Searching Active Directory

Forego scripting—try this LDAP query in the ADUC.

Bill, does Microsoft really want to be an enterprise product? Why in the world can't I do a search for a group in Active Directory Users and Computers using a partial string? It seems that the find function only supports a search using the beginning of a string or the end of a string.

I finally had to write a tiny script to search for group names for myself using VBScript and the Instr function. How sad is that? Does Microsoft really want to be enterprise software? Do they realize how many groups medium to large companies have? Or am I missing something? Any insight would be appreciated.
—Name withheld by request

Answer: The Find window in AD Users and Computers doesn't expose internal string searches directly because they are computationally expensive for the domain controller.

That being said, you can construct your own LDAP query for internal portions of strings without resorting to scripts. Here's how:

  1. Open the Find window in ADUC.
  2. In the Find dropdown field, select Custom Search.
  3. Click the Advanced tab. This shows a field for entering a custom LDAP search.
Get Help from Bill

Got a Windows or Exchange question or need troubleshooting help? Or maybe you want a better explanation than provided in the manuals? Describe your dilemma in an e-mail to Bill at mailto:[email protected]; the best questions get answered in this column.

When you send your questions, please include your full first and last name, location, certifications (if any) with your message. (If you prefer to remain anonymous, specify this in your message but submit the requested information for verification purposes.)

If you're accustomed to VBScript, then you'll find LDAP search syntax to be a little counterintuitive because all Boolean operators go to the front of the expression. For example, here's a search for all user accounts that have the letters "min" somewhere in the name:

(&(objectcategory=user)(name=*min*))

In a pristine instance of Active Directory, this search would return Administrator in the pick list in the Find window.

If you want to find every user, group, and contact with the letters "count" in the Description field, here's the syntax (this would be all one entry with no line endings):

(&(|(objectcategory=user)(objectcategory=group)
(objectcategory=contact))(description=*count*))

If you don't like doing all that typing each time you want to fire off a search, then load the Windows Server 2003 admin tools (adminpak.msi) on a Windows XP SP1 machine and use that version of ADUC to manage your Windows 2000 domains. This tool has a Saved Queries feature that permits you to create little folders that return the search results in graphical form in the right pane of the ADUC window.

About the Author

Contributing Editor Bill Boswell, MCSE, is the principal of Bill Boswell Consulting, Inc. He's the author of Inside Windows Server 2003 and Learning Exchange Server 2003 both from Addison Wesley. Bill is also Redmond magazine's "Windows Insider" columnist and a speaker at MCP Magazine's TechMentor Conferences.

Featured

  • Microsoft Appoints Althoff as New CEO for Commercial Business

    Microsoft CEO and chairman Satya Nadella on Wednesday announced the promotion of Judson Althoff to CEO of the company's commercial business, presenting the move as a response to the dramatic industrywide shifts caused by AI.

  • Broadcom Revamps VMware Partner Program Again

    Broadcom recently announced a significant update regarding its VMware Cloud Service Provider (VCSP) program, coinciding with the release of VMware Cloud Foundation (VCF) 9.0, a key component in Broadcom’s private cloud strategy.

  • Closeup of the new Copilot keyboard key

    Microsoft Updates Copilot To Add Context-Sensitive Agents to Teams, SharePoint

    Microsoft has rolled out a new public preview for collaborative "always on" agents in Microsoft 365 Copilot, bringing enhanced, context-aware tools into Teams channels, meetings, SharePoint sites, Planner workstreams and Viva Engage communities.

  • Windows 365 Cloud Apps Now Available for Public Preview

    Microsoft announced this week that Windows 365 Cloud Apps are now available for public preview. This aims to allow IT administrators to stream individual Windows applications from the cloud, removing the need to assign Cloud PCs to every user.