2010/09/27

Active Directory - Saved Queries (ADUC MMC)

Updated: 2013/03/29

Intro

Active Directory Users and Computers provides a Saved Queries folder in which administrators can create, edit, save, and organize saved queries. Before saved queries, administrators were required to create custom ADSI scripts that would perform a query on common objects. This was an often lengthy process that required knowledge of how ADSI utilizes LDAP search filters to resolve a query.

All queries located in the Saved Queries folder are stored in Active Directory Users and Computers (dsa.msc). Once you have successfully created your customized set of queries you can copy the .msc file to other domain controllers (located in the same domain) and use the same set of saved queries. You can also export saved queries to an .xml file and import them into other Active Directory User and Computer consoles located on domain controllers (within the same domain)

LDAP Syntax

Saved Queries

Windows XP Computers with Service Pack 2 Installed

(&(objectCategory=computer)(operatingSystem=Windows XP Professional)(operatingSystemServicePack=Service Pack 2))

Windows XP Computers with Service Pack 1 Installed

(&(operatingSystem=Windows XP*l)(operatingSystemServicePack=Service Pack 1)))

Windows XP Computers with No Service Pack Installed

Notice the “!” before operating SystemServicePack and the “*”. The “!” means NOT so the statement reads “NOT equal to anything” instead of NULL or empty quotes (”") like some other languages.

(&(operatingSystem=Windows XP Professional)(!operatingSystemServicePack=*)))

Windows Server 2003 No Service Pack 1

(&(objectCategory=computer)(operatingSystem=Windows Server 2003)(!operatingSystemServicePack=*))

Windows Server 2003 Service Pack 1 Installed

(&(objectCategory=computer)(operatingSystem=Windows Server 2003)(operatingSystemServicePack=Service Pack 1))

Windows 2000 Professional

(&(objectCategory=computer)(operatingSystem=Windows 2000 Professional))

Windows 2000 Server

(&(objectCategory=computer)(operatingSystem=Windows 2000 Server))

All Windows Server 2003 Servers

(&(objectCategory=computer)(operatingSystem=Windows Server 2003))

SQL Servers (running on Windows 2003) (please verify in your environment)

(&(objectCategory=computer)(servicePrincipalName=MSSQLSvc*)(operatingSystem=Windows Server 2003))

SQL Servers any Windows Server OS

(&(objectCategory=computer)(servicePrincipalName=MSSQLSvc*)(operatingSystem=Windows Server*))

Exchange Servers (running on Windows 2003) (please verify in your environment)

(&(objectCategory=computer)(servicePrincipalName=exchangeMDB*)(operatingSystem=Windows Server 2003))

Exchange Servers any Windows Server OS

(&(objectCategory=computer)(servicePrincipalName=exchangeMDB*)(operatingSystem=Windows Server*))

Windows Vista SP1

(&(objectCategory=computer)(operatingSystem=Windows Vista*)(operatingSystemServicePack=Service Pack 1))

Windows Server 2008 Enterprise

(&(objectCategory=computer)(operatingSystem=Windows Server® 2008 Enterprise)(operatingSystemServicePack=Service Pack 1))

Windows Server 2008 (all versions)

(&(objectCategory=computer)(operatingSystem=Windows Server® 2008*))

Notice the ® in the Windows 2008 values, it needs to be in the query or there won’t be any results.

Groups Like Service (finds any group name that contains the word service)

(objectcategory=group)(samaccountname=*service*)

Description Like Service (finds accounts in which the description contains the word service)

(objectcategory=person)(description=*service*)

Groups Like Admin (finds any groups whose name contains the word admin)

(objectcategory=group)(samaccountname=*admin*)

Universal Groups (finds groups with universal scope)

(groupType:1.2.840.113556.1.4.803:=8)

Groups with No Members (finds groups that have no members in them)

(objectCategory=group)(!member=*)

Note: The ! symbol means "Not" and * means "Has a value," so the combination of the two evaluates to “Doesn’t have a value.”

