Active Directory LDAP Filter String - Users and Computers.
In Active Directory Users and Computers (ADUC), users can right-click an OU and select Find to search from all objects in the OU. The first tab provides the user with a Name and Description field to use for simple queries. However, the Name field displays a search for multiple AD fields, such as canonicalName, sAMAccountName, and distinguished name. I have not been able to find the MSDN documentation that describes the complete list of fields used when searching for ADUC this way.
Now I am writing a C # application where one of the requirements is AD lookup for an object. Since it parses user input and different users prefer different identifiers, the object name might be what the object will return using the ADUC search dialog. I am using System.DirectoryServices.DirectorySearcher for this, but I cannot reproduce the exact behavior of ADUC.
Exactly what fields is the Name field in the ADUC Find dialog query, and what is the equivalent LDAP filter string?
source to share
Following Esteban's advice, I ran the AdInsight utility provided by Sysinternal and pulled out this filter string:
(& (& (| (& (ObjectCategory = person) (objectSid =) (samAccountType :! 1.2.840.113556.1.4.804: = 3)) (& (ObjectCategory = person) (objectSid =)) (& (ObjectCategory = group) (groupType: 1.2.840.113556.1.4.804: 14 =))) (ANR = MyObjectID *)))
However, if you are not interested in types and want to see ALL objects, this seems to still work:
(& (ANR = MyObjectID *))
source to share