18.07.2007, 12:11
|
#5 |
|
Участник
|
Код: Search filter examples: To return all user objects with cn (Common Name) beginning with the string "Joe": "(&(objectCategory=person)(objectClass=user)(cn=Joe*))" To return all user objects. This filter is more efficient than the one using both objectCategory and objectClass, but is harder to remember: "(sAMAccountType=805306368)" To return all computer objects with no entry for description: "(&(objectCategory=computer)(!description=*))" To return all user and contact objects: "(objectCategory=person)" To return all group objects with any entry for description: "(&(objectCategory=group)(description=*))" To return all groups with cn starting with either "Test" or "Admin": "(&(objectCategory=group)(|(cn=Test*)(cn=Admin*)))" To return all objects with Common Name "Jim * Smith": "(cn=Jim \2A Smith)" To retrieve the object with GUID = "90395FB99AB51B4A9E9686C66CB18D99": "(objectGUID=\90\39\5F\B9\9A\B5\1B\4A\9E\96\86\C6\6C\B1\8D\99)" To return all users with "Password Never Expires" set: "(&(objectCategory=person)(objectClass=user)" _ & "(userAccountControl:1.2.840.113556.1.4.803:=65536))" To return all users with disabled accounts: "(&(objectCategory=person)(objectClass=user)" _ & "(userAccountControl:1.2.840.113556.1.4.803:=2))" To return all distribution groups: "(&(objectCategory=group)" _ & "(!groupType:1.2.840.113556.1.4.803:=2147483648))" To return all users with "Allow access" checked on the "Dial-in" tab of the user properties dialog of Active Directory Users & Computers. This is all users allowed to dial-in. Note that "TRUE" is case sensitive: "(&(objectCategory=person)(objectClass=user)" _ & "(msNPAllowDialin=TRUE))" To return all user objects created after a specified date (09/01/2002): "(&(objectCategory=person)(objectClass=user)" _ & "(whenCreated>=20020901000000.0Z))" To return all users that must change their password the next time they logon: "(&(objectCategory=person)(objectClass=user)" _ & "(pwdLastSet=0))" To return all users that changed their password since 2/5/2004. See the link below for a function to convert a date value to an Integer8 (64-bit) value. The date 2/5/2004 converts to the number 127,204,308,000,000,000: "(&(objectCategory=person)(objectClass=user)" _ & "(pwdLastSet>=127204308000000000))" To return all users with the group "Domain Users" designated as their "primary" group: "(&(objectCategory=person)(objectClass=user)" _ & "(primaryGroupID=513))" To return all users with any group other than "Domain Users" designated as their "primary" group: "(&(objectCategory=person)(objectClass=user)" _ & "(!primaryGroupID=513))" To return all users not required to have a password: "(&(objectCategory=person)(objectClass=user)" _ & "(userAccountControl:1.2.840.113556.1.4.803:=32))" To return all users that are direct members of a specified group. You must specify the Distinguished Name of the group. Wildcards are not allowed: "(&(objectCategory=person)(objectClass=user)" _ & "(memberOf=cn=TestGroup,ou=Sales,dc=MyDomain,dc=com))" To return all computers that are not Domain Controllers. "(&(objectCategory=Computer)" _ & "(!userAccountControl:1.2.840.113556.1.4.803:=8192))" To return all user accounts that do not expire. The value of the accountExpires attribute can be either 0 or 2^63-1: "(&(objectCategory=person)(objectClass=user)" _ & "(|(accountExpires=9223372036854775807)(accountExpires=0)))" |
|
|
Древовидный вид