Global, Domain Local, or Universal Groups (finds any group defined as a Global Group, a

Domain Local Group, or a Universal Group)

(groupType:1.2.840.113556.1.4.804:=14)

Global, Domain Local, or Universal Groups with No Members (finds any group defined as a

Global Group, a Domain Local Group, or a Universal Group that has no members)

(groupType:1.2.840.113556.1.4.804:=14)(!member=*)

User Like Service (finds any account ID that has a name containing the word service)

(objectcategory=person)(samaccountname=*service*)

Password Does Not Expire (finds user accounts with nonexpiring passwords)

(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=65536)

No Employee ID (finds any user account that has no employeeid value)

(objectcategory=person)(!employeeid=*)

No Login Script (finds accounts that don't run a logon script)

(objectcategory=person)(!scriptPath=*)

No Profile Path (finds accounts that don’t have roaming profiles)

(objectcategory=person)(!profilepath=*)

Must Change Password and Not Disabled (finds nondisabled accounts that must change their password at next logon)

(objectCategory=person)(objectClass=user)(pwdLastSet=0)(!useraccountcontrol:1.2.840.113556.1.4.803:=2)

UserList Exclude Disabled Account (finds all user accounts except those that are disabled)

(objectCategory=person)(objectClass=user)(!useraccountcontrol:1.2.840.113556.1.4.803:=2)

Locked Out Accounts (finds all locked out accounts)

(objectCategory=person)(objectClass=user)(useraccountcontrol:1.2.840.113556.1.4.803:=16)

Domain Local Groups (finds groups with Domain Local scope)

(groupType:1.2.840.113556.1.4.803:=4)

Users with Email Address (finds accounts that have an email address)

(objectcategory=person)(mail=*)

Users with No Email Address (finds accounts with no email address)

(objectcategory=person)(!mail=*)

Find Groups that contains the word admin

(objectcategory=group)(samaccountname=*admin*)

Find users who have admin in description field

(objectcategory=person)(description=*admin*)

Find all Universal Groups

(groupType:1.2.840.113556.1.4.803:=8)

Empty Groups with No Members

(objectCategory=group)(!member=*)

Finds all groups defined as a Global Group, a Domain Local Group, or a Universal Group

(groupType:1.2.840.113556.1.4.804:=14)

Find all User with the name Bob

(objectcategory=person)(samaccountname=*Bob*)

Find user accounts with passwords set to never expire

(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=65536)

Find all users that never log in to domain

(&(&(objectCategory=person)(objectClass=user))(|(lastLogon=0)(!(lastLogon=*))))

Find user accounts with no log on script

(objectcategory=person)(!scriptPath=*)

Find user accounts with no profile path

(objectcategory=person)(!profilepath=*)

Finds non disabled accounts that must change their password at next logon

(objectCategory=person)(objectClass=user)(pwdLastSet=0)(!useraccountcontrol:1.2.840.113556.1.4.803:=2)

Finds all disabled accounts in active directory

(objectCategory=person)(objectClass=user)(useraccountcontrol:1.2.840.113556.1.4.803:=2)

Finds all locked out accounts

(objectCategory=person)(objectClass=user)(useraccountcontrol:1.2.840.113556.1.4.803:=16)

Finds Domain Local Groups

(groupType:1.2.840.113556.1.4.803:=4)

Finds all Users with Email Address set

(objectcategory=person)(mail=*)

Finds all Users with no Email Address

(objectcategory=person)(!mail=*)

Find all Users, Groups or Contacts where Company or Description is Contractors

(|(objectcategory=user)(objectcategory=group)(objectcategory=contact))(|(description=North*)(company=Contractors*))

Find all Users with Mobile numbers 712 or 155

(objectcategory=user)(|(mobile=712*)(mobile=155*))

Find all Users with Dial-In permissions

(objectCategory=user)(msNPAllowDialin=TRUE)

Find All printers with Color printing capability

Note: server name must be changed

(&(&(&(uncName=*Servername*)(objectCategory=printQueue)(printColor=TRUE))))

Find Users Mailboxes Overriding Exchange Size Limit Policies

(&(&(&objectCategory=user)(mDBUseDefaults=FALSE)))

Find all Users that need to change password on next login.

(&(objectCategory=user)(pwdLastSet=0))

Find all Users that are almost Locked-Out

Notice the “>=” that means “Greater than or equal to”.

