--> (Word) | --> (PDF) | --> (Epub) | --> (Text) |
--> (XML) | --> (OpenOffice) | --> (XPS) | --> (MHT) |
[tab:Definitions]
CONVENTIONS AND DEFINITIONS
[tab:Get Infos]
WHERE TO GET INFORMATION
**USE EXTREME CAUTION WHEN USING THIS UTILITY ; DO NOT MANUALLY CHANGE ANY VALUES WHILE USING THIS UTILITY.**
This utility allows you to see the actual attribute names and the values they use so that you can perform searches. This utility is included with the Windows 2000 Server or Windows Server 2003 support pack.
[tab:Filters]
FILTERS
******BASE FILTERS******
WILDCARD...........................*
PRESENCE...........................(attribute=*)
EQUALITY...........................(attribute=value)
PARTIAL MATCH......................(attribute={partial value}*)
PARTIAL MATCH......................(attribute=*{partial value})
PARTIAL MATCH......................(attribute=*{partial value}*)
PARTIAL MATCH......................(attribute=*{partial value 1}*{partial value 2}*)
GREATER THAN or EQUAL..............(attribute>=value)
LESS THAN or EQUAL.................(attribute<=value)
APPROXIMATELY EQUAL................(attribute~=value)
******BOOLEAN FILTERS******
AND................................(&(filter1)(filter2))
AND................................(&(filter1)(filter2)(filter3))
OR.................................(|(filter1)(filter2))
OR.................................(|(filter1)(filter2)(filter3))
NOT................................(!(filter1))
BITWISE AND........................(attribute:1.2.840.113556.1.4.803:={bitvalue in decimal})
BITWISE OR.........................(attribute:1.2.840.113556.1.4.804:={bitvalue in decimal})
******SPECIAL CHARACTERS IN "VALUE" FIELDS******
(..................................\28
)..................................\29
*..................................\2A
\..................................\5C
******CORRELARY FILTERs******
NOT PRESENT (BLANK FIELD)..........(!(attribute=*))
[tab:Object Classes]
COMMON OBJECT CLASSES AND ATTRIBUTES
******USER ACCOUNT******
CLASS..............................objectCategory=person AND objectClass=user
ACCOUNT DISABLED...................userAccountControl={contains bit value of 2}
PASSWORD NOT REQUIRED..............userAccountControl={contains bit value of 32}
PASSWORD NEVER EXPIRES.............userAccountControl={contains bit value of 65536}
SMARTCARD REQUIRED.................userAccountControl={contains bit value of 262144}
ACCOUNT TRUSTED FOR DELEGATION.....userAccountControl={contains bit value of 524288}
ACCOUNT CANNOT BE DELEGATED........userAccountControl={contains bit value of 1048576}
USE DES ENCRYPTION.................userAccountControl={contains bit value of 2097152}
DON'T REQUIRE KERBEROS PRE-AUTH....userAccountControl={contains bit value of 4194304}
PREVIOUS PASSWORD CHANGE...........pwdLastSet {Integer8 Date, use .vbs to convert conventional dates, use "<=" for all dates before or ">=" for all dates after}
LAST LOGON.........................lastLogon {Integer8 Date as above, value of 0 or blank means NEVER}
REQUIRE P/W CHANGE AT NEXT LOGON...pwdLastSet {Value of 0, any other value is previous p/w change date}
GROUP MEMBERSHIP...................memberOf {Specify exact DN of group, no wildcards allowed}
EXCHANGE USER......................msExchHomeServerName {wildcard, or complete or partial servername}
EXCHANGE USER (OPTIONAL)...........homeMDB {wildcard, or complete or partial database name}
DESCRIPTION........................description {wildcard, or complete or partial text}
FIRST NAME.........................givenName {wildcard, or complete or partial text}
LAST NAME..........................sn {wildcard, or complete or partial text}
EMPLOYEE TYPE......................employeeType {wildcard, or complete or partial text}
EMPLOYEE NUMBER....................employeeID {wildcard, or complete or partial text}
DEPARTMENT NUMBER..................department {wildcard, or complete or partial text}
LOGON NAME.........................sAMAccountName {wildcard, or complete or partial text}
USER PRINCIPAL NAME (UPN)..........userPrincipalName {wildcard, or complete or partial text}
******COMPUTER ACCOUNT******
CLASS..............................objectClass=computer
OS NAME............................operatingSystem {ie. Windows 2000 Professional, use "PARTIAL" filter}
OS SERVICE PACK....................operatingSystemServicePack {ie. Service Pack 4, use "PARTIAL" filter}
OS VERSION.........................operatingSystemVersion {ie. 5.0 (2195), use "PARTIAL" filter}
DOMAIN CONTROLLER..................userAccountControl={contains bit value of 8192}
ACCOUNT TRUSTED FOR DELEGATION.....userAccountControl={contains bit value of 524288}
DESCRIPTION........................description {wildcard, or complete or partial text}
******GROUP OBJECTS******
CLASS..............................objectClass=group
DESCRIPTION........................description {wildcard, or complete or partial text}
NAME...............................CN {wildcard, or complete or partial text}
SECURITY GROUP.....................groupType {contains bit value of 2147483648}
GLOBAL GROUP.......................groupType {contains bit value of 2}
DOMAIN LOCAL GROUP.................groupType {contains bit value of 4}
UNIVERSAL GROUP....................groupType {contains bit value of 8}
[tab:Sample Query Segments]
SAMPLE QUERY SEGMENTS
[tab:Sample Full Queries]
SAMPLE FULL QUERIES (NOTE: If you cut and paste from this document, remove any extra carriage returns)
[tab:END]
SOURCE | LINK (tek-tips.com) | LANGUAGE | ENGLISH |