15.8. Searching for Objects in a Domain

Problem

You want to find objects that match certain criteria in a domain.

Solution

Using a graphical user interface

  1. Open LDP from the Support Tools (ldp.exe).

  2. From the menu, select Connection Connect.

  3. For Server, enter the name of a domain controller (or leave blank to do a serverless bind).

  4. For Port, enter 389. To perform a forest-wide search using the Global Catalog, enter 3268.

  5. Click OK.

  6. From the menu, select Connection Bind.

  7. Enter credentials of a user.

  8. Click OK.

  9. From the menu, select Browse Search.

  10. For BaseDN, type the base distinguished name where to start the search.

  11. For Scope, select the appropriate scope.

  12. For Filter, enter an LDAP filter.

  13. Click Run.

If you expect your search to return a large number of objects (e.g., more than 1000), you'll need to enable the Paged LDAP control to see them all in LDP.

  1. Click the Options button.

  2. For Timeout (s), enter a value such as 10.

  3. For Page size, enter the number of objects to be returned with each page, (e.g., 1000).

  4. Under Search Call Type, select Paged.

  5. Click OK.

  6. A page of results (i.e., 1000 entries) will be displayed each time you click on Run until all results have been returned.

Using a command-line interface

Use the following command to perform a search against a domain controller:

> dsquery * <BaseDN> -scope <Scope> -filter "<Filter>" -attr "<AttrList>"

The following example searches for all siteLink objects in the Configuration container:

> dsquery * "cn=configuration,dc=rallencorp,dc=com" -scope subtree ...

Get Windows Server Cookbook now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.