Updated: Feb 13, 2020
Article No :: KB00020
Dear Admins, this article is the part-3 of the LDAP query series. For Part 1 & Part 2 refer to the link mentioned below of this article. Below are some LDAP queries which will help Windows Administrators to perform their day-to-day tasks efficiently. They are beneficial while fetching reports from Active Directory. One can use these queries in multiple ways i.e. via ADUC (Active Directory Users and Computer Console), within Powershell or via any system tools like SCCM, Hyena (www.systemtools.com) etc.
1) Knowledge of LDAP, Windows & Active Directory infra.
2) Knowledge of Scripting and logics.
3) Have access to run the LDAP queries.
Note: Please test these queries in the test environment, before executing in the production environment.
LDAP Queries for the Groups
1) To find all the "Universal Groups"
2) To find all the "Global Security Groups"
3) To find all the "Distribution Groups"
4) To find all "Security Groups"
5) To find all the "Built-In Groups"
6) To find all the "Global Groups"
7) To find all the "Domain Local Group"
8) To find all the "Universal Security Group"
9) To find all the "Domain Local Security Group"
10) To find all the "Global Distribution Group"
11) To find all the mail-enabled groups hidden from the GAL (Global Address List)
12) To find all the mail-enabled security groups
13) To find all the blank groups (Groups without any member)
14) To find all the groups with the prefix "Web-"
15) To find all the groups created after 1st-December-2019
16) To export only the users of "AdminGroup"
Below are some commonly used Active Directory attributes for user accounts.
Apart from the above attributes, we have other attributes as well. Please refer the attribute tab for more attribute information and then you can use them as per your requirement.
Hope you people liked this LDAP Query series. Please do share the article and share the knowledge.