Some basic examples of LDAP queries. Each entire LDAP statement must be encompassed in a set of parentheses( ).
Syntax
= (EQUAL TO - The attribute must be equal to a certain value to be true.)
e.g. find all objects that have the first name of Alice
(givenName=Alice)
& (logical AND - More than one condition must be true.)
e.g. find all of the people that have the first name of Alice and live in Venice:
(&(givenName=Alice)(l=Venice))
! (logical NOT - Exclude objects with a certain attribute.)
e.g. find all objects except those eith the first name of Alice:
(!givenName=Alice)
* (wildcard - match anything)
e.g. find all objects that have a value (any value) for title
(title=*)
find a given name that starts with Al
(givenName=Al*)
| (Logical OR - either comdition must be true)
e.g. find all objects that are in Venice or in Milan:
(|(l=Venice)(l=Milan))
This LDAP query syntax can be combined for more complex questions
Find all objects that are in Venice or Milan, and that have the first name of Alice:
(&(givenName=Alice)(|(l=Venice)(l=Milan)))
The ! operator in conjunction with the wildcard operator will look for objects where that attribute is not set to anything.
“We learn more by looking for the answer to a question and not finding it than we do from learning the answer itself” ~ Lloyd Alexander
Related PowerShell Commands:
Get-adGroup - Get one or more AD groups.
Get-adUser - Get one or more AD users.
Active Directory Users and Computers - custom search
CSVDE / LDIFDE - Create, modify or delete directory objects.
ADModify.NET - A GUI tool to facilitate making bulk user attribute modifications.