I'm using DirectorySearcher and I want to get all AD users that have not set extensionAttribute4.
Here I'm using this DirectorySearcher that returns all AD users but I need help that how can I change this DirectorySearcher in a way that it returns those AD users that have not set extensionAttribute4. Any help will be highly appreciated.
using (DirectorySearcher oSearch = new DirectorySearcher(oSearchRoot))
{
oSearch.Filter = "(&(objectClass=user)(objectCategory=person)(!userAccountControl:1.2.840.113556.1.4.803:=2))";
SearchResultCollection oResultCol = oSearch.FindAll();
}
You are already most of the way there. This part:
(objectClass=user)(objectCategory=person)
tells it to look for user objects. So you want to keep that. This part:
(!userAccountControl:1.2.840.113556.1.4.803:=2)
tells it to find accounts that do not have the second bit set on the userAccountControl attribute (the second bit is a flag that means "disabled").
So to find an account that does not have the extensionAttribute4 attribute set, you still use the ! operator, but you use it with the wildcard operator *, so it means "this attribute is not set to anything".
So your final filter will look like this:
(&(objectClass=user)(objectCategory=person)(!extensionAttribute4=*))