(objectCategory=user)(badPwdCount>=2)

Find all Computers that do not have a Description

(objectCategory=computer)(!description=*)

Find all users with Hidden Mailboxes

(&(objectCategory=person)(objectClass=user)(msExchHideFromAddressLists=TRUE))

Find all Windows 2000 SP4 computers

(&(&(&(objectCategory=Computer)(operatingSystem=Windows 2000 Professional)(operatingSystemServicePack=Service Pack 4))))

Find all Windows XP SP2 computers

(&(&(&(&(&(&(&(objectCategory=Computer)(operatingSystem=Windows XP Professional)(operatingSystemServicePack=Service Pack 2))))))))

Find all Windows XP SP3 computers

(&(&(&(&(&(&(&(objectCategory=Computer)(operatingSystem=Windows XP Professional)(operatingSystemServicePack=Service Pack 3))))))))

Find all Vista SP1 computers

(&(&(&(&(sAMAccountType=805306369)(objectCategory=computer)(operatingSystem=Windows Vista*)(operatingSystemServicePack=Service Pack 1)))))

Find All Workstations

(sAMAccountType=805306369)

Find all 2003 Servers Non-DCs

(&(&(&(samAccountType=805306369)(!(primaryGroupId=516)))(objectCategory=computer)(operatingSystem=Windows Server 2003*)))

Find all 2003 Servers – DCs

(&(&(&(samAccountType=805306369)(primaryGroupID=516)(objectCategory=computer)(operatingSystem=Windows Server 2003*))))

Find all Server 2008

(&(&(&(&(samAccountType=805306369)(!(primaryGroupId=516)))(objectCategory=computer)(operatingSystem=Windows Server 2008*))))

Find all user accounts that have the name “srv_acct” in them, if your service accounts follow a naming convention.

(objectcategory=person)(samaccountname=*srv_acct*)

Find all groups that have no members

(objectCategory=group)(!member=*)

Find users that have non-expiring passwords.

(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=65536)

Find users created between 2010-01-01 and 2011-01-01

(&(&(objectCategory=user)(whenCreated>=20100101000000.0Z&<=20110101000000.0Z&)))

2010/09/06

Application command name for Windows

http://social.technet.microsoft.com/wiki/contents/articles/application-command-name-for-windows.aspx

Application command name for Windows

If you encounter any problem launching some of the program, please try the following :

Press the Windows Key + R on your keyboard or click on Start > Start Search and type this command

