HANDY-AD-LDAP-QUERY

Locked Out Users

(&(&(&(&(objectCategory=person)(objectClass=user)(lockoutTime:1.2.840.113556.1.4.804:=4294967295)))))

Dial In Access

(&(&(&(&(objectCategory=person)(objectClass=user)(msNPAllowDialin=TRUE)))))

Disabled User Accounts

(&(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=2))

No Expiring Accounts

(&(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=65536))

Active Accounts

(&(&(objectCategory=person)(objectClass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2)))

Hidden Mailboxes

(&(objectCategory=person)(objectClass=user)(msExchHideFromAddressLists=TRUE))

Windows 2000 SP4

(&(&(&(objectCategory=Computer)(operatingSystem=Windows 2000 Professional)(operatingSystemServicePack=Service Pack 4))))

Windows XP SP3

(&(&(&(&(&(&(&(objectCategory=Computer)(operatingSystem=Windows XP Professional)(operatingSystemServicePack=Service Pack 3))))))))

Vista SP1 Machines

(&(&(&(&(sAMAccountType=805306369)(objectCategory=computer)(operatingSystem=Windows Vista*)(operatingSystemServicePack=Service Pack 1)))))

Windows 7 SP1

(&(&(&(&(&(&(&(objectCategory=Computer)(operatingSystem=Windows 7*)(operatingSystemServicePack=Service Pack 1))))))))

Windows 8

(&(&(&(&(&(&(&(objectCategory=Computer)(operatingSystem=Windows 7*))))))))

All Workstations

(sAMAccountType=805306369) or (objectCategory=computer)

All computer accounts which are disabled:#

(&(objectClass=computer)(userAccountControl:1.2.840.113556.1.4.803:=2))

Returns odd computres if their netbios names end with a Letters

(|(name=*zz)(name=*zy)(name=*xzy))

All non Windows 2000 Workstations

((sAMAccountType=805306369)!(operatingSystem=Windows 2000 Professional))

2003 Servers Non-DCs

(&(&(&(samAccountType=805306369)(!(primaryGroupId=516)))(objectCategory=computer)(operatingSystem=Windows Server 2003*)))

2003 Servers Non-DCs

(&(&(&(samAccountType=805306369)(!(primaryGroupId=516)))(objectCategory=computer)(operatingSystem=Windows Server 2008*)))

2003 Servers - DCs

(&(&(&(samAccountType=805306369)(primaryGroupID=516)(objectCategory=computer)(operatingSystem=Windows Server 2003*))))

2008 Servers - DCs

(&(&(&(samAccountType=805306369)(primaryGroupID=516)(objectCategory=computer)(operatingSystem=Windows Server 2008*))))

2012 Servers - DCs

(&(&(&(samAccountType=805306369)(primaryGroupID=516)(objectCategory=computer)(operatingSystem=Windows Server 2012*))))

Server 2008

(&(&(&(&(samAccountType=805306369)(!(primaryGroupId=516)))(objectCategory=computer)(operatingSystem=Windows Server 2008*))))

Server 2012

(&(&(&(&(samAccountType=805306369)(!(primaryGroupId=516)))(objectCategory=computer)(operatingSystem=Windows Server 2012*))))

Commonly used Active Directory attributes for computer accounts: