Today, I got a good question from a friend of mine. Let's call my friend Steve, after all his name is Steve. Anyhow, my friend wanted to return all users within a domain that did not have a ByteArray value of FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF for the logonHours attribute. Naturally, I said to myself that is easy enough, here is your filter statement:
!(logonHours=FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF)
Yeah... that did not work. So, I consulted my second brain: Google. Didn't see anything right off the bat, but that must have been because I was using the wrong search terms. Oddly enough, I then heard this nagging voice in the back of my mind: "Tyson, you know this". It took me a minute, and I then realized that I not only knew the topic at hand, but I even wrote about it in the 2nd Edition of the Windows PowerShell Unleashed book:
Lastly, if the search filter contains binary data, then that data needs to be represented such that each byte of the binary data is escaped using a backslash "\" followed by two hexadecimal digits. For example to retrieve the object with GUID = "659cd735f7fc4182b007b650b621d4de" you would use the following filter statement.
"(objectGUID=\65\9c\d7\35\f7\fc\41\82\b0\07\b6\50\b6\21\d4\de)"
It's not often, you get to source yourself. :>) Anyhow, now that I knew why the filter did not work, I gave Steve the following PowerShell one-liner which uses the Get-QADUser cmdlet from Quest's AD cmdlets:
get-qaduser -IncludeAllProperties -ldapfilter '(!(logonHours=\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF))' | select name,logonHours
If you like this, check out some other posts from Tyson:
- Creating a custom 404 page to handle link redirection for ASP.NET web applications
- Microsoft Discontinues Support for Windows 3.X (as an embedded system)
- Kyoto Temple Night View - Powered By Google!
- My quest for SSH within PowerShell revisited!
- How to read Certificates and CRLs using PowerShell
Or if you want, you can also check out some of Tyson's latest publications:
- Windows PowerShell Unleashed (2nd Edition)
- Windows Server 2008 Unleashed (Yes, I did help on this book)
Lastly, visit the Microsoft Subnet for more news, blogs, and opinions from around the Internet. Or, sign up for the bi-weekly Microsoft newsletter. (Click on News/Microsoft News Alert)
With more than nine years of experience in IT, Tyson Kopczynski has become a specialist in Active Directory, Group Policy, Windows scripting, Windows Rights Management Services, PKI, and IT security practices. Tyson is the author of the new book Windows PowerShell Unleashed (read a sample chapter and learn about the drawing for a free copy here). Tyson has been a contributing author for such books as Microsoft Internet Security and Acceleration (ISA) Server 2004 Unleashed and Microsoft Windows Server 2003 Unleashed (R2 Edition). He has also written detailed technical papers and guides covering various technologies. As a consultant at Convergent Computing, Tyson has worked with next generation Microsoft technologies since their inception and played a key role in expanding scripting and development practices. Tyson also holds the SANS Security Essentials Certification, Microsoft Certified Systems Engineer Security certification, CompTIA Security+ certification and SANS Certified Incident Handler certification.
Subscrib to Tyson Kopczynski's Hidden Microsoft feed.
Blog archive. Microsoft news RSS feed
The opinions expressed in this Weblog are those of the writer and may not represent the opinions of Network World.
|
|
Post new comment