Add/Remove Programs = appwiz.cpl

Administrative Tools = control admintools

Authorization Manager= azman.msc

Calculator = calc

Certificate Manager = certmgr.msc

Character Map = charmap

Check Disk Utility = chkdsk

Command Prompt = cmd.exe

Component Services = dcomcnfg

Computer Management = compmgmt.msc

Control Panel = control

Date and Time Properties = timedate.cpl

Defragment User Interface = dfrgui

Device Manager = devmgmt.msc

Direct X Troubleshooter = dxdiag

Disk Cleanup Utility = cleanmgr

Disk Management = diskmgmt.msc

Disk Parmelonion Manager = diskpart

Display Properties = control desktop or, alternatively desk.cpl

Ditilizer Calibration Tool = tabcal

Downloads = Downloads

DPI Scaling = dpiscaling

Driver Package Installer = dpinst

Driver Verifier Utility = verifier or, alternatively reset

DVD Player = dvdplay

Encryption File System = rekeywiz

Event Viewer = eventvwr.msc

Fax Cover Sheet Editor = fxscover

File Signature Verification Tool = sigverif

Folders Properties = control folders

Fonts = control fonts

Free Cell Card Game = freecell

Group Policy Editor = gpedit.msc

Iexpress Wizard = iexpress

Internet Explorer = iexplore

Internet Properties = inetcpl.cpl

IP Configuration = ipconfig.exe

iSCSI Initiator = iscsicpl

Keyboard Properties = control keyboard

Libraries = explorer or, alternatively Windows key + E

Local Security Settings = secpol.msc

Local Users and Groups = lusrmgr.msc

Logs You Out Of Windows = logoff

Microsoft Paint = mspaint.exe

Microsoft Support Diagnostic Tool = msdt

Mobility Center (mobile) = mblctr or, alternatively Windows key + X

Mouse Properties = control mouse

Mouse Properties = main.cpl

Network Connections = control netconnections

Network Connections = ncpa.cpl

Notepad = notepad

ODBC Data Source Administrator = odbcad32

On Screen Keyboard = osk or, alternatively Windows key + U

Optional Features Manager = optionalfeatures

Performance Monitor = perfmon.msc

Phone and Modem Options = telephon.cpl

Power Configuration = powercfg.cpl

Printer Migration = PrintBrmUi

Printers and Faxes = control printers

Private Character Editor = eudcedit

Regional Settings = intl.cpl

Registry Editor = regedit.exe

Remote Assistance = msra

Remote Desktop = mstsc

Resultant Set of Policy = rsop.msc

Scheduled Tasks = control schedtasks

Security Center = wscui.cpl

Services = services.msc

Shared Folders/MMC = fsmgmt.msc

Shuts Down Windows = shutdown

Snipping Tool = snippingtool

Sound Recorder = soundrecorder

Sound Volume = sndvol

Sounds and Audio = mmsys.cpl

Spider Solitare Card Game = spider

SQL Client Configuration = cliconfg

Sticky Note = StikyNot

Stored User Names and Passwords = credwiz

System Configuration Editor = sysedit

System Configuration Utility = msconfig

System File Checker Utility = sfc

System Information = msinfo32

System Properties = sysdm.cpl or, alternatively Windows key + Pause

Task Manager = taskmgr

Trusted Platform Module = TpmInit

User Accounts = netplwiz or, alternatively control userpasswords2

Utility Manager = utilman

Windows Activation = slui

Windows Backup Utility = sdclt

Windows Fax and Scan = wfs

Windows Firewall = firewall.cpl

Windows Firewall with Advanced Security = wf.msc

Windows Image Acquisition = wiaacmgr

Windows Magnifier = magnify

Windows Management Infrastructure = wmimgmt.msc

Windows Media Player = wmplayer

Windows Share Creation Wizard = shrpubw

Windows Standalong Update Manager = wusa

Windows System Security Tool = syskey

Windows Update App Manager = wuapp

Wordpad = write

Different shortcuts

These shortcuts let you access specific features and tools in Windows 7.

Action Center = rundll32.exe shell32.dll,Control_RunDLL wscui.cpl

Add Network Location = rundll32.exe shwebsvc.dll,AddNetPlaceRunDll

Add/Remove Programs = rundll32.exe shell32.dll,Control_RunDLL appwiz.cpl

Add/Remove Programs = RunDll32.exe shell32.dll,Control_RunDLL appwiz.cpl,,0

Add/Remove Windows Components = rundll32.exe shell32.dll,Control_RunDLL appwiz.cpl,,2

Advanced Restore = sdclt.exe /restorewizardadmin

Aero (Transparency feature) Off = Rundll32.exe DwmApi #104

Aero (Transparency feature) On = Rundll32.exe DwmApi #102

Backup Location and Settings = sdclt.exe /configure

Content Advisor = RunDll32.exe msrating.dll,RatingSetupUI

Control Panel = RunDll32.exe shell32.dll,Control_RunDLL

Date and Time = rundll32.exe shell32.dll,Control_RunDLL timedate.cpl

Date and Time (Additional Clocks) = rundll32.exe shell32.dll,Control_RunDLL timedate.cpl,,1

Date and Time (Properties) = RunDll32.exe shell32.dll,Control_RunDLL timedate.cpl

Device Manager = RunDll32.exe devmgr.dll DeviceManager_Execute

Device Manager = rundll32.exe shell32.dll,Control_RunDLL hdwwiz.cpl

Display Settings = RunDll32.exe shell32.dll,Control_RunDLL access.cpl,,3

Folder Options = RunDll32.exe shell32.dll,Options_RunDLL 0

Folder Options (File Types) = RunDll32.exe shell32.dll,Control_Options 2

Folder Options (Search) = RunDll32.exe shell32.dll,Options_RunDLL 2

Folder Options (View) = RunDll32.exe shell32.dll,Options_RunDLL 7

Forgotten Password Wizard = RunDll32.exe keymgr.dll,PRShowSaveWizardExW

Hibernate = RunDll32.exe powrprof.dll,SetSuspendState

Indexing Options = control.exe srchadmin.dll

Keyboard Properties = RunDll32.exe shell32.dll,Control_RunDLL main.cpl @1

Lock Screen = RunDll32.exe user32.dll,LockWorkStation

Manage Wireless Networks = explorer.exe shell:::{1fa9085f-25a2-489b-85d4-86326eedcd87}

Map Network Drive = RunDll32.exe shell32.dll,SHHelpShortcuts_RunDLL Connect

Mouse Properties = RunDll32.exe shell32.dll,Control_RunDLL main.cpl @0

Network Connections = RunDll32.exe shell32.dll,Control_RunDLL ncpa.cpl

Notification Cache = rundll32.exe shell32.dll,Options_RunDLL 5

Open Control Panel (All Items) = explorer.exe shell:::{21ec2020-3aea-1069-a2dd-08002b30309d}

