Hidden Microsoft

Tyson Kopczynski

Previous Article Next Article

PowerShell: Using a ByteArray within an LDAP filter

By tyson.kopczynski on Thu, 11/20/08 - 9:32am.

Today, I got a good question from a friend of mine. Let's call my friend Steve, after all his name is Steve. Anyhow, my friend wanted to return all users within a domain that did not have a ByteArray value of FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF for the logonHours attribute. Naturally, I said to myself that is easy enough, here is your filter statement:

!(logonHours=FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF)

Yeah... that did not work. So, I consulted my second brain: Google. Didn't see anything right off the bat, but that must have been because I was using the wrong search terms. Oddly enough, I then heard this nagging voice in the back of my mind: "Tyson, you know this". It took me a minute, and I then realized that I not only knew the topic at hand, but I even wrote about it in the 2nd Edition of the Windows PowerShell Unleashed book:

Lastly, if the search filter contains binary data, then that data needs to be represented such that each byte of the binary data is escaped using a backslash "\" followed by two hexadecimal digits. For example to retrieve the object with GUID = "659cd735f7fc4182b007b650b621d4de" you would use the following filter statement.

"(objectGUID=\65\9c\d7\35\f7\fc\41\82\b0\07\b6\50\b6\21\d4\de)"

It's not often, you get to source yourself. :>) Anyhow, now that I knew why the filter did not work, I gave Steve the following PowerShell one-liner which uses the Get-QADUser cmdlet from Quest's AD cmdlets:

get-qaduser -IncludeAllProperties -ldapfilter '(!(logonHours=\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF))' | select name,logonHours

If you like this, check out some other posts from Tyson:

Creating a custom 404 page to handle link redirection for ASP.NET web applications

Microsoft Discontinues Support for Windows 3.X (as an embedded system)

Kyoto Temple Night View - Powered By Google!

My quest for SSH within PowerShell revisited!

How to read Certificates and CRLs using PowerShell

Or if you want, you can also check out some of Tyson's latest publications:

Windows PowerShell Unleashed (2nd Edition)

Windows Server 2008 Unleashed (Yes, I did help on this book)

Lastly, visit the Microsoft Subnet for more news, blogs, and opinions from around the Internet. Or, sign up for the bi-weekly Microsoft newsletter. (Click on News/Microsoft News Alert)

Tags

About Hidden Microsoft

With more than ten years of experience in IT, Tyson Kopczynski has become a specialist in Active Directory, Information Assurance, Windows automation, PKI, and IT security practices. Tyson is also the founding author of the Windows PowerShell Unleashed series and has been a contributing author for such books as Microsoft Internet Security and Acceleration (ISA) Server 2006 Unleashed and Microsoft Windows Server 2008 R2 Unleashed. He has also written many detailed technical papers and guides covering various technologies. As a consultant at Convergent Computing, Tyson works with and provides feedback for next generation Microsoft technologies since their inception and has also played a key role in expanding the automation and security practices at CCO. Tyson also holds such certifications as the Certified Information Systems Security Professional (CISSP), the SANS Security Essentials Certification (GSEC) and SANS Certified Incident Handler (GCIH), and the MCTS (Application Platform, Active Directory, and Network Infrastructure).

Certifications: