Solved

DSGET Help

Posted on 2009-05-12
4
756 Views
Last Modified: 2012-05-06
Hi Everyone,

I'm new to the DS Series of command prompt tools but I have been tasked with querying Active Directory and creating an Excel Spreadsheet providing details on the following items:

Show only Disabled User Accounts
of those Disabled User Accounts list the following Details:

Location of Mailbox Store
Display what groups the Disabled User Account is a Member Of

I have been tinkering with the DSGET and DSQUERY commands but as you can imagine I have been a bit overwhelmed by the amount of information these commands can return and at the moment the information above is all I require.  Could someone provide me with some commands and/or ideas to get started with?
0
Comment
Question by:crphd
  • 2
  • 2
4 Comments
 
LVL 27

Accepted Solution

by:
bluntTony earned 500 total points
ID: 24366844
DSGET and DSQUERY aren't that great for this sort of this. A more complete utility is AdFind from joeware.net : http://www.joeware.net/freetools/tools/adfind/index.htm

This can handle more complex queries using LDAP filters and the like. The command for what you want, using Adfind is below.

It basically says, get me all disbled users and output the CN (name), group memberships and home mailbox location.

If you want to output to a text file, add > results.txt to the end of the command, where results.txt is the text file you want to create.


adfind -f "(&(objectcategory=user)(userAccountControl:1.2.840.113556.1.4.803:=2))" cn memberof homeMDB

Open in new window

0
 
LVL 1

Author Comment

by:crphd
ID: 24367467
Hi bluntTony,

Your suggestion was fantastic and I was able to create a txt file with everything that I was looking for.  I just realized however that I forgot to point out that the OU that I am looking to scan is within some other OU's and I need to re-write this command so that it supports that structure.  Rather than scan the entire AD for the information that I am looking for how can I narrow the results down so that I am scanning something like

Domain > OU > OU  where Domain is our Domain Name and OU is the name of the OU
0
 
LVL 1

Author Comment

by:crphd
ID: 24370067
I got it to work thanks to you.

The final command I ended up using to get this to function was as following:

adfind -s sub -b ou=ouname,ou=ouname,dc=dcname,dc=dcname -f "(&(objectcategory=user)(userAccountControl:1.2.840.113556.1.4.803:=2))" cn memberof homeMDB > textfileoutput.txt

Where ouname is the name of the OU and dc name is the name of the Domain Controller.  -s sub used everything from the OU and it's subtree to search through.

I'm still not sure what the center section translates to but I do know that this worked for me.  Thanks again for all of your help!
0
 
LVL 27

Expert Comment

by:bluntTony
ID: 24372216
Glad you got it sorted. Looks like you've got the scope and base arguments down as well.

The centre section is an LDAP filter used to query AD.

(objectCategory=user) = find users
(userAccountControl:1.2.840.113556.1.4.803:=2) = find those that are disabled (there's no simple 'disabled' yes/no field to query but this is the same thing)

Surrounding the two in a (& ) means AND, so 'find all objects that are users AND are disabled'

Hope this helps.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
home drive migration 16 74
Remove the ability to reboot servers from helpdesk user's. 14 58
home folder path for users 4 57
inplace upgrade from Windows 2003 R2 to 2012 8 48
Numerous times I have been asked this questions that what is it that makes my machine log on so slow, there have been cases where computers took 23 minute exactly after taking password and getting to the desktop. Interesting thing was the fact th…
Learn about cloud computing and its benefits for small business owners.
A short film showing how OnPage and Connectwise integration works.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now