Pen and Touch Tablet PC (Settings) = rundll32.exe shell32.dll,Control_RunDLL tabletpc.cpl

Pen and Touch Tablet PC (Settings Flicks Tab) = rundll32.exe shell32.dll,Control_RunDLL tabletpc.cpl,,1

Pen and Touch Tablet PC (Settings Handwriting Tab) = rundll32.exe shell32.dll,Control_RunDLL tabletpc.cpl,,2

People Near Me = rundll32.exe shell32.dll,Control_RunDLL collab.cpl

People Near Me (Sign Up Tab) = rundll32.exe shell32.dll,Control_RunDLL collab.cpl,,1

Personalization = rundll32.exe shell32.dll,Control_RunDLL desk.cpl,,2

Phone and Modem (Options) = rundll32.exe shell32.dll,Control_RunDLL telephon.cpl

Phone and Modem (Options Modems Tab) = rundll32.exe shell32.dll,Control_RunDLL telephon.cpl,,1

Phone and Modems (Options Advanced Tab) = rundll32.exe shell32.dll,Control_RunDLL telephon.cpl,,2

Power Options = rundll32.exe shell32.dll,Control_RunDLL powercfg.cpl

Power Options Modify Plan Settings = rundll32.exe shell32.dll,Control_RunDLL powercfg.cpl,,1

Regional Settings = RunDll32.exe shell32.dll,Control_RunDLL intl.cpl,,3

Restore Files = sdclt.exe /restorewizard

Screen Resolution = rundll32.exe shell32.dll,Control_RunDLL desk.cpl

ScreenSaver = rundll32.exe shell32.dll,Control_RunDLL desk.cpl,,1

Set Program Access and Computer Defaults = rundll32.exe shell32.dll,Control_RunDLL appwiz.cpl,,3

Sound Control Playback Tab = rundll32.exe shell32.dll,Control_RunDLLmmsys.cpl

Sound Control Recording Tab = rundll32.exe shell32.dll,Control_RunDLLmmsys.cpl,,1

Sound Control Sounds Tab = rundll32.exe shell32.dll,Control_RunDLLmmsys.cpl,,2

Stored Usernames /Passwords = RunDll32.exe keymgr.dll,KRShowKeyMgr

System Properties = rundll32.exe shell32.dll,Control_RunDLL sysdm.cpl

System Properties (Advanced Tab) = rundll32.exe shell32.dll,Control_RunDLL sysdm.cpl,,3

System Properties (Hardware Tab) = rundll32.exe shell32.dll,Control_RunDLL sysdm.cpl,,2

System Properties (Remote Tab) = rundll32.exe shell32.dll,Control_RunDLL sysdm.cpl,,5

System Properties (System Protection Tab) = rundll32.exe shell32.dll,Control_RunDLL sysdm.cpl,,4

System Properties (Advanced) RunDll32.exe shell32.dll,Control_RunDLL sysdm.cpl,,4

System Properties (Automatic Updates) = RunDll32.exe shell32.dll,Control_RunDLL sysdm.cpl,,5

Taskbar Properties = RunDll32.exe shell32.dll,Options_RunDLL 1

Unplug Eject Hardware = RunDll32.exe shell32.dll,Control_RunDLL hotplug.dll

User Accounts = RunDll32.exe shell32.dll,Control_RunDLL nusrmgr.cpl

Welcome Center = rundll32.exe oobefldr.dll,ShowWelcomeCenter

Windows (About) = RunDll32.exe SHELL32.DLL,ShellAboutW

Windows Firewall = RunDll32.exe shell32.dll,Control_RunDLL firewall.cpl

Windows Firewall = rundll32.exe shell32.dll,Control_RunDLL firewall.cpl

Windows Security Center = RunDll32.exe shell32.dll,Control_RunDLL wscui.cpl

Wireless Network Setup = RunDll32.exe shell32.dll,Control_RunDLL NetSetup.cpl,@0,WNSW

Wireless Networks pop-up = rundll32.exe van.dll,RunVAN

Internet Explorer Advanced Settings

Delete All (Deeper Cleaning Including Add-on Data Deletion) = RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 4351

Delete All = RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 255

Delete Cookies = RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 2

Delete Form Data = RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 16

Delete History = RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 1

Delete Passwords = RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 32

Delete Temporary Internet Files = RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 8

LazyWinAdmin

Pages

2010/09/27

Active Directory - Saved Queries (ADUC MMC)

2010/09/06

Application command name for Windows

Application command name for Windows