On occasion, I need a query in Active Directory. Sometimes I need to create a query-based distribution group (those always seem to come in handy). And sometimes I just need a better idea of what objects there are in existence in our domain – I don’t want to create duplicates and I certainly don’t want to duplicate any work that’s already been done.
So, when a situation like this pops up, I need to create an Active Directory query. As is the case with all great technologies, this one has a couple of aliases: they’re also known as LDAP and WMI searches/filters/queries. For the sake of keeping things simple we’re going just going to call them queries.
I imagine there are already a lot of youngins out there who are swift with code, but may take a moment or two to wrap their heads around the way this stuff works. The syntax is slightly less than intuitive, but if you’ve ever overloaded operators in C you’ll get the gist of this in a few seconds. Even if you haven’t, there’s not that much to it.
Basically you are going to define a set of qualifiers explicitly stating, in binary terms, what criteria should be used to the inclusion and exclusion of objects in the search results.
Bibble-it.com has already done a great job of explaining the basic mechanics of LDAP. There’s also the Microsoft walkthrough on LDAP basics.
This is the query. It includes all objects (users, contacts, groups, folders) in Active Directory that are capable of receiving mail.
(&
(mailnickname=*)
(|
(&
(objectCategory=person)
(objectClass=user)
(!
(homeMDB=*)
)
(!
(msExchHomeServerName=*)
)
)
(&
(objectCategory=person)
(objectClass=user)
(|
(homeMDB=*)
(msExchHomeServerName=*)
)
)
(&
(objectCategory=person)
(objectClass=contact)
)
(objectCategory=group)
(objectCategory=publicFolder)
(objectCategory=msExchDynamicDistributionList)
)
)
QuantumTom 