Active Directory Search Filter Examples

Active Directory Search filter enables you to define search criteria and provide more efficient and effective searches.
Note: You can see the equivalent attribute name of a Display name through this article 
http://morgantechspace.blogspot.in/2013/08/active-directory-attribute-mapping-with.html

Account and Password Status based Filters

All Users (&(objectCategory=person)(objectClass=user)(!sAMAccountType=805306370))
Enabled Users (&(objectCategory=person)(objectClass=user)(!sAMAccountType=805306370)(!userAccountControl:1.2.840.113556.1.4.803:=2))
Disabled Users (&(objectCategory=person)(objectClass=user)(!sAMAccountType=805306370)(userAccountControl:1.2.840.113556.1.4.803:=2))
LockedOut Users (&(objectCategory=person)(objectClass=user)(!sAMAccountType=805306370)(lockouttime>=1))
Never LoggedOn Users (&(objectCategory=person)(objectClass=user)(!sAMAccountType=805306370)(|(lastlogon=0)(!lastlogon=*)))
Password must change on Next Logon Users (&(objectCategory=person)(objectClass=user)(!sAMAccountType=805306370)(pwdlastset=0))
Password Never Expire Users (&(objectCategory=person)(objectClass=user)(!sAMAccountType=805306370)(userAccountControl:1.2.840.113556.1.4.803:=65536))
Password Required Users (&(objectCategory=person)(objectClass=user)(!sAMAccountType=805306370)(!userAccountControl:1.2.840.113556.1.4.803:=32))
Password Not Required Users (&(objectCategory=person)(objectClass=user)(!sAMAccountType=805306370)(userAccountControl:1.2.840.113556.1.4.803:=32))

User Name based Filters

Users whose First Name is equal to ‘Jack’ (&(objectCategory=person)(objectClass=user)(!sAMAccountType=805306370)(givenName=Jack))
Users whose First Name starts with ‘Jack’ (&(objectCategory=person)(objectClass=user)(!sAMAccountType=805306370)(givenName=Jack*))
Users whose First Name ends with ‘Jack’ (&(objectCategory=person)(objectClass=user)(!sAMAccountType=805306370)(givenName=*Jack))
Users whose First Name contains ‘Jack’ (&(objectCategory=person)(objectClass=user)(!sAMAccountType=805306370)(givenName=*Jack*))
Users whose First Name is not equal to ‘Jack’ (&(objectCategory=person)(objectClass=user)(!sAMAccountType=805306370)(!givenName=Jack))
Users whose First Name is not starts with ‘Jack’ (&(objectCategory=person)(objectClass=user)(!sAMAccountType=805306370)(!givenName=Jack*))
Users whose Last Name is equal to ‘Morgan’ (&(objectCategory=person)(objectClass=user)(!sAMAccountType=805306370)(sn=Morgan))
Users whose Display Name is equal to ‘Martin’ (&(objectCategory=person)(objectClass=user)(!sAMAccountType=805306370)(displayName=Martin))
Users whose Logon Name is equal to ‘John’ (&(objectCategory=person)(objectClass=user)(!sAMAccountType=805306370)(userPrincipalName=John))
Users whose Logon Name(Pre-Windows 2000) is equal to ‘John’ (&(objectCategory=person)(objectClass=user)(!sAMAccountType=805306370)(sAMAccountName=John))

Organization based Filters

Users based on Department ‘Admin’ (&(objectCategory=person)(objectClass=user)(!sAMAccountType=805306370)(department=Admin))
Users based on Job Title ‘SQL Admin’ (&(objectCategory=person)(objectClass=user)(!sAMAccountType=805306370)(title=SQL Admin))
Users based on Office ‘CA 12’ (&(objectCategory=person)(objectClass=user)(!sAMAccountType=805306370)(physicalDeliveryOfficeName=CA 12))
Users whose Company name starts with ‘Dell’ (&(objectCategory=person)(objectClass=user)(!sAMAccountType=805306370)(company=Dell*))
Users whose Company name ends with ‘Tech’ (&(objectCategory=person)(objectClass=user)(!sAMAccountType=805306370)(company=*Tech))

Related Articles:

– Active Directory Attribute mapping with Friendly name – user
– Active Directory Search Filter Examples
– Create new Active Directory User in C#
– How to get list of all domain controllers in C#
– Remote Group Policy update using gpupdate in C#
– Restore a deleted Active Directory object using C#
– Active Directory search filter by ObjectGuid 

Thanks,
Morgan
Software Developer

Advertisement

5 thoughts on “Active Directory Search Filter Examples”

Leave a Comment