Welcome Services Getting Started Support and Tools Documentation  
 
 

Directory Searching Tips

Updated: 09/18/2002 Version 1.01

With the integration of the CalNet iPlanet-based Directory information to CalNetAD, CalNet single sign-on accounts do not need to be created in CalNetAD. This relieves the OU admins of the responsibility of creating the CalNet IDs in Active Directory. However, there is a downside to loading all these accounts in CalNetAD. OU admins will notice a slowdown in response time when browsing for user accounts and other objects.

To speed up OU management tasks, we recommend using the built-in search function in the Active Directory Users and Computers MMC and other admin consoles, instead of browsing for the object. Instructions vary depending the client workstation. In general, a Windows XP machine offers more robust search functionality than a Windows 2000 machine.

Searching for objects using Active Directory Users & Computers console
Additional Search features for Windows XP clients
Modifying Access Control Lists(ACLs) using Windows 2000
Modifying Access Control Lists(ACLs) using Windows XP

Searching for objects using Active Directory Users & Computers console

Assumptions:

  • User is logged on with an OU administrator account in the campus.berkeley.edu domain.
  • Windows 2000 or Windows .NET Support Tools are installed.

Steps:

  1. Launch Active Directory Users and Computers.

  2. Right-click on the target OU and select Find...

  3. From the Find menu, you can specify name or description as search criteria.

  4. If you click on the Advanced tab, additional search criteria can be entered. You can select attributes for the selected object. In this example, attributes for User, Group or Contact objects can be added.

  5. Select appropriate condition.

  6. To complete the search criteria, type the desired value.

  7. Click the Add button to apply the search criteria. This example searches for user objects with logon names starting with !a. Other search criteria can be added or removed as needed.

  8. When the search criteria has been fully created, click on the Find Now button get the search results.

Additional Search Features for Windows XP Clients

If you have Windows XP, search queries can be saved for reuse, eliminating the need to recreate the same set of search criteria. A brief illustration is shown below.

Steps:

  1. Launch Active Directory Users and Computers.

  2. Right-click on the Saved Queries folder.

  3. Select New -> Query.

  4. Enter Query Name and Description and click Browse... button.

  5. After selecting target container, click Define Query to create search criteria.

  6. When done with query definition, click OK.

  7. Clicking OK will execute the query and display the results.

  8. To refresh query results, right-click on specific query and select Refresh.

Modifying Access Control Lists (ACLs) using Windows 2000

Modifying Access Control Lists (ACLs) for Active Directory objects, files or directories, will also be impacted by the large number of user accounts populating Active Directory. Here is the recommended workaround when using Windows 2000.

Assumptions:

  • User is logged on with an OU administrator account in the campus.berkeley.edu domain.
  • Windows 2000 Support Tools are installed.
  • The example illustrates ACL modification for an object in Active Directory. These steps are applicable to NTFS permission modification.

Steps:

  1. Launch Active Directory Users and Computers. Right-click on the specific object and select Properties.
  2. On the object properties window, click on the Security tab.
  3. Click on Add button to add entries. If you browse for the specific group, you will get an error message.

  4. Click Close to acknowledge error message.
  5. To bypass this error message, you can type in the exact group name, and click on the Check Names for verification. If you need to add more than 1 entry, use ; as a separator.

  6. If you mistyped the information, you will be prompted to modify the name as shown below.

  7. After name verification, you can now modify the permissions.

Modifying Access Control Lists (ACLs) using Windows XP

If you are using a Windows XP machine for managing ACLs, there is an easier way of modifying ACLs. Windows XP has filtering capabities that allow administrators to limit the amount of information or objectws displayed when modifying ACLs.

Assumptions:

  • User is logged on with an OU administrator account in the campus.berkeley.edu domain.
  • Windows XP Support Tools are installed.
  • The example illustrates ACL modification for an object in Active Directory. These steps are applicable to NTFS permission modification.

Steps:

  1. Launch Active Directory Users and Computers. Right-click on the specific object and select Properties.
  2. On the object properties window, click on the Security tab.
  3. Click on Add button to add entries. Note that unlike Windows 2000, you are presented with window that allows for filtering.

  4. Click on Object Types button to select object type.

  5. Click on Locations button to select object location.

  6. You can also enter object names in the object names box:

  7. Clicking on the Advanced button, shows more options for filtering. The options here are similar the search criteria option discussed earlier.

 
Contact Us