Searching for Computer Accounts in Active Directory

Previous page
Table of content
Next page

Microsoft® Windows® 2000 Scripting Guide

microsoft windows 2000 scripting guide

« Previous | Next »   

Active Directory is more than a repository for resources such as accounts, shared printers, and public folders. It is also a searchable database that allows users and administrators to quickly locate these resources. Because computer accounts are stored in Active Directory, you can take advantage of the Active Directory searching capabilities to locate any computer in your organization.

Active Directory supports the following two primary search types:

  • Basic enumeration. Lists all the computer accounts in a specified domain, OU, or other Active Directory container. For example, a SQL command similar to the following retrieves a list of all the computers in fabrikam.com: 
    Select Name from 'LDAP://DC=fabrikam,DC=com' where objectClass = 'computer'
  • Filtered search. Returns only the computer accounts that have a specified value for an attribute. For example, you might search for all computers located in a particular building or owned by a particular department. The following SQL command retrieves all the computers owned by the Finance Department: 
    Select Name from 'LDAP://DC=fabrikam,DC=com' where objectClass='computer' and Department = 'Finance'

The filtered search capabilities of Active Directory allow you to write scripts that can run against a specified set of computers even if you do not know the names of those computers. For example, if the Human Resources department moves to a new building, you can retrieve a list of computers for which the value of the Department attribute is equal to Human Resources, and then change the value of the Location attribute. Likewise, you can search Active Directory for a list of all the domain controllers in the domain and then run a monitoring or inventory script against those computers.

When you conduct a search, a recordset is returned that includes each of the computers that meet the search criteria. For more information about working with recordsets, see "Creating Enterprise Scripts" in this book.

Facilitating a Search in Active Directory

Following are some tips that can facilitate Active Directory searches. For more information about searching in Active Directory, see "ADSI Scripting Primer" in this book.

Target the scope of the search appropriately.

Large Active Directory domains can contain thousands of computers. Instead of searching through all of Active Directory to find the computers of interest, search only the container in which the computer accounts are likely to be stored (for example, in the Finance OU).

Set a search page size.

Some searches can returns thousands of objects. A return of the entire recordset in one operation can noticeably degrade the performance of the server, the client, and the network. If you expect your search to return a large number of objects, specify a search page size to allow the server to return information in more manageable chunks. For example, rather than return 50,000 records all at once, a search with a page size of 500 allows the computer to return just the first 500 records when the search is completed, and each subsequent set of 500 records only when requested.

Include a time-out value.

When you conduct a search of Active Directory, your search request is queued and the server attempts to satisfy the request as soon as possible. If the server is extremely busy, the request can be delayed or the search can be slow. You can specify a time-out value to make the script wait a set amount of time (for example, 30 seconds) for a reply from the server, and then automatically terminates if no reply is received.

Limit the number of attributes retrieved.

If you need only the common name for each computer, do not retrieve the entire set of attributes. Scripts returning fewer attributes run faster and minimize the amount of data that must be transmitted across the network.

Use a search filter.

Instead of returning a list of all the computers, return only the computers that meet specific criteria (for example, only the computers located in a particular building or only the computers with a particular version of the operating system installed).

send us your feedback Send us your feedback « Previous | Next »   

Previous page
Table of content
Next page
Microsoft Windows 2000 Scripting Guide(c) Automating System Administration 2003
Microsoft Windows 2000 Scripting Guide(c) Automating System Administration 2003
ISBN: N/A
EAN: N/A
Year: 2004
Pages: 635
BUY ON AMAZON
Java I/O
Interprocess Communications in Linux: The Nooks and Crannies
Visual C# 2005 How to Program (2nd Edition)
Service-Oriented Architecture (SOA): Concepts, Technology, and Design
Mastering Delphi 7
PMP Practice Questions Exam Cram 2
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy