For the management of Active Directory objects, an efficient tool such as ADUC MMC (Active Directory User and Computers) is vital.

At Ibmi Media, as part of our Server Management Services, we regularly help customers to fix Windows related queries issues.

In this context, we will look into utilizing queries in ADUC MMC (Active Directory User and Computers).

What exactly is ADUC MMC used for?

The Active Directory Users and Computers MMC is the most commonly used tool to manage Active Directory objects.

For the creation of complex LDAP filters which helps to select Active Directory objects, the saved queries in Active Directory Users and Computers (ADUC) MMC console is used.

The primary feature of these Saved queries is that it helps to perform common AD object administration tasks quickly. In the process of running any saved LDAP queries, group operations with objects from different OUs containers can be performed by the administrator of the Active Directory.

What process to take when creating a Saved Query in the ADUC MMC Console?

Follow the following steps to display a list of active user accounts, email addresses and department names of objects by searching in an Active Directory Users and Computers Console employing Saved LDAP queries.

i. To begin, access the ADUC console (dsa.msc) and do a right click on Saved Queries. Next select New followed by Query.

ii. Now in the Name box, Enter the name of the saved query which you want to show in the ADUC console.

iii. Also note the container (OU) to search the query in its root field. By default, once a query search is triggered it reflects in the entire AD domain.

iv. Next, click on the Define Query button and your will see a dropdown where you should select the Custom Search option.

v. Navigate to the Advanced tab and copy the LDAP query stated below into the LDAP query box to enable user account;

(&(objectcategory=person)(objectclass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2))

vi. Save changes by clicking on the OK button.

vii. Then make a selection of the query you created in the ADUC Console and press F5 to build the list of Object. This will display a list of users in the right window as per the LDAP query.

viii. For additional user attributes, select Add/Remove Columns which is in the View menu in the ADUC console. Here you can add any column of your choice.

ix. You can save the list of user accounts as a TXT or CSV file for future use and analysis. 

In a Window Server computer objects for a domain, you can follow the following steps to list objects;

i. Locate the Computers.

ii. Next, click on the Advanced tab.

iii. In the Fields section, navigate to the Operating System.

iv. In the Operating System, select the Condition "Starts with" followed by the criteria "Windows Server *".

You can also add multiple search criteria to your saved query. "*" signifies the wildcard which can be used to specify a server with "*Server*".

With PowerShell, LDAP Filters can be handled by using different LDAP filters to get AD objects in the PowerShell console. The query to complete this action is stated below;

Get-ADUser -LdapFilter "(&(objectCategory=person)(objectClass=user)(department=*Sales department*))"| ft -a DisplayName,department

Essential cmdlets such as Get-ADComputer, Get-ADUser, and Get-ADGroup are used to get objects of a certain type which are computers, users, or group.

Need support in fixing Windows queries? We are available to help you.