SHARE

Learn AD in 15 Minutes a Week: Lightweight Directory Access Protocol Page 4

Written By

Jul 20, 2010

ServerWatch content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

Using LDAP to Query Active Directory Objects

To search the Active Directory for
objects you would open the Active Directory Users and
Computers console and choose whichever domain or container
in the console tree you wanted to search and click Find.

You can change the FIND field by
dropping the selection window and choosing from the
different selections given. Also, if you decided that you no
longer wish to search the domain you have chosen but rather
the entire directory, you can change that in the IN field.

The global catalog contains a partial
replica of the entire Active Directory. The local global
catalog server stores all of the information about every
object in the local domain and a partial subset of
information from all objects in every other domain in the tree and forest.
Because the global catalog contains information about every
object, a user can find information regardless of which
domain in the tree or forest contains the data. Active
Directory automatically generates the contents of the global
catalog from the domains that make up the directory.

Below are some of the object types that can be found via
the FIND method

Object Type	Description
User account	Allows a user to log on to Windows 2000. This object will have other optional fields that can be filled in as well, usually dealing with the user. (e.g. phone number, email address, etc.)
Contact	This object will have information pertaining to the workplace or organizational, as well as other optional fields. (e.g. phone number, email address, etc.).
Group	This object is a collection of user accounts, groups, or computers that you can create to simplify administration.
Shared folder	This object is a pointer (think alias or shortcut) to the shared folder on a computer. The actual shared folders and printers exist in the registry of a computer. When a shared folder is published in Active Directory, an object that contains a pointer to the shared object is created.
Printer	This object is a pointer (think alias or shortcut) to the shared printer on a computer. You must manually publish a printer on a computer that is not in Active Directory, such as Windows 95, 98 and NT. Microsoft Windows 2000 automatically adds printers that you create on domain computers to Active Directory.
Computer	The information about a computer that is a member of the domain.
Domain controllers	This object contains the information about the domain controllers, their Domain Name System (DNS) names, its legacy alias, the version of the operating system it is running, the location, and the name of the administrator who is responsible for managing the domain controller.
Organizational Unit (OU)	Contains other objects, including other OUs. Used to organize Active Directory objects.

Below are some of the fields and entry
values for searching Active Directory.

Search Data	Description of Field
Find	A list of object types for which you can search. A custom search builds the Lightweight Directory Access Protocol (LDAP) query or allows you to enter your own LDAP query based on parameters you enter.
In	Sets the focus of the search.
Browse	Allows you to look for a search path or parameter.
Advanced	Allows you to define specific search criteria to locate objects. When you choose custom search, the Advanced tab allows you to type in the query or create a search using one of the common available attributes, organized by object type on the Custom Search tab. The Custom Search tab provides the same elements that are otherwise found on the Advanced tab.
Field	Located in the Advanced tab, FIELD allows you to define specific search criteria to locate objects when you choose custom search.
Condition	Located in the Advanced tab, it allows you to further define the search criteria for an attribute.
Value	Located in the Advanced tab, VALUE allows you to enter the value for the condition of the field (attribute) that you are using to search the Directory.
Search Criteria	Located in the Advanced tab, this box lists each search criteria that you have defined. To define a search criterion you use the Field list, Condition list, and Value box, then click Add. To remove search criteria, select the criteria, then click Remove. You can add or remove search criteria to broaden or narrow your search.

Using LDP.EXE to Perform Active
Directory Searches

In the Windows 2000 Resource Kit there is the LDP.EXE
utility, which is a GUI-based tool that can be used to
perform LDAP searches. This also allows administrators to
query data that might not otherwise be visible through
the Administrative tools, such as objects stored in Active
Directory along with their metadata, security descriptors
and replication metadata. LDP.EXE is found in
Support Tools kit under
supporttools.

In-depth information on this tool and its use can be found
in the Microsoft Knowledgebase article –

Using Ldp.exe to Find Data in the Active Directory (Q224543)

Well, that wraps up this section
of Lightweight Directory Access Protocol (LDAP). I hope you found it informative and
will return for the next installment of Learn Active
Directory Design and Administration in 15 Minutes a Week.

If you have any questions, comments or
even constructive criticism, please feel free to drop me a
note.

I want to write good, solid technical
articles that appeal to a large range of readers and skill
levels and I can only be sure of that through your feedback.

Until then, best of luck in your
studies.

Jason Zandri
Jason@Zandri.net

www.2000trainers.com

Learn AD in 15 Minutes a Week: Lightweight Directory Access Protocol Page 4

ServerWatch Staff

Recommended for you...

Company

Categories