VAMT - LDAP query to exclude disabled objects

Lanky Doodle 236 Reputation points
2022-09-05T11:28:47.88+00:00

Hi,

I did an AD scan and it's included Disabled Computer objects - when we decommission computer we leave them Disabled for a period of time before deleting them.

Is it possible to do an LDAP query to exclude Disabled computer objects? I've never used the LDAP query in VAMT before.

Thanks

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
13,221 questions
0 comments No comments
{count} votes

4 answers

Sort by: Most helpful
  1. Karl Fasick 11 Reputation points
    2022-10-22T00:35:29.08+00:00

    Update with the answer

    Finally constructed a working query pasted exactly this (but with my DC.domain.local)

       LDAP://dc01.domain.local/??sub?(&(objectClass=computer)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(lastLogonTimestamp>=133000000000000000))  
    

    Key was to know to search for words "ldap url syntax" so I could find the descriptions of explaining what would go between the question marks if they were given, or just the question marks next to each other if not, and the fact that the word 'sub' is for the scope.

    ldap://host:port/dn?attributes?scope?filter

    becomes this after deleting the dn, attributes, and putting sub in for scope, and (filter)

    ldap://dc01.mydomain.local/??sub?(filter between parenthesis)

    Previous reploy

    VAMT is the specific problem here for me - I also have a working LDAP query very similar that I can paste into DSA.msc or PowerShell Get-ADObject and they work great but I cannot get them to work in the VAMT GUI

    e.g. this works in PowerShell

       Get-ADObject -LDAPFilter '(&(objectClass=computer)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(lastLogonTimestamp>=133000000000000000))'  
    

    but pasting the same text from between the single quotes above into the LDAP filter box in VMAT Discover Products GUI says invalid LDAP filter:

       (&(objectClass=computer)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(lastLogonTimestamp>=133000000000000000))  
    

    ( lastLogonTimeStamp happens to be about a few months back ~2022-06-18 )

    2 people found this answer helpful.

  2. JimmySalian-2011 42,146 Reputation points
    2022-09-05T12:56:09.027+00:00

    Hi,

    What type of deployment options you are using? You can filter the disabled computers from the scope and only allow inscope computers/servers for the License.
    Also you can setup the firewall so the disabled servers cannot communicate via the network, block the ports?

    237845-image.png

    ==
    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.
    ----
    Please don't forget to upvote and Accept as answer if the reply is helpful

    0 comments No comments

  3. Gary Reynolds 9,416 Reputation points
    2022-09-06T05:43:46.393+00:00

    This LDAP filter will return all computers, including servers, that are not disabled.

    (&(objectclass=computer)(!useraccountcontrol:1.2.840.113556.1.4.804:=2))  
    

    Gary.


  4. Limitless Technology 39,671 Reputation points
    2022-09-12T19:36:26.397+00:00

    Hello

    Thank you for your question and reaching out. I can understand you are having query related to LDAP.

    To exclude disabled computer accounts from an AD Auto Detection Query you can add the following to your query filter: (!(userAccountControl:1.2.840.113556.1.4.803:=2))

    For example, the default query filter would be:

    ADQueryFilter="(&(objectClass=computer)((!(userAccountControl:1.2.840.113556.1.4.803:=2))))"

    --------------------------------------------------------------------------------------------------------------------------------------

    --If the reply is helpful, please Upvote and Accept as answer--

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.