03 January 2013

LDAP syntax

LDAPFilter parameter of the Get-ADuser cmdlet is much easy to use an type;

One LDAPFilter conditions is enclosed in parenthesis and an operator will precede two conditions:

Eg. ( & (condition one) (condition two) ) - translate as condition one AND condition two

( | (condition one) (condition two) ) - translate as condition one OR condition two

 Logical conditions are formed using Active Directory attributes names like objectClass, objectCategory, name.

Eg.: to search for all users whose name start with "z" we will use:

 Get-ADUser -LDAPFilter {(&(objectCategory=person)(name=z*))}

It is recomended to use objectCategory instead of objectClass when ever possible because objectClass attribute can have multiple values and objectCategory is an indexed attribute in Active Directory and will speed up the search.

No comments:

Post a Comment