DSGET Help
Hi Everyone,
I'm new to the DS Series of command prompt tools but I have been tasked with querying Active Directory and creating an Excel Spreadsheet providing details on the following items:
Show only Disabled User Accounts
of those Disabled User Accounts list the following Details:
Location of Mailbox Store
Display what groups the Disabled User Account is a Member Of
I have been tinkering with the DSGET and DSQUERY commands but as you can imagine I have been a bit overwhelmed by the amount of information these commands can return and at the moment the information above is all I require. Could someone provide me with some commands and/or ideas to get started with?
I'm new to the DS Series of command prompt tools but I have been tasked with querying Active Directory and creating an Excel Spreadsheet providing details on the following items:
Show only Disabled User Accounts
of those Disabled User Accounts list the following Details:
Location of Mailbox Store
Display what groups the Disabled User Account is a Member Of
I have been tinkering with the DSGET and DSQUERY commands but as you can imagine I have been a bit overwhelmed by the amount of information these commands can return and at the moment the information above is all I require. Could someone provide me with some commands and/or ideas to get started with?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I got it to work thanks to you.
The final command I ended up using to get this to function was as following:
adfind -s sub -b ou=ouname,ou=ouname,dc=dcn
Where ouname is the name of the OU and dc name is the name of the Domain Controller. -s sub used everything from the OU and it's subtree to search through.
I'm still not sure what the center section translates to but I do know that this worked for me. Thanks again for all of your help!
The final command I ended up using to get this to function was as following:
adfind -s sub -b ou=ouname,ou=ouname,dc=dcn
Where ouname is the name of the OU and dc name is the name of the Domain Controller. -s sub used everything from the OU and it's subtree to search through.
I'm still not sure what the center section translates to but I do know that this worked for me. Thanks again for all of your help!
Glad you got it sorted. Looks like you've got the scope and base arguments down as well.
The centre section is an LDAP filter used to query AD.
(objectCategory=user) = find users
(userAccountControl:1.2.84
Surrounding the two in a (& ) means AND, so 'find all objects that are users AND are disabled'
Hope this helps.
The centre section is an LDAP filter used to query AD.
(objectCategory=user) = find users
(userAccountControl:1.2.84
Surrounding the two in a (& ) means AND, so 'find all objects that are users AND are disabled'
Hope this helps.
ASKER
Your suggestion was fantastic and I was able to create a txt file with everything that I was looking for. I just realized however that I forgot to point out that the OU that I am looking to scan is within some other OU's and I need to re-write this command so that it supports that structure. Rather than scan the entire AD for the information that I am looking for how can I narrow the results down so that I am scanning something like
Domain > OU > OU where Domain is our Domain Name and OU is the name of the OU