Reputation: 83
Get all AD users except those that are in specific OU LDAPFilter
We currently need to get all users except those that are in the OU "Printers" and "Cameras". We can only use a LDAPFilter for this but everything we tried does not work. Its still give use all users with those in the OU Printers and Cameras. Here what we tried:
Get-ADObject -LDAPFilter "(&(objectClass=user)(!(objectClass=computer))(!(ou=Printers)))" -Properties *
We also tried by doing something like this :
Get-ADObject -LDAPFilter "(&(objectClass=user)(!(objectClass=computer))(!(memberof:1.2.840.113556.1.4.1941:=(CN=MyGroup,OU=Printers,DC=MyDomName,DC=MyDomExt))))" -Properties *
What are we missing? Do we have an error in our syntax?
Upvotes: 0
Views: 3829
Answers (2)
Reputation: 10976
I am assuming that you have OU=computer and OU=Cameras OUs at within the same search base and there are "users" in both of those OUs.
If you can NOT filter by some other criteria other than the containers they are in, you can not perform a single LDAP query within Microsoft Active Directory to accomplish the task.
If there are no "Users" in those containers you might be able to use:
(&(objectCategory=person)(objectClass=user))
or
(sAMAccountType=805306368)
Upvotes: 1
Reputation: 199
try this
Get-ADObject -LDAPFilter "(&(objectClass=user)(!(objectClass=computer))(!(distinguishedName=*ou=Printers*)))" -Properties *
Upvotes: 0
Related Questions
- Is it possible to do ldap query and exclude certain OU?
- LDAP exclude sub OU from search
- LDAP: Filter users belonging to a group across multiple OU's
- AD search filter syntax for "all users in a specified OU DN path"
- How to use a filter to avoid a sub OU in Active Directory?
- LDAP Query to return OU which contains a given user
- LDAP Query -- Find Users who ONLY belong to "Domain Users" group
- LDAP Filter - Find all users of specific OU
- LDAP filter - List all the users in a specific OU
- LDAP query for all users in sub OUs within a particular OU