Active Directory

Useful Permanent Queries in AD Users and Computers

Useful Permanent Queries in AD Users and Computers

To create permanent queries in AD,

  1. Open Active Directory Users and Computers (dsa.msc)
  2. Navigate to Saved Queries
  3. Right Click on Saved Queries
  4. Select New
  5. Select Query
  6. Populate the Name and Description with something meaningful.
  7. Select Define Query
  8. Create LDAP query for a list of …
  • All disabled users:
    (objectcategory=user)(userAccountControl:1.2.840.113556.1.4.803:=2)
  • All users whose password never expires:
    (objectcategory=user)(userAccountControl:1.2.840.113556.1.4.803:=65536)
  • All users created after xx/xx/xxxx (01/01/2019)
    (&(objectCategory=user)(whenCreated>=20190101000000.0Z))
  • Must change password at next logon
    (&(ObjectCategory=user)(pwdlastSet=0))
  • Password has expired
    (&(objectcategory=user)(userAccountControl:1.2.840.113556.1.4.804:=8388608))
  • Account is locked out
    (&(objectCategory=user)(userAccountControl:1.2.840.113556.1.4.804:=16))
  • Users who have never logged on
    (&(objectCategory=User)(lastLogon=0))
  • All XP based Operating Systems
    (&(objectCategory=computer)(operatingSystemVersion=5.1*))
  • Search of the accounts with ‘service’ keyword in description box
    (objectcategory=person)(description=*service*)
  • Empty Active Directory groups (with no users)
    (objectCategory=group)(!member=*)
  • Users with the empty Profile Path box
    (objectcategory=person)(!profilepath=*)
  • All AD users, except disabled
    (objectCategory=person)(objectClass=user)(!useraccountcontrol:1.2.840.113556.1.4.803:=2)
  • Users with e-mail addresses
    (objectcategory=person)(mail=*)
  • Users without e-mail addresses
    (objectcategory=person)(!mail=*)
  • AD users created this year
    (&(&(&(objectClass=User)(whenCreated>=20190101000000.0Z))))
  • User accounts created at a certain time period (in 2018)
    (&(&(objectCategory=user)(whenCreated>=20180101000000.0Z&<=20190101000000.0Z&)))
  • All Windows 7/2008 R2 based Operating Systems
    (&(objectCategory=computer)(operatingSystemVersion=6.1*))Commonly used LDAP Syntax which can be utilised with the Saved Queries feature.&  logical and
    |  logical or 
    !  logical not
    =  equal to
    ~=  approximately equal to
    >= e qual to or greater than
    <=  less than or equal to

Recommended content

Guys please don’t forget to like and share the post.Also join our WindowsTechno Community and where you can post your queries/doubts and our experts will address them .

You can also share the feedback on below windows techno email id.

If you have any questions feel free to contact us on admin@windowstechno.com also follow us on facebook@windowstechno to get updates about new blog posts.

How useful was this post?

Click on a star to rate it!

As you found this post useful...

Follow us on social media!

Was this article helpful?
YesNo

Vipan Kumar

He is an Active Directory Engineer. He has been working in IT industry for more than 10 years. He is dedicated and enthusiastic information technology expert who always ready to resolve any technical problem. If you guys need any further help on subject matters, feel free to contact us on admin@windowstechno.com Please subscribe our Facebook page as well website for latest article. https://www.facebook.com/windowstechno

Leave a Reply

Back to top button