3.2 Advanced Search

DRA enables you to perform LDAP and virtual attribute queries in your on-premise Active Directory domains from the Advanced Search page. You can search using an existing query, modify an existing query, create a new query, and save new and modified queries for future use as public or private queries. Use the search filters for more efficient and effective searches.

To access the Advance Search queries feature in the Web Console, navigate to Management > Advanced Search.

3.2.1 Advance Search Queries

DRA supports both virtual attribute and LDAP queries to search for DRA and Active Directory objects. Virtual attributes can be associated with Active Directory object types such as users, groups, dynamic distribution groups, contacts, computers, and OUs. With a virtual attribute query you can filter the results returned from the LDAP query to return only those results that match the virtual attribute query. The virtual attribute query strings must begin with (objectCategory=<object type>). To perform a virtual attribute query, you must specify strings for both LDAP and virtual attribute queries.

LDAP query examples:

To search for “all computer objects” in DRA:

LDAP Query: (objectCategory=computer)
To search for user objects with description "East\West Sales" in DRA:

LDAP Query: (&(objectCategory=user)(description=East\5CWest Sales))
To search for “all computer objects” in DRA:

LDAP Query: (objectCategory=computer)

IMPORTANT:The backslash character must be escaped in LDAP filters. Substitute \5C.
To “list all disabled user objects” in DRA:

LDAP Query: (&(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=2))

The string 1.2.840.113556.1.4.803 specifies LDAP_MATCHING_RULE_BIT_AND. This specifies a bitwise AND of a flag attribute (an integer), such as userAccountControl, groupType, or systemFlags, and a bit mask (like 2, 32, or 65536). The clause is True if the bitwise AND of the attribute value and the bit mask is non-zero, indicating the bit is set.

Virtual Attribute query examples:

To find all users whose company name is ABC:

Query: (&(objectCategory=User)(CompanyName=ABC))

The DRA object is “User” and the virtual attribute is “CompanyName” (associated with user).
To find all users with the company name ABC in the Storage domain:

Query: (&(objectCategory=User)(CompanyName=ABC)(Domain=Storage))

The DRA object is “User” and the virtual attributes are “CompanyName” and “Domain” (associated with user)
To find all groups with the product name DRA or all users with the company name ABC:

Query: (|(&(objectCategory=Group)(ProductGroupName=DRA))(&(objectCategory=User)(CompanyName=ABC)))

The DRA objects are “Group” and “User” and the virtual attributes are CompanyName (associated with user), ProductGroupName (associated with group).
To find all groups whose product name is DRA or all users with the company name ABC in the Storage domain:

Query: (|(&(objectCategory=Group)(ProductGroupName=DRA))(&(objectCategory=User)(CompanyName=ABC)(Domain=Storage)))

The DRA objects are “Group” and “User” and the virtual attributes are CompanyName (associated with user), ProductGroupName (associated with group), Domain (associated with user.

3.2.2 Managing Advanced Queries

DRA uses LDAP to support the Advanced Search queries feature. Using advanced queries, you can search for users, contacts, groups, computers, OUs, and any other object that DRA supports. If you have the Execute Saved Advanced Queries power, you can execute advanced queries that are available in the My Searches and Public Searches lists for any container.

In addition to executing a search with a saved advanced query and viewing its details, with the applicable permissions, you can also do the following with advanced queries from the Advanced Search page:

Create a new query: Create an advanced query on either the primary Administration server or the secondary Administration server by providing the query string (LDAP and, if applicable, virtual attribute) for the new advanced query. After executing the search, expand the Search drop-down menu to save the query to either the My Searches list or the Public Searches list.
Modify a query: Select an existing advanced query under My Searches or Public Searches and use the Modify option to change any of the search criteria. Once you execute the search with the updated search criteria, if desired you can expand the Search drop-down menu and select Save to save the changes to that query.
Copy a query: Select an existing advanced query under My Searches or Public Searches and execute the search. After executing the search, you can expand the Search drop-down menu and select Save As to save the query with a different name.
Customize query results: DRA provides you with a default set of columns in the search results list. To customize your search results from either a saved or unsaved query, click the Add/Remove Columns icon on the right side of the page to change how the search results are displayed.
Delete a query: You can delete any advanced query that is in the My Searches list. With applicable permissions, you can also delete advanced queries in the Public Searches list. To delete a saved advance query, select it in the applicable list, and click Delete in the Search drop-down menu.
Clear a query: In the Web Console, you can clear the form fields of a saved or unsaved query to make changes from a clean form. To clear the fields in a query, select Clear in the Search drop-down menu.

3.2.3 Exporting Advanced Search Results

DRA enables assistant administrators to export Advanced Search results to a CSV file. To export the Advanced Search results from the Web Console, go to Management > Advanced Search and click the Download icon.

NOTE:Only the selected columns are exported. If you want additional data, not currently displayed, add those columns first and then export the Advanced Search results.