Simple Guidelines To Query Active Directory

Are you struggling to learn about the query active directory? Does it seem tough for you? Let’s read this post to learn more about this special Microsoft feature!

Microsoft is famous for the way the manufacturers always try their best to optimize and bring the best services available to their customers based on the demand group.

In terms of network system management, they also introduce the query active directory to control the network resources’ assessment and authority.

In this post, let’s dive deep into the query active directory and see how you can use it more effectively.

Active Directory – What You Need To Know

What Is An Active Directory?

First, we need to clarify what is an active directory (called AD). In short, it is a product from the Microsoft manufacturer, including some separate services with the main purpose of controlling the network’s assessment.

How could AD manage the network? Well, the active directory, as you can see from the name “directory,” – this feature organizes data as small, separate objects. Every domain can be an “object” from the user, group, application, or devices such as printer, photocopier, scanner, etc.

To be specific, an active directory will classify the “object” based on the name and features. For example, each file is labeled as a string of keys, the first is the name, and the following string is password, secure shell key, format, etc.

Active Directory’s interface

Inside each active directory is a “domain service” (Active Directory Domain Service – ADDS). What is the function of this item? Well, let me clarify it. After classifying the “objects” into names and features, the ADDS will process the interaction between user and admin.

Whenever the user login to any devices in the system or connect to the system by external networks, the ADDS will automatically control the assessment authority of that device. For example, the “moderator” user will have more chances to access “secret” files, while the normal users cannot.

At the same time, “Exchange Server” and “SharePoint Server” – other services from Microsoft, will base on the signal from ADDS to know which resources or authority to provide to its account user.

Main Features Of Active Directory

As mentioned above, the active directory organizes the items into different “classes,” from the domain, tree, and forest. First, “domain” includes a user group that shares the same AD database. The domain naming system can be called DNS.

Integrating many small domains, we will have a “tree.” So, the “tree” will include many small domain families, right? How can they classify such a big database? Well, the “tree” is equipped with a special classification system that allows independent authority management for each domain.

Following the classification logic, you can immediately understand what “forest” means, right? In short, a forest is a group of many trees. With the outburst of data, each forest contains an in-depth, clear, logical organization from shared files, schema, device information, and user IP.

The basic structure of “active directory”.

Now that you have already understood the labeling system of AD, you may wonder, “How could I connect two Windows PCs together using the peer-to-peer network?” You have to set up the “Workgroup” add-ons then. Two devices using the same-level network can connect.

How to Activate LDAP Query?

The process of executing LDAP queries is quite lengthy and complicated, so let’s go step-by-step to understand the procedure better. We recommend you apply our guidance immediately.

First, we want to clarify “What is LDAP?” Well, in short, LDAP is an abbreviation for lightweight directory access protocol. So, how LDAP relates to AD – the main topic of this post? The answer is: LDAP is a small feature available in the AD system.

For instance, suppose you want to perform an LDAP query to seek AD users with “Users must change password at next login session” enabled. Then, the code is:


Secondly, we need to use the ADUC console to activate the LDAP query. After opening the ADUC console section, find the “Saved Queries” option, then create a new query by clicking on New → Query.

Create a new query

Thirdly, set the name for the newly-created query and choose “Define Query” to create. Next, find the “Custom Search” window, go to the Advanced tab, copy the LDAP query code into the “Enter LDAP query” field. Click the “OK” button twice.

Choose “Define Query”

What’s next? Now,turn off the “Custom Search” window, select the newly-created query in ADUC Saved Queries tree, and press F5. You will see an AD users list, all of which match the LDAP query. The criteria can be seen on the right pane.

Find the “Custom Search” window

A list of matched users will appear.

There is another way to execute LDAP query filters. On the Active Directory PowerShell module, you can find PowerShell cmdlets: Get-ADComputer, Get-ADUser, Get-ADGroup, and Get-ADObject. To specify, there is a special LdapFilter parameter used for searching Active Directory in each LDAP filter.

We will identify each cmdlet mentioned above. If you want to search for computers, use this syntax:

Get-ADComputer –LDAPFilter’ your ldap query’

In case you want to find AD distribution and security groups, choose the Get-ADGroup cmdlet:

Get-ADGroup –LDAPFilter {LDAP_query}

However, suppose you don’t know what is the right syntax to seek for; type the generic Get-ADObject cmdlet instead:

Get-ADObject -LdapFilter “(cn=*Brion*)

In this example, we enter the LDAP filter that matches users with the common name “Brion” and BrionTeam attributes.

If you already know the specific type of your demanded objects, then using the objectClass parameter.

Get-ADObject -LdapFilter “(&(objectClass=user)(cn=*Brion*))

You can also find the objects based on category.

Important LDAP syntax for faster coding

When using AD, it’s a must to study some important syntaxes so that you can work on them faster and more effectively.

The first syntax is for LDAP filter, or abbreviated as RFC 4515:


Here is a list of operators that you can also apply in the filter:

= Equal
>= More or equal
<= Less or equal
~= Approximately equal

It is quite difficult to understand, right? Don’t worry; we can sympathize with your feelings. Therefore, let us exemplify to you.

Let’s say you want the system to automatically return all items with the common name attribute Kate, then what should you type?


, with cn is the filter and Kate is the attribute, is the proper code then.

Another important filter in AD is “operators.” This element is helpful when you are using multiple search conditions at one time, and you want the system to return separate “object” groups with relevant conditions.

& AND — all conditions must be met
! NOT — the condition must not be met
| OR — any number of conditions can be met

Let’s go right to the example to understand it better. In case there are many users available, but you only want to choose those with Lee’s surname and a common name Kate., then you must type:

(& (cn=Kate) (sn=Lee)).

Meanwhile, if you demand to choose the objects having either “Kate” or “Lee,” then the right syntax is: (| (cn=Kate) (sn=Lee)).

To add in, if you want to remove all items with the following common name and surname, what should you use? The syntax

(! (cn=Kate) (sn=Lee)) is what you should choose.

You can also use several operators at once either. For instance, let’s create a filter to return objects with the common name “Kate” or “Julia,” but remove all surname “Lee,” then here is the syntax:

( & ( | (cn=Kate) (cn=Julia) (! (sn=Lee)))

To make the filter more specific, AD also provides the objectCategory and objectClass attributes to help you define the objects better. Here is the list of valid attributes: person, user, contact, computer, groups.

So, let’s try applying the previous syntax:

( ! (objectClass=user) (objectCategory=person) (sn=Lee))

Through this filter, the system will remove all users that are categorized as “person”, with the surname “Lee”.

LDAP Query Examples for Active Directory

After using AD for a while, we have figured out some special cases that you may struggle with when using it for the first time. Hence, let us list out some most common cases you may struggle with and how to solve them:

  1. To seek for administrators in Domain Admins, Enterprise Admins


2. Except block ones, list out all AD users at the meantime:


3. Select all disable users and display as a list:


4. Pick out users that didn’t fill in the “email” value:


5. Pick out the groups that one user is a member of:


The common name of this user is “Jon Brion”, belonging to the “employees” group.

6. Filter all disabled computer accounts:


7. Turn on all computers with Windows 10 operating system:

(objectCategory=computer)(operatingSystem=Windows 10*)

Sum up

We have discussed the query active directory through this article. This Microsoft feature is a great add-on that you should install immediately to boost the network management system.

To add in, we also introduce some special features of the active directory, which you should consider carefully before installing it. Good luck!

Scroll to Top