DSquery AD comand line tool

Been trying to get the AD tool called DSquery to work today with out success on Windows 2003 EE DC Server.  What we are trying to achieve with dsquery is ...... to extend the capability of Advanced Find in AD users&computers, where we want to find contents (eg. xyz) within long string group names. I could not not get the syntax in the Microsoft help to work. Basically I am looking for syntax assistance in utilising dsquert for this contents search.

kgeddesAsked:
Who is Participating?
 
Rich RumbleConnect With a Mentor Security SamuraiCommented:
dsquery group dc=example,dc=com -name "Domain Admins"

Find All users in current domain and all their attributes:
    dsquery * domainroot -filter "(&(objectClass=User)(sAMAccountName=*))" -attr * -limit 0
You can use the same command and only grab certain attributes like name only
    dsquery * domainroot -filter "(&(objectClass=User)(sAMAccountName=*))" -attr name -limit 0
or if you want to search for a specific user in a specific domain
dsquery * dc=example,dc=com -filter "(sAMAccountName=kgeddes)" -attr *
or something like this to list the users name, description and CN data
dsquery * dc=example,dc=com -filter "(sAMAccountName=kgeddes)" -attr name description cn

You can change the filter section to do a wide range of things
All users und contacts:
     (objectClass=user)

All security groups (local, global and universal):
     (groupType:1.2.840.113556.1.4.803:=2147483648)

All empty groups:
     (&(objectClass=group)(!member=*))

All groups which were changed since Dec 31 2008:
     (&(objectClass=group)(whenChanged>=20081231000000.0Z))

All users which didnt logon since Dec 31 2008:
     (&(&(objectCategory=person)(objectClass=user))(lastLogonTimestamp<=128752108510000000))

All users with the account configuration 'Password never expires':
     (&(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=65536))

All computer accounts which are disabled:
     (&(objectClass=computer)(userAccountControl:1.2.840.113556.1.4.803:=2))

All objects which can't be deleted:
     (systemFlags:1.2.840.113556.1.4.803:=-2147483648)

All objects which can't be renamed:
     (systemFlags:1.2.840.113556.1.4.803:=134217728)

All users with mailboxes on Exchange server 'KUNGUR':
     (msExchangeHomeserverName=/o=MAILOrg/ou=First Administrative Group/cn=Configuration/cn=Servers/cn=KUNGUR)

All users whose account is disabled:
     (&(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=2))

All hidden Exchange mail recipients:
     (msExchHideFromAddressLists=TRUE)

All hidden Exchange mail recipients (without public folder objects):
     (&(msExchHideFromAddressLists=TRUE)(!objectClass=publicFolder))

All mail recipients with fax adress:
     (proxyAddresses=FAX:*)

All domain controllers:
     (&(objectCategory=computer)(userAccountControl=532480))

All global catalog servers (LDAP search in the configuration partition):
     (&(objectCategory=nTDSDSA)(options:1.2.840.113556.1.4.803:=1))
-rich
0
 
kgeddesConnect With a Mentor Author Commented:
Cheers Rich ,  will give it a go next week and get back to you but, this looks good, thanks.
0
 
kgeddesAuthor Commented:
got to what I wanted thru this answer thanks
0
All Courses

From novice to tech pro — start learning today.