Can I create a DirectorySearcher filter using only extensionAttribute4?
Question
I'm using DirectorySearcher and I want to get all AD users that have not set extensionAttribute4.
Here I'm using this DirectorySearcher that returns all AD users but I need help that how can I change this DirectorySearcher in a way that it returns those AD users that have not set extensionAttribute4. Any help will be highly appreciated.
using (DirectorySearcher oSearch = new DirectorySearcher(oSearchRoot))
{
oSearch.Filter = "(&(objectClass=user)(objectCategory=person)(!userAccountControl:1.2.840.113556.1.4.803:=2))";
SearchResultCollection oResultCol = oSearch.FindAll();
}
1 answers
solution1
0 ACCPTED 2020-04-10 13:55:41
You are already most of the way there. This part:
(objectClass=user)(objectCategory=person)
tells it to look for user objects. So you want to keep that. This part:
(!userAccountControl:1.2.840.113556.1.4.803:=2)
tells it to find accounts that do not have the second bit set on the userAccountControl attribute (the second bit is a flag that means "disabled").
So to find an account that does not have the extensionAttribute4 attribute set, you still use the ! operator, but you use it with the wildcard operator * , so it means "this attribute is not set to anything".
So your final filter will look like this:
(&(objectClass=user)(objectCategory=person)(!extensionAttribute4=*))
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.