Re: ADSI Query to filter out machine accounts in the domain

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: Willy Denoyette [MVP] (willy.denoyette_at_pandora.be)
Date: 03/08/04 

Date: Mon, 8 Mar 2004 20:29:12 +0100

Marc,
No the objectCategories are:
builtinDomain, computer, contact, container, domain, domainDNS,
lostAndFound,
group,organizationalUnit, organizationalPerson, person, secret, user and a
few more which I can't remember for now), but "domain controllers" and
"domain computers" are account groups ; respectively - 'security enabled
universal group' and 'security enabled account group' types (see, there is
no difference between computer accounts and user accounts in AD).
So, when using group as filter all group types will be returned in the
collection, to exclude some group types you will have to use some constraint
based on a group property like cn.

When using "(&(objectCategory=group)(!cn=domain computers)(!cn=domain
controllers))"; as filter the SearchResultCollection will contain all groups
except the groups cn=domain computers and cn=domain controller.

Willy.

"Marc Scheuner [MVP ADSI]" <m.scheuner@inova.SPAMBEGONE.ch> wrote in message
news:j13p409l6q26vsv2fuogfgt0f7hk811qrj@4ax.com...
> >Not really, "DomainCoputers" and "Domain controllers" are no
>>objectCategories.
>
> Okay - there is one for server or domain controllers, no?
>
> Then - what good does the !cn=domain controllers filter really do?
> Will this exclude all the subobjects in that container?
>
> Marc
> ================================================================
> Marc Scheuner May The Source Be With You!
> Bern, Switzerland m.scheuner(at)inova.ch

Relevant Pages

  • Re: Removed Domain Controller Replication Issues
    ... Objects container, not the Lost and Found container ... If the case is DCs have been disconnected for more than the tombstone ... >> office domain controllers failed, this domain controller was then removed ...
    (microsoft.public.win2000.active_directory)
  • Re: Question about containers and User Groups
    ... The email server is called SmarterMail. ... If it were really integrated with AD it would USE the AD accounts ... When it finds the user in the Users Container it ... called Computers. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Question about containers and User Groups
    ... The email server is called SmarterMail. ... If it were really integrated with AD it would USE the AD accounts directly. ... When it finds the user in the Users Container it ... Users) or OUs containing the Computer accounts (to affect the Computers.) ...
    (microsoft.public.windows.server.active_directory)
  • Re: Moving computers to another domain
    ... your scripts? ... However, the default container for computer objects in AD is a container, so ... For Each objComputer In objOldContainer ... >>> computer accounts now. ...
    (microsoft.public.scripting.wsh)
  • Re: script to retrieve active users that are not in a specific OU
    ... not buildin accounts ... not in an organization unit ... Administrator, Guest, etc. ... container, assuming that is the only container in your domain with users. ...
    (microsoft.public.windows.server.scripting)