Active Directory LDAP Filters

Active Directory is a standards-compliant directory service and the standard access protocol used to query Active Directory is the LDAP (Lightweight Directory Access Protocol) protocol.


Active Directory is also the primary enterprise store for vital IT resources (user accounts, security groups, computer accounts and group policies) that play a central role in enterprise wide security, IT management and security audit and compliance reporting.


IT personnel often need to generate Active Directory based security reports that document the state of these IT resources, and to do so they can either user a set of Active Directory Reporting Tools that automate the generation of these reports, or a variety of LDAP clients, such as dsquery (provided by Microsoft) to generate these reports.


When IT admins choose to use LDAP tools, they are required to write LDAP filters which specify the parameters to use based on which the LDAP queries return this data. While most organizations choose to use automated tools because they are almost always more reliable and efficient to use, many IT admins also choose to create their own LDAP filters.


For organizations and IT personnel who wish to write their own scripts to generate custom reports, there are many helpful resources out there that can provide information on common LDAP filters.