Finding Objects in the Active Directory
Finding Objects in the Active Directory
If you’ve gotten this far without falling asleep, it’s time to put your knowledge to work. That is to say, it’s time to get practical and look at a few things you can accomplish using the Active Directory. When viewing the property pages for a user account in the directory, you see that you can add much more information than was possible before. There are eight tabs on the properties page for a user object.
If you select each tab and look at the different fields, you can see that the user object now contains a wealth of information that can be quickly accessed by searching the directory, including the following:
- Who Is This User?—The user’s full name, the user’s logon name, and a description of the user. The user’s title, department, company, manager, and reporting information.
- Address—The office in which the user can be found, the user’s address.
- Telephone—Phone numbers, fax numbers, pagers, mobile phone, IP phone, email addresses, and home page URLs.
- Logon—Which servers the user can log on to, during which hours, password information, and expiration and account information. The user’s profile, logon path, and home directory.
- Dial-In—Whether this user can log on using remote access, and from where. Callback options and addressing information.
- Groups—User groups to which this user belongs.
The main benefit of having this information available in the directory might not become apparent at first. Most of this information could have been found in the old User Manager utility, in the Remote Access Administration utility, or in the human resources department. But now it all can be centrally located in a global, searchable directory. With the proper rights and permissions, the administrator or user can search the directory for any of the attributes associated with users. And because the Active Directory schema can be extended, you can add additional attributes that contain information specific to your business.
Finding a User Account
For example, instead of being limited to queries such as “Show me everything about user John Doe,” you now can execute queries such as “Show me all users that work in the accounting department in Florida” or “Show me all users who work in the accounting department in Florida that are in the Administrators group and have dial-in access.”
If you look at the total number of attributes associated with the user object, it’s quite large. For example, suppose you want to “find” a user in the Active Directory. It’s a simple thing to do by using the Active Directory Users and Computers MMC Snap-In in the Administrative Tools Folder. For example:
- Click Start, Administrative Tools, and then click Active Directory Users and Computers.
- In the left pane of the MMC console, highlight the domain you want to search and select Find. You can see the Find Users, Contacts, and Groups dialog box that is used to search the directory for these sorts of objects.
- To find a user, simply enter the name or a description. If you want to narrow the search, use the In field. Here, you can select to perform the search throughout the entire directory, or a specific container object, such as a domain. Then, simply click the Find Now button.
If that all seems too simple, it is. This simple search function on the User, Contacts, and Groups tab enables you to perform a search by specifying just a little information.
Even though we’ve invoked the “find” dialog box in the Active Directory Users and Computers tool, you still can search for other objects in the directory. After we finish going over how to search for a user object, we’ll use a similar dialog box, for example, to search for a printer. As you can see, other objects you can search for include the following:
The next field (named In) is also a drop-down menu, which enables you to further specify the container object, such as a domain, that you want to search. If you already know in what domain a user account exists, narrowing the search using this field will save time. Finally, when you’ve entered a user’s name, and/or a description, and narrowed the search to the container object in which you want to look, click the Find Now button.
However, to show you the power of the search capability in the Active Directory, let’s use the Advanced tab. Here, the Field drop-down menu enables you to refine your search criteria to a user, a group, or a contact.
However, that when you click on User in the Field menu, a whole range of attributes is displayed that you can use to specify the search criteria. The number of attributes is so large that it won’t fit on my computer screen, so there’s a down arrow at the bottom that can be used to select even more attributes. There are actually more than 60 attributes you can use to specify search criteria, from the simple username, telephone number (and mobile telephone number), to the Web page address for a user or the manager of the user. Of course, the search will succeed only if you actually use these fields when you create user accounts. You don’t have to fill in every attribute when you create a new user. However, the more information you store in the directory about a user, the easierit’s going to be to locate that user when you have only a little information to go on.
After you specify an attribute, you can enter a value that will be used for the search in the Value field. Use the Condition field to specify how this value will be evaluated in the search. These are the conditions you can set for this attribute’s value in the search:
- Starts with
- Ends with III Is (exactly)
- Is not
- Present
- Not present
As you add search criteria (an attribute, a selection condition, and a value to use for comparison in the search), they appear in the pane at the bottom of the dialog box.
After you have specified values for the attributes to be used for the advanced search, click the Find Now button. Next the dialog box expands to add another pane, which displays the results of the search.
One or more entries can show up in the results pane, depending on the search conditions you used. To view the detailed attributes for objects in the results pane, simply double-click an entry and a property sheet appears for the object.
Possibly related posts: (automatically generated)
Finding Objects in the Active Directory
- Installing Active Directory on a Windows Server 2003 Computer
- What Is a Domain Tree? What Is a Forest? continue...
- Windows NT Domain Controllers and Member Servers
- Active Directory Groups
- Active Directory Service Interfaces (ADSI)
- The Active Directory Schema continue...
- The Active Directory Service and Windows Server 2003
- Early Directory Technologies part 4
- What Role Will Your Server Perform?
- What Role Will Your Server Perform?
- Early Directory Technologies part 3
- May 3rd
You agree that, if the registration or reservation of a third challenged your domain name party, you will be subject to the provisions specified by the Registry or any court of law. … Year Registration Applies
Scheduling meetings can be started with one click from the “My Meetings” Web page after logging into the Got Meeting Web site. … Web Site Creator
Once someone else purchases your domain name, you may find it impossible or very expensive to get it returned. … Domain Name Holder
If you want to handle the transfer confirmation emails yourself, please make sure that you have access to the Admin Contact email address. … Store Builder
Did you know that all 1&1 hosting plans include at least 1 domain at no additional cost Use your included domains however you choose ‐ register new domains or transfer existing ones. … VPS Hosting