Using LDAP to Query Active Directory Objects
To search the Active Directory for
objects you would open the Active Directory Users and
Computers console and choose whichever domain or container
in the console tree you wanted to search and click Find.
You can change the FIND field by
dropping the selection window and choosing from the
different selections given. Also, if you decided that you no
longer wish to search the domain you have chosen but rather
the entire directory, you can change that in the IN field.
The global catalog contains a partial
replica of the entire Active Directory. The local global
catalog server stores all of the information about every
object in the local domain and a partial subset of
information from all objects in every other domain in the tree and forest.
Because the global catalog contains information about every
object, a user can find information regardless of which
domain in the tree or forest contains the data. Active
Directory automatically generates the contents of the global
catalog from the domains that make up the directory.
Below are some of the object types that can be found via
the FIND method
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Below are some of the fields and entry
values for searching Active Directory.
Search Data |
Description of Field |
Find |
A list of object |
In |
Sets the focus |
Browse |
Allows you to |
Advanced |
Allows you to |
Field |
Located in the |
Condition |
Located in the |
Value |
Located in the |
Search Criteria |
Located in the |
Using LDP.EXE to Perform Active
Directory Searches
In the Windows 2000 Resource Kit there is the LDP.EXE
utility, which is a GUI-based tool that can be used to
perform LDAP searches. This also allows administrators to
query data that might not otherwise be visible through
the Administrative tools, such as objects stored in Active
Directory along with their metadata, security descriptors
and replication metadata. LDP.EXE is found in
Support Tools kit under
supporttools.
In-depth information on this tool and its use can be found
in the Microsoft Knowledgebase article –
Using Ldp.exe to Find Data in the Active Directory (Q224543)
Well, that wraps up this section
of Lightweight Directory Access Protocol (LDAP). I hope you found it informative and
will return for the next installment of Learn Active
Directory Design and Administration in 15 Minutes a Week.
If you have any questions, comments or
even constructive criticism, please feel free to drop me a
note.
I want to write good, solid technical
articles that appeal to a large range of readers and skill
levels and I can only be sure of that through your feedback.
Until then, best of luck in your
studies.
Jason Zandri
Jason@Zandri.net
www.2000trainers.com