Re: Active Directory Search for attribute

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

---

• From: "Florian Frommherz [MVP]" <florian@xxxxxxxxxxxxxxxxxxxxxxxxxx>
• Date: Tue, 08 Dec 2009 08:08:03 +0100

---

Howdie!

Elvis schrieb:

Does anyone have a custom Quesry for Active Directory that is able to find a "null" value for any attributes within AD. We are looking to use an existing Active Directory Attribute field but need to be certain that it is not being used. Is there a way to seach AD to verify which attributes are not being used by anyone?

You probably want to return all objects that have a value set to an attribute. If the query does not return any objects, chances are the attribute isn't used.

The advice you got from Richard is great - checking with the start (*) operator gives you all objects that have a certain value set for the attribute:

(someAttribute=*)

If you're going to search an empty attribute for users only (cause you don't care about computers or the data you want to put into that empty attribute isn't applicable to computers, you might want to filter down further:

(&(objectClass=user)(objectCategory=person)(someAttribute=*))

Besides finding a good candidate for custom provisioning of data, you might want to think about making sure how data is
(a) entered there, as ADUaC isn't as flexible - and WHO manages the data
(b) secured against manual tempering in case it has to be read-only to a couple of candidates (note that objects themselves have permission to change most of their own attributes)
(c) something you to be replicated to Global Catalogs
(d) good to be replicated to RODCs.

Cheers,
Florian
--
Microsoft MVP - Group Policy
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.
ANY advice you get on the Newsgroups should be tested thoroughly in your lab.
.

---

• References:
  • Active Directory Search for attribute
    • From: Elvis

• Prev by Date: Re: OU Help Please
• Next by Date: Re: GPO Migrate between Domains and Forests
• Previous by thread: Re: Active Directory Search for attribute
• Next by thread: How to enumerate a domain group using LDAP?
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Documents missing after reboot ... documents have disappeared after turned on their computers. ... documents" folder is completely empty. ... followed ALL of the advice on a similar topic to try to remedy this ... (microsoft.public.windowsxp.general) Re: Documents missing after reboot ... documents have disappeared after turned on their computers. ... documents" folder is completely empty. ... followed ALL of the advice on a similar topic to try to remedy this ... (microsoft.public.windowsxp.general) Re: Dual Boot (follly) ... Just have a few computers at home and have been ... > mark and needed only include a few other bits of advice. ... Vince, this was a no-brainer! ... (Execpt if you were installing a Linux OS). ... (microsoft.public.windows.server.general) Re: XP home network issue ... It's good advice, Chuck. ... but here's all teh extra ... In 'View Network Computers', both machines can see the icon of the other. ... (microsoft.public.windowsxp.network_web) Re: drive size not accurate ... was working on computers when you were still in diapers. ... No. There's nothing to apologize for. ... I got the correction some time ago. ... If you are unhappy with that, and expect people to let your bad advice ... (microsoft.public.windowsxp.general)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Windows  > microsoft.public.windows.server.active_directory  > 2009-12