In the search window, for the sAMAccountName column, is there a way to filter by exactly 7 characters or is there a function in the search window that allows me to do that?
My coworker and I did try to do a search online but couldn't find anything.
Asked
Active
Viewed 7,297 times
2 Answers
2
The LDAP search operation requires at least a base object from which to start the search, the scope (or depth) of the search, and a filter which indicates by its truth, falsehood, or undefinedness whether an entry should be returned in the search result. Filters are defined in RFC4511. There is no way to specify the length of an attribute value in a filter. In order to return an attribute value that matches a length, you must store an attribute whose value is the length of the attribute value you desire. For example, if the attribute is cn, an attribute value cn-length could be stored whose value is length of the cn attribute. Modern, professional-quality directory servers will provide virtual attributes which are not stored in the directory database but generated dynamically. Such a virtual attribute hold be created to generate the length.
Community
- 1
- 1
Terry Gardner
- 10,957
- 2
- 28
- 38
1
See Scott Lowe's blog post on using Log Parser to query AD for an example of how you could do this. You could also extract results from an AD query and then feed them into Excel or another tool that has more functions than built into LDAP.
dunxd
- 930
- 3
- 14
- 26