Can I create a DirectorySearcher filter using only extensionAttribute4?

355 Views Asked by Muhammad Arsalan Altaf At 10 April 2020 at 12:20

I'm using DirectorySearcher and I want to get all AD users that have not set extensionAttribute4.

Here I'm using this DirectorySearcher that returns all AD users but I need help that how can I change this DirectorySearcher in a way that it returns those AD users that have not set extensionAttribute4. Any help will be highly appreciated.

 using (DirectorySearcher oSearch = new DirectorySearcher(oSearchRoot))
 {
      oSearch.Filter = "(&(objectClass=user)(objectCategory=person)(!userAccountControl:1.2.840.113556.1.4.803:=2))";

      SearchResultCollection oResultCol = oSearch.FindAll();

}

Original Q&A

There are 1 best solutions below

Gabriel Luci On 10 April 2020 at 13:55 BEST ANSWER

You are already most of the way there. This part:

(objectClass=user)(objectCategory=person)

tells it to look for user objects. So you want to keep that. This part:

(!userAccountControl:1.2.840.113556.1.4.803:=2)

tells it to find accounts that do not have the second bit set on the userAccountControl attribute (the second bit is a flag that means "disabled").

So to find an account that does not have the extensionAttribute4 attribute set, you still use the ! operator, but you use it with the wildcard operator *, so it means "this attribute is not set to anything".

So your final filter will look like this:

(&(objectClass=user)(objectCategory=person)(!extensionAttribute4=*))

Can I create a DirectorySearcher filter using only extensionAttribute4?

There are 1 best solutions below

Related Questions in C#

Related Questions in ACTIVE-DIRECTORY

Related Questions in LDAP

Related Questions in DIRECTORYSEARCHER

Trending Questions

Popular # Hahtags

Popular Questions