Skip navigation
Menu
End-User Platforms>Active Directory

JSI Tip 9816. How can I filter an Active Directory query by testing an attribute to be NOT EQUAL?

When you compose an LDAP (Lightweight Directory Access Protocol) query, or a DSQUERY query, or an Adfind.exe query, you can test an attribute to be NOT EQUAL by preceding the attribute name with an exclamation mark (!).

Examples:

If you query all users and display their sAMAccountName and distinguishedName, using: 
dsquery * domainroot -filter "(&(objectCategory=Person)(objectClass=User))" -attr sAMAccountName distinguishedName -limit 0
the output might look like: 
  sAMAccountName      distinguishedName
  Administrator       CN=Administrator,CN=Users,DC=JSIINC,DC=COM
  Guest               CN=Guest,CN=Users,DC=JSIINC,DC=COM
  Jerry               CN=Jerold Schulman,CN=Users,DC=JSIINC,DC=COM
  Jennifer            CN=Jennifer Schulman,CN=Users,DC=JSIINC,DC=COM
  test                CN=test,CN=Users,DC=JSIINC,DC=COM
  John.Doe            CN=John Doe,CN=Users,DC=JSIINC,DC=COM
  Jane.Doe            CN=Jane Doe,CN=Users,DC=JSIINC,DC=COM
If you them specified that the sAMAccountName should NOT contain an S anywhere within the string, using 
dsquery * domainroot -filter "(&(objectCategory=Person)(objectClass=User)(!sAMAccountName=*s*))" -attr sAMAccountName distinguishedName -limit 0
the output would look like: 
  sAMAccountName    distinguishedName
  Jerry             CN=Jerold Schulman,CN=Users,DC=JSIINC,DC=COM
  Jennifer          CN=Jennifer Schulman,CN=Users,DC=JSIINC,DC=COM
  John.Doe          CN=John Doe,CN=Users,DC=JSIINC,DC=COM
  Jane.Doe          CN=Jane Doe,CN=Users,DC=JSIINC,DC=COM
If you then specified that the sAMAccountName should NOT contain an S anywhere within the string, AND, should not contain a period (.) anywhere within the string, by using: 
dsquery * domainroot -filter "(&(objectCategory=Person)(objectClass=User)(!sAMAccountName=*s*)(!sAMAccountName=*.*))" -attr sAMAccountName distinguishedName -limit 0
the output would look like: 
  sAMAccountName    distinguishedName
  Jerry             CN=Jerold Schulman,CN=Users,DC=JSIINC,DC=COM
  Jennifer          CN=Jennifer Schulman,CN=Users,DC=JSIINC,DC=COM
NOTE: See How can I filter an Active Directory query using a bitwise flag?

NOTE: See How can I filter an Active Directory query by testing an attribute to be this OR that?

NOTE: See What operators can I use when filtering an Active Directory query?



Hide comments

More information about text formats

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish
Recommended Reading
computer password entry box overlaying a keyboard
How To Use PowerShell for Active Directory Password Help
Mar 18, 2024
Microsoft CEO Satya Nadella on stage at Microsoft Ignite 2023
Top 10 Stories About Microsoft in 2023
Dec 22, 2023
A keyboard key shows a cloud icon and says the word 'connect'
How to Access Azure AD in PowerShell
May 09, 2023
arrows on a blue background
How To Import the PowerShell Active Directory Module
May 02, 2023