Solved

DSquery AD comand line tool

Posted on 2011-03-18
3
855 Views
Last Modified: 2012-05-11
Been trying to get the AD tool called DSquery to work today with out success on Windows 2003 EE DC Server.  What we are trying to achieve with dsquery is ...... to extend the capability of Advanced Find in AD users&computers, where we want to find contents (eg. xyz) within long string group names. I could not not get the syntax in the Microsoft help to work. Basically I am looking for syntax assistance in utilising dsquert for this contents search.

0
Comment
Question by:kgeddes
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 500 total points
ID: 35171596
dsquery group dc=example,dc=com -name "Domain Admins"

Find All users in current domain and all their attributes:
    dsquery * domainroot -filter "(&(objectClass=User)(sAMAccountName=*))" -attr * -limit 0
You can use the same command and only grab certain attributes like name only
    dsquery * domainroot -filter "(&(objectClass=User)(sAMAccountName=*))" -attr name -limit 0
or if you want to search for a specific user in a specific domain
dsquery * dc=example,dc=com -filter "(sAMAccountName=kgeddes)" -attr *
or something like this to list the users name, description and CN data
dsquery * dc=example,dc=com -filter "(sAMAccountName=kgeddes)" -attr name description cn

You can change the filter section to do a wide range of things
All users und contacts:
     (objectClass=user)

All security groups (local, global and universal):
     (groupType:1.2.840.113556.1.4.803:=2147483648)

All empty groups:
     (&(objectClass=group)(!member=*))

All groups which were changed since Dec 31 2008:
     (&(objectClass=group)(whenChanged>=20081231000000.0Z))

All users which didnt logon since Dec 31 2008:
     (&(&(objectCategory=person)(objectClass=user))(lastLogonTimestamp<=128752108510000000))

All users with the account configuration 'Password never expires':
     (&(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=65536))

All computer accounts which are disabled:
     (&(objectClass=computer)(userAccountControl:1.2.840.113556.1.4.803:=2))

All objects which can't be deleted:
     (systemFlags:1.2.840.113556.1.4.803:=-2147483648)

All objects which can't be renamed:
     (systemFlags:1.2.840.113556.1.4.803:=134217728)

All users with mailboxes on Exchange server 'KUNGUR':
     (msExchangeHomeserverName=/o=MAILOrg/ou=First Administrative Group/cn=Configuration/cn=Servers/cn=KUNGUR)

All users whose account is disabled:
     (&(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=2))

All hidden Exchange mail recipients:
     (msExchHideFromAddressLists=TRUE)

All hidden Exchange mail recipients (without public folder objects):
     (&(msExchHideFromAddressLists=TRUE)(!objectClass=publicFolder))

All mail recipients with fax adress:
     (proxyAddresses=FAX:*)

All domain controllers:
     (&(objectCategory=computer)(userAccountControl=532480))

All global catalog servers (LDAP search in the configuration partition):
     (&(objectCategory=nTDSDSA)(options:1.2.840.113556.1.4.803:=1))
-rich
0
 

Assisted Solution

by:kgeddes
kgeddes earned 0 total points
ID: 35171771
Cheers Rich ,  will give it a go next week and get back to you but, this looks good, thanks.
0
 

Author Closing Comment

by:kgeddes
ID: 37043492
got to what I wanted thru this answer thanks
0

Featured Post

Revamp Your Training Process

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I guess it is not common knowledge to most Wintel engineers/administrators: If you have an SNMP-based monitoring system in your environment (and it's common to have SNMP or Syslog) it's reasonably easy to enable monitoring of the Windows Event logs,…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Finding and deleting duplicate (picture) files can be a time consuming task. My wife and I, our three kids and their families all share one dilemma: Managing our pictures. Between desktops, laptops, phones, tablets, and cameras; over the last decade…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question