![web based ldap query tool web based ldap query tool](https://theitbros.com/wp-content/uploads/2019/06/word-image-18.png)
Unfortunately the MsExchVersion is not displayed so we will have to select another value and manually change the query down the road. Now we can pick from most of the attributes the Active Directory Users and Computers snap-in is aware of. Select the Fields dropdown and then select User options. Now we need to select some fields for our query. Click the Find drop down menu and select Custom Search. This will give us a clean LDAP filter to use. In the New Query window, type in the name and description and then click on the Define Query button. Open Active Directory Users and Computers and Right Click on the “Saved Queries” node, Select New, and Select Query as shown below. I found some handy posts about using “Search Folders” in the Active Directory Users & Computer Snap-in to build a query. Below are the steps I followed:īuilding the LDAP query wasn’t as bad as I thought it would be. Building a valid LDAP query and getting it to work with GPP was difficult because I am not an LDAP guru.
![web based ldap query tool web based ldap query tool](https://blog.it-koehler.com/wp-content/uploads/2020/03/2020-03-18_22h59_10.png)
Using an LDAP query I should be able to target specific group policy settings only to users with mailboxes on Exchange 2010. The value of an Exchange 2010 mailbox is “44220983382016” which correlates to “0.10 (14.0.100.0)” as the ExchangeVersion value from the “get-mailbox USERNAME | Select Name,ExchangeVersion” Exchange powershell command.
![web based ldap query tool web based ldap query tool](https://www.ldapadministrator.com/img/ldapbrowser.png)
Microsoft increments this value with every version of Exchange. It turns out the easiest way to determine if a user is on Exchange 2010, without using powershell, is by an LDAP query against the “msExchVersion” attribute on the user object in Active Directory. Group Policy Preferences (“GPP”) targeting does not support powershell queries so I had to come up with another method of selecting only users with mailboxes on 2010 using the tools available in GPP targeting. Hopefully the techniques I used will be helpful to others looking to do the same.Ī client needed to apply Current User registry keys only to users with mailboxes running on Exchange 2010 as part of their Exchange 2003 to Exchange 2010 migration. Microsoft’s own documentation on the topic is rather lacking, you can find it here. A lack of information on the web about actually implementing LDAP filters led to this post. I recently had to assist a client with GPO development for applying various registry keys using LDAP filters for Group Policy Preferences targeting.