sorin
Reputation: 170310
Complete LDAP query to extract active Users and Service Accounts from Microsoft Active Directory
I sill fail to see the light in LDAP ;) ...
Here is the use case: I am trying to setup Jira to sync LDAP directory for login but because the directory is huge I do need to be very sensitive on how do I make the query, in order to eliminate the garbage.
I need both Users and Service Accounts.
HEre are the requirements (you are free to suggest more):
- Account should not start with
_#or ` - Should be normal account (not machine, trust or whatever)
- It shouldn't be a mailing list
- It shouldn't be a meeting room
Upvotes: 0
Views: 6004
Answers (1)
sorin
Reputation: 170310
Here is a partial solution that I have, still not completely happy. In order to make it easier to read I will put the conditions separated.
They are ordered in order to improve query speed:
(samAccountType=805306368) // user/person (optimum test)
(userAccountControl:1.2.840.113556.1.4.803:=512) // normal account
(!(userAccountControl:1.2.840.113556.1.4.803:=32)) // allow only accounts with passwords
(mail=*) // with email
(uSNChanged=*) // eliminates few invalid accounts
(!(sAMAccountName=_*))
(!(sAMAccountName=#*))
(!(sAMAccountName=$*))
Compiled query:
(&(samAccountType=805306368)(!sAMAccountName=*)(userAccountControl:1.2.840.113556.1.4.803:=512)(!(userAccountControl:1.2.840.113556.1.4.803:=32))(mail=*)(uSNChanged=*)(!sAMAccountName=_*)(!sAMAccountName=#*)(!sAMAccountName=$*))Upvotes: 5
Related Questions
- fetch active directory user data using C#
- Query to LDAP on WIndows Server to get Active Directory's User
- How to get all the user's details from Active Directory using LDAP
- LDAP query to return user
- LDAP query to return all users in a group
- Query Active Directory in C#
- How to retrieve all users of Active Directory?
- How do I dump users from active directory?
- LDAP Query for OU's
- LDAP Query with sub result