O R G A N I C / F E R T I L I Z E R: how to query for slash and backslash in active directory

Aug 4, 2008

how to query for slash and backslash in active directory

often times when integrating with other idm solutions or using directory sync or some sort, the other system may not be able to parse the slash or backslash properly. here’s one way to root out where those objects may be residing and what they are. if you want to find objects in AD that may contain a slash (/) or a backslash (\) in the object cn, you can use a simple query like this:

adfind -default -f "(|(cn=*\2f*)(cn=*\5c*))" dn cn

same thing with dsquery, if you prefer that:

dsquery * domainroot -filter "(|(cn=*\2f*)(cn=*\5c*))" -attr distinguishedname cn

you can find this and more in the list of escapable characters at: http://msdn.microsoft.com/en-us/library/aa746475.aspx. don’t miss joe richards’ comment in the community section. :)

and of course, you can find this information in rfc2254. (the msdn list is more complete, oddly.)