LDAP query for *just* users

LDAP query for *just* users

2011-10-14
/ / /

We have numerous “mailbox only” user accounts in our AD. I’ve been asked for a query of all the user accounts on our domain. The query needs to exclude these accounts and disabled accounts as we’re only interested in active user accounts. This is what I came up with:

This query does the following:
Find all user accounts (objectcategory=person)(samaccountname=*)
But NOT
Disabled accounts (userAccountControl:1.2.840.113556.1.4.803:=2)
Exchange Shared Mailboxes: (msExchRecipientTypeDetails=4)
Exchange Rooms: (msExchRecipientDisplayType=7)
Exchange Equipment: (msExchRecipientDisplayType=8)
Service Accounts: (extensionattribute1=Service Account)

MS Software usually adds “SERVICE ACCOUNT” to the extensionattribute1.

Post a Comment

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.