Solved

DSGET Help

Posted on 2009-05-12
4
753 Views
Last Modified: 2012-05-06
Hi Everyone,

I'm new to the DS Series of command prompt tools but I have been tasked with querying Active Directory and creating an Excel Spreadsheet providing details on the following items:

Show only Disabled User Accounts
of those Disabled User Accounts list the following Details:

Location of Mailbox Store
Display what groups the Disabled User Account is a Member Of

I have been tinkering with the DSGET and DSQUERY commands but as you can imagine I have been a bit overwhelmed by the amount of information these commands can return and at the moment the information above is all I require.  Could someone provide me with some commands and/or ideas to get started with?
0
Comment
Question by:crphd
  • 2
  • 2
4 Comments
 
LVL 27

Accepted Solution

by:
bluntTony earned 500 total points
ID: 24366844
DSGET and DSQUERY aren't that great for this sort of this. A more complete utility is AdFind from joeware.net : http://www.joeware.net/freetools/tools/adfind/index.htm

This can handle more complex queries using LDAP filters and the like. The command for what you want, using Adfind is below.

It basically says, get me all disbled users and output the CN (name), group memberships and home mailbox location.

If you want to output to a text file, add > results.txt to the end of the command, where results.txt is the text file you want to create.


adfind -f "(&(objectcategory=user)(userAccountControl:1.2.840.113556.1.4.803:=2))" cn memberof homeMDB

Open in new window

0
 
LVL 1

Author Comment

by:crphd
ID: 24367467
Hi bluntTony,

Your suggestion was fantastic and I was able to create a txt file with everything that I was looking for.  I just realized however that I forgot to point out that the OU that I am looking to scan is within some other OU's and I need to re-write this command so that it supports that structure.  Rather than scan the entire AD for the information that I am looking for how can I narrow the results down so that I am scanning something like

Domain > OU > OU  where Domain is our Domain Name and OU is the name of the OU
0
 
LVL 1

Author Comment

by:crphd
ID: 24370067
I got it to work thanks to you.

The final command I ended up using to get this to function was as following:

adfind -s sub -b ou=ouname,ou=ouname,dc=dcname,dc=dcname -f "(&(objectcategory=user)(userAccountControl:1.2.840.113556.1.4.803:=2))" cn memberof homeMDB > textfileoutput.txt

Where ouname is the name of the OU and dc name is the name of the Domain Controller.  -s sub used everything from the OU and it's subtree to search through.

I'm still not sure what the center section translates to but I do know that this worked for me.  Thanks again for all of your help!
0
 
LVL 27

Expert Comment

by:bluntTony
ID: 24372216
Glad you got it sorted. Looks like you've got the scope and base arguments down as well.

The centre section is an LDAP filter used to query AD.

(objectCategory=user) = find users
(userAccountControl:1.2.840.113556.1.4.803:=2) = find those that are disabled (there's no simple 'disabled' yes/no field to query but this is the same thing)

Surrounding the two in a (& ) means AND, so 'find all objects that are users AND are disabled'

Hope this helps.
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Recently, I had the need to build a standalone system to run a point-of-sale system. I’m running this on a low-voltage Atom processor, so I wanted a light-weight operating system, but still needed Windows. I chose to use Microsoft Windows Server 200…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This video discusses moving either the default database or any database to a new volume.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now