Location: List Archives

List Archives

This forum is an archive of all posts to our mailing list over the past few years.  The forum is set read only therefore to contribute you will need to join our list community.  See more info about this here.

 

When subscribed to the list you should use your standard email client to send your posts to ActiveDir@mail.activedir.org.

List Archives

Forums >ActiveDir Mail List Archive >List Archives
Subject: Re: [ActiveDir] How to construct LDAP filter in ADFIND to exclude just one OU?
Prev Next
You are not authorized to post a reply.

AuthorMessages
skradelUser is Offline

Posts:177

08/23/2010 4:42 PM  
Why not set a Restricted Groups GPO? No reason at all to script this.

--Steve

On Mon, Aug 23, 2010 at 11:34 AM, Mike Leone <oozerdude@gmail.com> wrote:
> On 8/23/2010 11:07 AM, Milburn, Rich had this to say:
>>
>> You could use the -excldn xx switch if you don't need the results in csv.
>>
>> -excldn "OU=Servers"
>
> AH HA!
>
> adfind -default -excldn "OU=Servers" -excldn "OU=Domain Controllers" -nodn
> -list -f "objectcategory=computer" cn | sort
>
> and then redirect that output to a text file, which I can then use as input
> to the next script I need (which is to add a user to local Administrators,
> on all workstations). Wish AD 2003 had a group that was automatically a
> Local Admin, that is also not a Domain Admin. But adding a "ServerManager"
> account to Local Admins (and limiting NTFS access of that account to only
> certain file shares) should allow my field guys to be able to use one
> account as Local Admin, that does not have *too* much access rights ....
>
>>
>> Otherwise I think you'd have to just dump all the computer accounts and
>> then use something like Excel to remove the servers (use the filter in excel
>> and use OU=Servers in the filter criteria).  From what I've read, you can't
>> use a wildcard in the distinguishedName in a filter... which is I think what
>> you were looking for.
>
> Thanks so much. That was the light bulb I wasn't seeing ....
>
>

You are not authorized to post a reply.
Forums >ActiveDir Mail List Archive >List Archives > Re: [ActiveDir] How to construct LDAP filter in ADFIND to exclude just one OU?



ActiveForums 3.7
Friends

Friends

VisualClickButoton
Members

Members

MembershipMembership:
Latest New UserLatest:MrPTSai
New TodayNew Today:0
New YesterdayNew Yesterday:0
User CountOverall:5234
People OnlinePeople Online:
VisitorsVisitors:33
MembersMembers:0
TotalTotal:33
Online NowOnline Now:

Ads

Copyright 2009 ActiveDir.org
Terms Of Use