Recipe 8.10 Finding Computers with a Particular OS

8.10.1 Problem

You want to find computers that have a certain OS version, release, or service pack in a domain.

8.10.2 Solution Using a graphical user interface
  1. Open LDP.

  2. From the menu, select Connection Connect.

  3. For Server, enter the name of a domain controller (or leave blank to do a serverless bind).

  4. For Port, enter 389.

  5. Click OK.

  6. From the menu, select Connection Bind.

  7. Enter credentials of a user to perform the search.

  8. Click OK.

  9. From the Menu, select Browse Search.

  10. For Base Dn, enter the base of where you want your search to begin.

  11. For Filter, enter a filter that contains the OS attribute you want to search on. For example, a query for all computers that are running Windows XP would be the following:

    (&(objectclass=computer)(objectcategory=computer)(operatingSystem=Windows XP 
  12. Select the appropriate Scope based on how deep you want to search.

  13. Click the Options button if you want to customize the list of attributes returned for each matching object.

  14. Click Run and the results will be displayed in the right pane. Using a command-line interface
> dsquery * <DomainDN> -scope subtree -attr "*" -filter "(&(objectclass=[RETURN]
computer)(objectcategory=computer)(operatingSystem=Windows Server 2003))" Using VBScript
' This code searches for computer objects that have Service Pack 1 installed.
strBase    =  "<LDAP://" & "<DomainDN>" & ">;"
' ------ END CONFIGURATION ---------

strFilter  = "(&(objectclass=computer)(objectcategory=computer)" & _
             "(operatingSystemServicePack=Service Pack 1));" 
strAttrs   = "cn,operatingSystem,operatingSystemVersion," & _
             " operatingSystemServicePack;"
strScope   = "subtree"

set objConn = CreateObject("ADODB.Connection")
objConn.Provider = "ADsDSOObject"
objConn.Open "Active Directory Provider"
Set objRS = objConn.Execute(strBase & strFilter & strAttrs & strScope)
while Not objRS.EOF
    Wscript.Echo objRS.Fields(0).Value
    Wscript.Echo objRS.Fields(1).Value
    Wscript.Echo objRS.Fields(2).Value
    Wscript.Echo objRS.Fields(3).Value
    Wscript.Echo objRS.Fields(4).Value

8.10.3 Discussion

When a computer joins an Active Directory domain, the operating system attributes are updated for the computer object. There are four of these attributes, which can be used in queries to find computers that match certain OS-specific criteria, like service pack level. These attributes include the following:


Descriptive name of the installed Operating System (e.g., Windows Server 2003, Windows 2000 Server, and Windows XP Professional)


Numerical representation of the operating system (e.g., 5.0 (2195) and 5.2 (3757))


Current service pack level if one is installed (e.g., Service Pack 2 and Service Pack 3)

This recipe only applies to Windows-based machines. Other types of machines (e.g., Unix) that have accounts in Active Directory do not automatically update their OS attributes.

    Chapter 3. Domain Controllers, Global Catalogs, and FSMOs
    Chapter 6. Users
    Appendix A. Tool List