LDAP Filters



LDAP Filter and escape characters 


The escape character in a query is the backslash (\). This is a reserved character, along with * ( ) and NUL. To search for reserved characters as part of an attribute value, you must precede the reserved characters with the escape character and one of the following numeric codes for each reserved character:

*     2a

(     28

)     29

\     5c

NUL   00 

For example, if you want to search for all of the users whose display names end in a close parenthesis character, use the following search:


Get-QADUser -LdapFilter "(homeDirectory=\5c\5cep0*)" | select name, samaccountname, homeDirectory 


More  Example LDAP Filters


Disabled users


Enabled users

(&(objectCategory=person)(objectClass=user)( !(userAccountControl:1.2.840.113556.1.4.803:=2))) 


(|(memberOf=CN=JBoss Administrators,OU=Server Service Accounts,OU=Servers,OU=Information Systems, DC=xyz,DC=com)(memberOf=CN=Development Department,OU=Development,OU=Information Systems,DC=xyz,DC=com))