Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

DSGET Help

Posted on 2009-05-12
4
Medium Priority
?
790 Views
Last Modified: 2012-05-06
Hi Everyone,

I'm new to the DS Series of command prompt tools but I have been tasked with querying Active Directory and creating an Excel Spreadsheet providing details on the following items:

Show only Disabled User Accounts
of those Disabled User Accounts list the following Details:

Location of Mailbox Store
Display what groups the Disabled User Account is a Member Of

I have been tinkering with the DSGET and DSQUERY commands but as you can imagine I have been a bit overwhelmed by the amount of information these commands can return and at the moment the information above is all I require.  Could someone provide me with some commands and/or ideas to get started with?
0
Comment
Question by:crphd
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 27

Accepted Solution

by:
bluntTony earned 2000 total points
ID: 24366844
DSGET and DSQUERY aren't that great for this sort of this. A more complete utility is AdFind from joeware.net : http://www.joeware.net/freetools/tools/adfind/index.htm

This can handle more complex queries using LDAP filters and the like. The command for what you want, using Adfind is below.

It basically says, get me all disbled users and output the CN (name), group memberships and home mailbox location.

If you want to output to a text file, add > results.txt to the end of the command, where results.txt is the text file you want to create.


adfind -f "(&(objectcategory=user)(userAccountControl:1.2.840.113556.1.4.803:=2))" cn memberof homeMDB

Open in new window

0
 
LVL 1

Author Comment

by:crphd
ID: 24367467
Hi bluntTony,

Your suggestion was fantastic and I was able to create a txt file with everything that I was looking for.  I just realized however that I forgot to point out that the OU that I am looking to scan is within some other OU's and I need to re-write this command so that it supports that structure.  Rather than scan the entire AD for the information that I am looking for how can I narrow the results down so that I am scanning something like

Domain > OU > OU  where Domain is our Domain Name and OU is the name of the OU
0
 
LVL 1

Author Comment

by:crphd
ID: 24370067
I got it to work thanks to you.

The final command I ended up using to get this to function was as following:

adfind -s sub -b ou=ouname,ou=ouname,dc=dcname,dc=dcname -f "(&(objectcategory=user)(userAccountControl:1.2.840.113556.1.4.803:=2))" cn memberof homeMDB > textfileoutput.txt

Where ouname is the name of the OU and dc name is the name of the Domain Controller.  -s sub used everything from the OU and it's subtree to search through.

I'm still not sure what the center section translates to but I do know that this worked for me.  Thanks again for all of your help!
0
 
LVL 27

Expert Comment

by:bluntTony
ID: 24372216
Glad you got it sorted. Looks like you've got the scope and base arguments down as well.

The centre section is an LDAP filter used to query AD.

(objectCategory=user) = find users
(userAccountControl:1.2.840.113556.1.4.803:=2) = find those that are disabled (there's no simple 'disabled' yes/no field to query but this is the same thing)

Surrounding the two in a (& ) means AND, so 'find all objects that are users AND are disabled'

Hope this helps.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question