Active Directory - Saved Queries (ADUC MMC)

Updated: 2013/03/29

Active Directory Users and Computers provides a Saved Queries folder in which administrators can create, edit, save, and organize saved queries. Before saved queries, administrators were required to create custom ADSI scripts that would perform a query on common objects. This was an often lengthy process that required knowledge of how ADSI utilizes LDAP search filters to resolve a query.

All queries located in the Saved Queries folder are stored in Active Directory Users and Computers (dsa.msc). Once you have successfully created your customized set of queries you can copy the .msc file to other domain controllers (located in the same domain) and use the same set of saved queries. You can also export saved queries to an .xml file and import them into other Active Directory User and Computer consoles located on domain controllers (within the same domain)

LDAP SyntaxPermalink

• LDAP Query Basics
• Search Filter Syntax

LDAP QueriesPermalink

Windows XP Computers with Service Pack 2 InstalledPermalink

(&(objectCategory=computer)(operatingSystem=Windows XP Professional)(operatingSystemServicePack=Service Pack 2))

Windows XP Computers with Service Pack 1 InstalledPermalink

(&(operatingSystem=Windows XP*l)(operatingSystemServicePack=Service Pack 1)))

Windows XP Computers with No Service Pack InstalledPermalink

Notice the “!” before operating SystemServicePack and the “*”. The “!” means NOT so the statement reads “NOT equal to anything” instead of NULL or empty quotes (””) like some other languages. (&(operatingSystem=Windows XP Professional)(!operatingSystemServicePack=*)))

Windows Server 2003 No Service Pack 1Permalink

(&(objectCategory=computer)(operatingSystem=Windows Server 2003)(!operatingSystemServicePack=*))

Windows Server 2003 Service Pack 1 InstalledPermalink

(&(objectCategory=computer)(operatingSystem=Windows Server 2003)(operatingSystemServicePack=Service Pack 1))

Windows 2000 ProfessionalPermalink

(&(objectCategory=computer)(operatingSystem=Windows 2000 Professional))

Windows 2000 ServerPermalink

(&(objectCategory=computer)(operatingSystem=Windows 2000 Server))

All Windows Server 2003 ServersPermalink

(&(objectCategory=computer)(operatingSystem=Windows Server 2003))

SQL Servers (running on Windows 2003) (please verify in your environment)Permalink

(&(objectCategory=computer)(servicePrincipalName=MSSQLSvc*)(operatingSystem=Windows Server 2003))

SQL Servers any Windows Server OSPermalink

(&(objectCategory=computer)(servicePrincipalName=MSSQLSvc*)(operatingSystem=Windows Server*))

Exchange Servers (running on Windows 2003) (please verify in your environment)Permalink

(&(objectCategory=computer)(servicePrincipalName=exchangeMDB*)(operatingSystem=Windows Server 2003))

Exchange Servers any Windows Server OSPermalink

(&(objectCategory=computer)(servicePrincipalName=exchangeMDB*)(operatingSystem=Windows Server*))

Windows Vista SP1Permalink

(&(objectCategory=computer)(operatingSystem=Windows Vista*)(operatingSystemServicePack=Service Pack 1))

Windows Server 2008 EnterprisePermalink

(&(objectCategory=computer)(operatingSystem=Windows Server® 2008 Enterprise)(operatingSystemServicePack=Service Pack 1))

Windows Server 2008 (all versions)Permalink

(&(objectCategory=computer)(operatingSystem=Windows Server® 2008*)) Notice the ® in the Windows 2008 values, it needs to be in the query or there won’t be any results.

Groups Like Service (finds any group name that contains the word service)Permalink

(objectcategory=group)(samaccountname=*service*)

Description Like Service (finds accounts in which the description contains the word service)Permalink

(objectcategory=person)(description=*service*)

Groups Like Admin (finds any groups whose name contains the word admin)Permalink

(objectcategory=group)(samaccountname=*admin*)

Universal Groups (finds groups with universal scope)Permalink

(groupType:1.2.840.113556.1.4.803:=8)

Groups with No Members (finds groups that have no members in them)Permalink

(objectCategory=group)(!member=*) Note: The ! symbol means “Not” and * means “Has a value,” so the combination of the two evaluates to “Doesn’t have a value.”

Global, Domain Local, or Universal Groups (finds any group defined as a Global Group, a Domain Local Group, or a Universal Group)Permalink

(groupType:1.2.840.113556.1.4.804:=14)

Global Group, a Domain Local Group, or a Universal Group that has no members)Permalink

(groupType:1.2.840.113556.1.4.804:=14)(!member=*)

User Like Service (finds any account ID that has a name containing the word service)Permalink

(objectcategory=person)(samaccountname=*service*)

Password Does Not Expire (finds user accounts with nonexpiring passwords)Permalink

(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=65536)

No Employee ID (finds any user account that has no employeeid value)Permalink

(objectcategory=person)(!employeeid=*)

No Login Script (finds accounts that don’t run a logon script)Permalink

(objectcategory=person)(!scriptPath=*)

No Profile Path (finds accounts that don’t have roaming profiles)Permalink

(objectcategory=person)(!profilepath=*)

Must Change Password and Not Disabled (finds nondisabled accounts that must change their password at next logon)Permalink

(objectCategory=person)(objectClass=user)(pwdLastSet=0)(!useraccountcontrol:1.2.840.113556.1.4.803:=2)

UserList Exclude Disabled Account (finds all user accounts except those that are disabled)Permalink

(objectCategory=person)(objectClass=user)(!useraccountcontrol:1.2.840.113556.1.4.803:=2)

