Be careful with queries like this because changing the statement to (&(objectClass=computer)(operatingSystem=*2003*)(operatingSystem=*2008*)) would be interpreted as show all computers with the operating system 2003 AND 2008. The statement would read, show all computer objects with operating system 2003 or 2008. For example, to add all 20 systems to a Systems list: The statement would read show all computer objects with names beginning with DB but exclude those DB systems with CLUSTER in the name. (&(objectClass=computer)(sAMAccountName=DB*)(!(sAMAccountName=*CLUSTER*))) To add all DB servers but exclude all systems with CLUSTER in their name, the query would need to be modified to: The NOT operator is an exclamation mark (!). You can also use queries to exclude systems. The statement would read show all computer objects with names beginning with DB and with descriptions matching. (&(objectClass=computer)(sAMAccountName=DB*)(description=TEXTHERE)) If the description of the computer or if the location attribute were also defined in Active Directory, the LDAP query would need to be modified to: The statement would read show all computer objects with names beginning with DB. The query would return all computers with names starting with DB. (&(objectClass=computer)(sAMAccountName=DB*)) If we wanted to use the query to list only database systems, the LDAP query would need to be modified to: In the example above, the naming convention for the servers was based on whether the server was a database (DB) server or a web (WEB) server.
To query for all objects identifying as computers in Active Directory, the statement would read show all computer objects.
This behavior occurs because the default dynamic group query is: When the query runs, the tool populates the list with every system from the server's OU. The machines have names such as DBCLUSTER01, DBSRV01, DBSVR02, WEBSVR01, WEBSRV02, etc. The most flexible feature is the Active Directory Path query tool, which allows you to query not only a specific Organizational Unit (OU) for a set of systems but also creates a custom LDAP query to fine tune the Systems list. The Privileged Identity Suite makes use of dynamic groups for the automatic addition and removal of systems from the Systems list. Can LDAP queries be used to scale down the list of servers in my Systems list?
0 kommentar(er)
