RE: Listing computers from a specific OU

I thought I'd comment on a few changes I'd make in your query.  Since objectClass maps to the objectCategory before executing your query, you might want to change objectClass=Computer to objectCategory=Computer which eliminates a translation step in your query.

Also, your condition for the distinguishedName would only return records if Disabled is part of the OU path so I'll assume you're dealing with an OU where disabled computer objects are moved prior to deletion.  I'm not sure if this is what you want, but you are querying the entire domain from the RootDSE.  It may be more efficient to search the specific sub OU in the domain rather than try to filter the record set for the entire domain based on a partial string in the DN.  There's no need to query the entire domain if all the objects you're concerned about are in a specific OU.

Off the top of my head, here is how I would recommend modifying your filter to query AD for non-server computer objects that are enabled.  I use the UAC to sort enabled/disabled objects, which may be more reliable than a string in the DN if you are looking for their particular status.  For me, I have to search our disabled OU for objects that got enabled but not moved back to their production OU.  If you're searching for disabled objects, remove the bang before the UAC parameter.  I assume you will set the value of $subOUdn to the first level sub OU name you want to search.  If the OU is further down in the tree you'll need to adapt this to account for the full path.  I also prefer cn to displayName b/c I never need the $ at the end of the computer name.

$subOUdn="OU=Disabled Computers,".$dc;
                OR
$subOUdn="OU=Columbus,OU=Kiosks,OU= Disabled Computers,".$dc;

query_ldap("<LDAP://".$subOUdn.">;
    (&( objectCategory =Computer)(!operatingSystem=*server*)(!userAccountControl:1.2.840.113556.1.4.803:=2));
    cn,distinguishedName;subtree",$objects);

Hope some of this helps.

Regards,
Glenn

From: perl...@listserv.activestate.com [mailto:perl...@listserv.activestate.com] On Behalf Of A F
Sent: Thursday, June 30, 2011 11:06 PM
To: Steven Manross; perl...@listserv.activestate.com
Subject: Re: Listing computers from a specific OU

Steven,

I found a work around by filter on all computers
">;(&(objectclass=Computer)
and then do a print for all computers except if ( $dn =~ m!*Disabled Computers*!i );

________________________________
From: Steven Manross <ste...@manross.net>
To: A F <perl...@yahoo.com>; perl...@listserv.ActiveState.com
Sent: Tue, June 28, 2011 11:05:38 PM
Subject: RE: Listing computers from a specific OU

So,

I have seen this exact behavior in my test domain with the below script.

distinguishedname is probably a bad field to be using for this.

.where distinguishedname is something like this:

CN=COMPUTER14 Disabled,OU=Some OU,OU=Test Accounts,OU=Computer
Accounts,OU=SomeOU,DC=domainname
,DC=com

You could use cn instead of distinguishedname in your search (for a DN
like above) since cn is the last part of the distinguished name
(cn=COMPUTER14 Disabled)...

    query_ldap("<LDAP://" . $dc .
">;(&(objectclass=Computer)(cn=*Disabled*)
);displayname,distinguishedname;subtree",$objects);

This won't work if you are trying to find an OU name that has the word
"Disabled" in it.

However, I didn't have an example of a distinguished name that you
wanted to test for, so I can't cover all the scenarios.  If this isn't
what you were looking for, give us an example of the dns you are trying
to match.

HTH

Steven
________________________________

    From: A F [mailto:perl...@yahoo.com<mailto:perl...@yahoo.com>]
    Sent: Tuesday, June 28, 2011 9:48 PM
    To: Steven Manross; perl...@listserv.ActiveState.com<mailto:perl...@listserv.ActiveState.com>
    Subject: Listing computers from a specific OU


    Hi All,

    I have this code from Steven that I've modified to get the
number of all computer in a specific ou ( OU=History,OU=Disabled
Computers) but I am getting 0.
    This is the filter I am using
(&(objectclass=Computer)(Distinguishedname=*Disabled*)).  There are
about 500 computers in that OU.
    How can I get a record count from that OU?



    use Win32::OLE;

        my $RootDSE = Win32::OLE->GetObject("LDAP://RootDSE");


        $dc = $RootDSE->Get("DnsHostName");
        print "$dc\n";
        query_ldap("<LDAP://" . $dc .
">;(&(objectclass=Computer)(Distinguishedname=*Disabled*)
);displayname,distinguishedname;subtree",$objects);

        print "recordcount = ".$objects->{RecordCount}."\n";

        sub query_ldap {
          my $ldap_query = $_[0];
          my $error_num;
          my $error_name;
          my $RS;
          my $Conn = Win32::OLE->new("ADODB.Connection");
          if (Win32::OLE->LastError() != 0) {
            print "Failed creating ADODB.Connection object
(".Win32::OLE->LastError().")\n  -> $ldap_query\n";
            return 0;
          }
          $Conn->{'Provider'} = "ADsDSOObject";
          if (Win32::OLE->LastError() != 0) {
            print "Failed setting ADODB.Command Provider
(".Win32::OLE->LastError().")\n  -> $ldap_query\n";
            return 0;
          }
          #$Conn->{Open} = "Perl Active Directory Query";
          $Conn->{Open} = "Active Directory Provider";
          my $Cmd = Win32::OLE->new("ADODB.Command");
          $Cmd->{ActiveConnection} = $Conn;
          if (Win32::OLE->LastError() != 0) {
            print "Failed creating ADODB.Command object
(".Win32::OLE->LastError().")\n  -> $ldap_query\n";
            return 0;
          }
          $Cmd->{CommandText} = $ldap_query;

          $Cmd->{ActiveConnection} = $Conn;
          $Cmd->{Properties}->{"Page Size"} = 500;



          $RS = $Cmd->Execute();
          if (Win32::OLE->LastError() != 0) {
            print "Failed Executing ADODB Command object
(".Win32::OLE->LastError().")\nExecuting ADODB Command ->
$ldap_query\n";
            return 0;
          } else {
            $_[1] = $RS;
            return 1;
          }
        }