Printout Header

LEX Online Manual Content

Building LDAP Filters

By using LDAP filters, criteria can be specified when searching for certain objects within the directory. Nontechnically spoken, criteria for LDAP filters could be:

  • All objects from a certain objectClass (all users, all groups, all printers...)
  • All groups where the user 'xyz' is member of
  • All users with a user certificate
  • All empty groups
  • All Samba accounts without user password
  • All global groups of the AD domain
  • All users and contacts within a certain Organizational Unit (OU)
  • All users whose postal codes start with a certain number
  • All mailboxes which name starts with 'Test...', 'POC...' or 'Sandbox...'
  • All users whose first names start with 'N'
  • All Active Directory domain controllers
  • All users not shown in the address list, having their mailbox on a specific server
  • The server that holds the replica of a specific ADAM partition
  • The ADS site link for which a specific domain controller is bridgehead
  • . . .

You will need such filters in LEX whenever you want to search the directory for objects with a complex search operation, or when you want to filter the object list in the LEX main window.

LDAP filters are basically text strings with a special syntax. There is a special online manual topic about the LDAP Filter Syntax.

Because LDAP filters can be quite complex but are important for daily directory operations, LEX comes with a tool where you can store and construct filters: The LEX Filter Factory.

This Filter Factory has a Filter Constructor which allows you to handle the logical structure of a filter - and an Single Filter Editor dialog.

Last but nor least: LEX comes with quite a lot of pre-defined 'famous' LDAP Filters which helps you understand and use the LDAP filter syntax for your own searches.

Because LDAP filters are needed in many situations, you can even use LEX and it's ability to build and construct LDAP filters or to display the logical structure of complex filter strings to use the results in other applications - for example in the Active Directory Users and Computers tool for the Saved Queries dialog:

LDAP filters for other purposes