LDAP Queries for Day-To-Day admin work - Part 1

Updated: Apr 13

Article No :: KB00018

Dear Admins, below are some LDAP queries which will help Windows Administrators to perform their day-to-day tasks efficiently. They are beneficial while fetching reports from Active Directory. One can use these queries in multiple ways i.e. via ADUC (Active Directory Users and Computer Console), within Powershell or via any system tools like SCCM, Hyena (www.systemtools.com) etc.


1) Knowledge of LDAP, Windows & Active Directory infra.

2) Knowledge of Scripting and logics.

3) Have access to run the LDAP queries.

Note: Please test these queries in the test environment, before executing in the production environment.

LDAP Queries for Computer Accounts

1) To find all the Computers account

2) To find all the Computer accounts, starting with the name "DEL-LAP"

3) To find all the Computer accounts, with "Finance" in the "Description" attribute/field

4) To find all Computers accounts that do not have any "Description".

5) To find all the Computer accounts, which has the Server Operating System

6) To find the disabled Computer Accounts

7) To find the enabled Computer Accounts

8) To find all the 2016 Windows Servers excluding Domain Controllers

9) To find all the Windows Server 2016 Domain Controllers

10) To find all the Windows 10 computers (all the versions/builds)

11) To find all the Windows 10 computers with build no 14393

Below are some commonly used Active Directory attributes for computer accounts.

The next part of these series will have LDAP queries related to Users accounts and Groups.

#LDAPQuery #ActiveDirectoryQuery #ActiveDirectory #ComputerAccount #LDAPSearch

298 views0 comments