Lightweight Directory Access Protocol (LDAP) queries

Some basic examples of LDAP queries. Each entire LDAP statement must be encompassed in a set of parentheses( ).

Syntax
      =  (EQUAL TO - The attribute must be equal to a certain value to be true.)
         e.g. find all objects that have the first name of Alice
         (givenName=Alice)

      &  (logical AND - More than one condition must be true.) 
         e.g. find all of the people that have the first name of Alice and live in Venice:
         (&(givenName=Alice)(l=Venice))

      !  (logical NOT - Exclude objects with a certain attribute.) 
         e.g. find all objects except those eith the first name of Alice:
         (!givenName=Alice)

      *  (wildcard - match anything)
         e.g. find all objects that have a value (any value) for title
         (title=*)
         find a given name that starts with Al
         (givenName=Al*)

      |  (Logical OR - either comdition must be true)
         e.g. find all objects that are in Venice or in Milan:
         (|(l=Venice)(l=Milan))

This LDAP query syntax can be combined for more complex questions
Find all objects that are in Venice or Milan, and that have the first name of Alice:

   (&(givenName=Alice)(|(l=Venice)(l=Milan)))

The ! operator in conjunction with the wildcard operator will look for objects where that attribute is not set to anything.

“We learn more by looking for the answer to a question and not finding it than we do from learning the answer itself” ~ Lloyd Alexander

Related:

Get-adGroup - Get one or more AD groups.
Get-adUser - Get one or more AD users.
Active Directory Users and Computers - custom search
CSVDE / LDIFDE - Create, modify or delete directory objects.
ADModify.NET - A GUI tool to facilitate making bulk user attribute modifications.


© Copyright SS64.com 1999-2017
Some rights reserved