Locked Out Accounts (finds all locked out accounts)Permalink

(objectCategory=person)(objectClass=user)(useraccountcontrol:1.2.840.113556.1.4.803:=16)

Domain Local Groups (finds groups with Domain Local scope)Permalink

(groupType:1.2.840.113556.1.4.803:=4)

Users with Email Address (finds accounts that have an email address)Permalink

(objectcategory=person)(mail=*)

Users with No Email Address (finds accounts with no email address)Permalink

(objectcategory=person)(!mail=*)

Find Groups that contains the word adminPermalink

(objectcategory=group)(samaccountname=*admin*)

Find users who have admin in description fieldPermalink

(objectcategory=person)(description=*admin*)

Find all Universal GroupsPermalink

(groupType:1.2.840.113556.1.4.803:=8)

Empty Groups with No MembersPermalink

(objectCategory=group)(!member=*)

Finds all groups defined as a Global Group, a Domain Local Group, or a Universal GroupPermalink

(groupType:1.2.840.113556.1.4.804:=14)

Find all User with the name BobPermalink

(objectcategory=person)(samaccountname=*Bob*)

Find user accounts with passwords set to never expirePermalink

(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=65536)

Find all users that never log in to domainPermalink

(&(&(objectCategory=person)(objectClass=user))(|(lastLogon=0)(!(lastLogon=*))))

Find user accounts with no log on scriptPermalink

(objectcategory=person)(!scriptPath=*)

Find user accounts with no profile pathPermalink

`(objectcategory=person)(!profilepath=*)

Finds non disabled accounts that must change their password at next logonPermalink

(objectCategory=person)(objectClass=user)(pwdLastSet=0)(!useraccountcontrol:1.2.840.113556.1.4.803:=2)

Finds all disabled accounts in active directoryPermalink

(objectCategory=person)(objectClass=user)(useraccountcontrol:1.2.840.113556.1.4.803:=2)

Finds all locked out accountsPermalink

(objectCategory=person)(objectClass=user)(useraccountcontrol:1.2.840.113556.1.4.803:=16)

Finds Domain Local GroupsPermalink

(groupType:1.2.840.113556.1.4.803:=4)

Finds all Users with Email Address setPermalink

(objectcategory=person)(mail=*)

Finds all Users with no Email AddressPermalink

(objectcategory=person)(!mail=*)

Find all Users, Groups or Contacts where Company or Description is ContractorsPermalink

(|(objectcategory=user)(objectcategory=group)(objectcategory=contact))(|(description=North*)(company=Contractors*))

Find all Users with Mobile numbers 712 or 155Permalink

(objectcategory=user)(|(mobile=712*)(mobile=155*))

Find all Users with Dial-In permissionsPermalink

(objectCategory=user)(msNPAllowDialin=TRUE)

Find All printers with Color printing capabilityPermalink

Note: server name must be changed (&(&(&(uncName=*Servername*)(objectCategory=printQueue)(printColor=TRUE))))

Find Users Mailboxes Overriding Exchange Size Limit PoliciesPermalink

(&(&(&objectCategory=user)(mDBUseDefaults=FALSE)))

Find all Users that need to change password on next login.Permalink

(&(objectCategory=user)(pwdLastSet=0))

Find all Users that are almost Locked-OutPermalink

Notice the “>=” that means “Greater than or equal to”. (objectCategory=user)(badPwdCount>=2)

Find all Computers that do not have a DescriptionPermalink

(objectCategory=computer)(!description=*)

Find all users with Hidden MailboxesPermalink

(&(objectCategory=person)(objectClass=user)(msExchHideFromAddressLists=TRUE))

Find all Windows 2000 SP4 computersPermalink

(&(&(&(objectCategory=Computer)(operatingSystem=Windows 2000 Professional)(operatingSystemServicePack=Service Pack 4))))

Find all Windows XP SP2 computersPermalink

(&(&(&(&(&(&(&(objectCategory=Computer)(operatingSystem=Windows XP Professional)(operatingSystemServicePack=Service Pack 2))))))))

Find all Windows XP SP3 computersPermalink

(&(&(&(&(&(&(&(objectCategory=Computer)(operatingSystem=Windows XP Professional)(operatingSystemServicePack=Service Pack 3))))))))

Find all Vista SP1 computersPermalink

(&(&(&(&(sAMAccountType=805306369)(objectCategory=computer)(operatingSystem=Windows Vista*)(operatingSystemServicePack=Service Pack 1)))))

Find All WorkstationsPermalink

(sAMAccountType=805306369)

Find all 2003 Servers Non-DCsPermalink

(&(&(&(samAccountType=805306369)(!(primaryGroupId=516)))(objectCategory=computer)(operatingSystem=Windows Server 2003*)))

Find all 2003 Servers – DCsPermalink

(&(&(&(samAccountType=805306369)(primaryGroupID=516)(objectCategory=computer)(operatingSystem=Windows Server 2003*))))

Find all Server 2008Permalink

(&(&(&(&(samAccountType=805306369)(!(primaryGroupId=516)))(objectCategory=computer)(operatingSystem=Windows Server 2008*))))

Find all user accounts that have the name “srv_acct” in them, if your service accounts follow a naming convention.Permalink

(objectcategory=person)(samaccountname=*srv_acct*)

Find all groups that have no membersPermalink

(objectCategory=group)(!member=*)

Find users that have non-expiring passwords.Permalink

(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=65536)

Find users created between 2010-01-01 and 2011-01-01Permalink

(&(&(objectCategory=user)(whenCreated>=20100101000000.0Z&<=20110101000000.0Z&)))