Some basic examples of LDAP queries. Each entire LDAP statement must be encompassed in a set of parentheses( ).
Syntax = (EQUAL TO - The attribute must be equal to a certain value to be true.) e.g. find all objects that have the first name of Alice (givenName=Alice) & (logical AND - More than one condition must be true.) e.g. find all of the people that have the first name of Alice and live in Venice: (&(givenName=Alice)(l=Venice)) ! (logical NOT - Exclude objects with a certain attribute.) e.g. find all objects except those eith the first name of Alice: (!givenName=Alice) * (wildcard - match anything) e.g. find all objects that have a value (any value) for title (title=*) find a given name that starts with Al (givenName=Al*) | (Logical OR - either comdition must be true) e.g. find all objects that are in Venice or in Milan: (|(l=Venice)(l=Milan))
This LDAP query syntax can be combined for more complex questions
Find all objects that are in Venice or Milan, and that have the first name of Alice:
The ! operator in conjunction with the wildcard operator will look for objects where that attribute is not set to anything.
“We learn more by looking for the answer to a question and not finding it than we do from learning the answer itself” ~ Lloyd Alexander
Get-adGroup - Get one or more AD groups.
Get-adUser - Get one or more AD users.
Active Directory Users and Computers - custom search
CSVDE / LDIFDE - Create, modify or delete directory objects.
ADModify.NET - A GUI tool to facilitate making bulk user attribute modifications.