  (&(objectCategory=person)(objectClass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2))

  was not recognized as a valid query string by the Advanced query filter in the interactive ADUC filter dialog.
  

  
  

  
  

  Please don't reopen old topics.  The filter works fine in ADUC and is used commonly.

  ---

  \_(ツ)_/

  Friday, April 10, 2020 2:33 PM