Save time and increase productivity using AD saved queries
Microsoft Active Directory is an amazing directory structure and is capable of managing networks containing three computers or 3000 computers. However many IT Managers think about these networks differently (3 vs. 3000), I know I sure do. Microsoft thought of that and has provided a tool to assist in finding objects within the directory based on their attributes. The best part? You can save these queries for later use.
Saved Queries in Active Directory
In Windows Server 2003 and later implementations the Active Directory Users and Computers tool will allow you to save queries to find objects.
The best example of its use for me at least is stale accounts. Using a query based on last logon date can assist in getting these accounts disabled to improve network security.
To create a saved query complete the following steps:
1. Open Active Directory Users and Computers
2. Click on the saved queries node
3. Right click the details pane and choose New
4. Select Query
From here you will define the query by entering the following in the New query dialog box (Figure 1)
Figure 1
Name – Provide a name for your query
Description – enter some informaiton about the query to help other administrators (and yourself down the road)
Query Root – this is the starting point for the query. If you select the OU for Accounting here, this OU and its contents will be the only area searched
Note: For wide sweeping queries select the domain node as the root
Click Define Query to choose the criteria for your saved search which will open the find common queries. The default query type to find is common queries which specifies specific items on each tab as shown in figure 2.
Figure 2
Define the criteria for your query
To complete the stale accounts query above select Common Queries and choose the users tab. Then select a value in the Days since last logon. This will return all of the accounts that have not logged on in the specified number of days.
Adding columns
When you have created a saved query you can change the view of the query to include different columns, adding the logon name to a query for users perhaps. When you add a column to a saved query, the column is also saved. If you try that in another area, like the view for an Organizational Unit, the added columns are removed when you refresh the view on the container.
Notice below that the initial columns for a saved query of users with names beginning with M are Name, Type, and Description in figure 3 however when email address is added in figure 4, it remains each time the query is viewed.
Figure 3
The default view shows select columns
Figure 4
After columns are added to the view... they remain
Once you have a few queries defined locating objects in Active Directory should be quite simplified.
