A question for all ActiveDirectory administrators

The question:

Can you give a single combination of LDAP search base and query that will identify every real human user in your organisation (excluding all roles/mailboxes/test IDs etc.)?

If not, I would posit that you are failing your organisation right now…

Stuart McIntyre is a Senior Strategist at Fostering Community Limited. He curates a number of product-focused news sites, is a lapsed podcaster, founded the Social Connections user group and regularly speaks at conferences and events. This blog represents his own slightly-eccentric and usually-controversial opinions!