Active Directory
Useful Permanent Queries in AD Users and Computers
Useful Permanent Queries in AD Users and Computers
To create permanent queries in AD,
- Open Active Directory Users and Computers (dsa.msc)
- Navigate to Saved Queries
- Right Click on Saved Queries
- Select New
- Select Query
- Populate the Name and Description with something meaningful.
- Select Define Query
- Create LDAP query for a list of …
- All disabled users:
(objectcategory=user)(userAccountControl:1.2.840.113556.1.4.803:=2) - All users whose password never expires:
(objectcategory=user)(userAccountControl:1.2.840.113556.1.4.803:=65536) - All users created after xx/xx/xxxx (01/01/2019)
(&(objectCategory=user)(whenCreated>=20190101000000.0Z)) - Must change password at next logon
(&(ObjectCategory=user)(pwdlastSet=0)) - Password has expired
(&(objectcategory=user)(userAccountControl:1.2.840.113556.1.4.804:=8388608)) - Account is locked out
(&(objectCategory=user)(userAccountControl:1.2.840.113556.1.4.804:=16)) - Users who have never logged on
(&(objectCategory=User)(lastLogon=0)) - All XP based Operating Systems
(&(objectCategory=computer)(operatingSystemVersion=5.1*)) - Search of the accounts with ‘service’ keyword in description box
(objectcategory=person)(description=*service*) - Empty Active Directory groups (with no users)
(objectCategory=group)(!member=*) - Users with the empty Profile Path box
(objectcategory=person)(!profilepath=*) - All AD users, except disabled
(objectCategory=person)(objectClass=user)(!useraccountcontrol:1.2.840.113556.1.4.803:=2) - Users with e-mail addresses
(objectcategory=person)(mail=*) - Users without e-mail addresses
(objectcategory=person)(!mail=*) - AD users created this year
(&(&(&(objectClass=User)(whenCreated>=20190101000000.0Z)))) - User accounts created at a certain time period (in 2018)
(&(&(objectCategory=user)(whenCreated>=20180101000000.0Z&<=20190101000000.0Z&))) - All Windows 7/2008 R2 based Operating Systems
(&(objectCategory=computer)(operatingSystemVersion=6.1*))Commonly used LDAP Syntax which can be utilised with the Saved Queries feature.& logical and
| logical or
! logical not
= equal to
~= approximately equal to
>= e qual to or greater than
<= less than or equal to
Recommended content
- RODC Installation Guide- Step by step guide to install read only domain controller
- RODC Filtered Attribute Set
- Installing and configuring a RODC in Windows Server-2012
- How to find the GUID of Domain Controller
- Group Policy Understanding Group Policy Preferences
- Group Policy Verification Tool GPOTool Exe
- Group Policy Health Check on Specific Domain Controller
Guys please don’t forget to like and share the post.Also join our WindowsTechno Community and where you can post your queries/doubts and our experts will address them .
You can also share the feedback on below windows techno email id.
If you have any questions feel free to contact us on admin@windowstechno.com also follow us on facebook@windowstechno to get updates about new blog posts.
Was this article helpful?
YesNo