Calling all LDAP query experts!!!

kiki162

I need some help with that, and I think I'm in the ballpark. I need to know how to query all of the PC's within an AD site using LDAP?

This is what I have below. I can pull DC's for each site, but I need to grab all of the PC/Servers as well.

Pull DC’s for Paris site
CN=Paris,CN=Sites,CN=Configuration,DC=contoso,DC=com
(objectclass=*)

Pull all of the domain controllers in every site
CN=Sites,CN=Configuration,DC=contoso,DC=com
(objectclass=*)

Pull all of the PC’s in contoso root domain
DC=contoso,DC=com
(&(objectClass=Computer)(objectCategory=Computer))


I'm not looking for a script here, just an LDAP query.

bohack

Kiki, All you need to do is add the primary group id of 516 that will give you DCs. Regular computer accounts are primary group id of 515.(&(objectClass=Computer)(primaryGroupID=516)(objectCategory=Computer ))Jon

BornToBeMild

I don't think you can get all PCs in an AD Site via LDAP. Site information is not stored against the Computer object. A Computer will calculate it's Site on first connection to AD, and at various points subsequently. It stores that information locally in the registry, but it's not stored in AD.

You can report DCs in a Site because AD registers a Server object in the Servers container in the Site. The Server object has a link that points to the DC computer object. So DCs for Paris site would be:

CN=Paris,CN=Sites,CN=Configuration,DC=contoso,DC=com (objectClass=server)

kiki162

@bohack that string doesn't work, unless you are using something specific for your Base.

@Born I would almost agree on not being able to pull PC's per AD site. Too bad you can't do some sort of query to get that information. I think I need to focus more on pulling from the domains instead

ivandavids

Hi , the query sent in by @bohack does work.

in AD make sure you are selecting "Custom Search" and then "Advanced". From there you should be able to copy and paste the ldap query

(&(objectClass=Computer)(primaryGroupID=515)(objectCategory=Computer))