Exchange Server

LDAP Search Samples for Windows Server 2003 and Exchange 2000/2003

These LDAP search strings are good for Saved Queries in Windows Server 2003 AD Users and Computers, Query-based Distribution Groups and Exchange 2000/2003 Recipient Policies and Address Lists. In order to use the LDAP strings please consult your product help.

Most regular LDAP searches can be easily done via the provided GUI (such as in a new Address List filter), however there are instances where the provided GUI does not give us the needed flexibility. For example, you cannot use the GUI to create a search that uses the Boolean word “OR”, you can only create searches that use “AND” as their filter. In those cases, if you wanted to create a filter that finds users that are either in the Sales department OR in the Development department – you’d need to use a manual search string.

Hence the following examples. They are simple, common, day-to-day strings that you might find handy.

Most samples can be used as provided, but some need minor changes, use common sense where needed.

Sponsored Content

Read the Best Personal and Business Tech without Ads

Staying updated on what is happening in the technology sector is important to your career and your personal life but ads can make reading news, distracting. With Thurrott Premium, you can enjoy the best coverage in tech without the annoying ads.

Finally, saves XML samples of the same queries can be downloaded and used directly from the Saved Queries folder in the Windows Server 2003 AD Users and Computers.

  • Find all Computers that are NT4.0 BDCs
  • Find all Computers that do not have a Description

Notice the “!” that means “NOT”.

  • Find all Groups that have a Description
  • Find all Groups that start with QA or HD

Notice the “|” that means “OR”.

  • Find all Objects where Department, Company or Description is Sales

Notice the “|” that means “OR”.

  • Find all Users created after 01.08.2004
  • Find all Users except Sara

Notice the “!” that means “NOT”.

  • Find all Users that are almost Locked-Out

Notice the “>=” that means “Greater than or equal to”.

  • Find all Users that are Disabled
  • Find all Users that are Disabled (another option)
  • Find all Users that are members of QA Users Group in the Help Desk OU in the domain
​(objectCategory=user)(memberOf=CN=QA Users,OU=Help Desk,DC=dpetri,DC=net)
  • Find all Users that have an E-Mail Address (not Exchange related)
  • Find all Users that have an E-Mail attribute (Mail Enabled)
  • Find all Users that have not changed password since 05.02.2004

Note: Download the script to help you generate this date format.


Related Topics:

Download this eBook!

External Sharing and Guest User Access in Microsoft 365 and Teams

his eBook will dive into policy considerations you need to make when creating and managing guest user access to your Teams network, as well as the different layers of guest access and the common challenges that accompany a more complicated Microsoft 365 infrastructure. The eBook will also outline some of the major decision points across four general-purpose guest access policy scenarios for how an organization can set this up with standard licensing.

Download Now

Sponsored By