Solved

DSquery AD comand line tool

Posted on 2011-03-18
3
835 Views
Last Modified: 2012-05-11
Been trying to get the AD tool called DSquery to work today with out success on Windows 2003 EE DC Server.  What we are trying to achieve with dsquery is ...... to extend the capability of Advanced Find in AD users&computers, where we want to find contents (eg. xyz) within long string group names. I could not not get the syntax in the Microsoft help to work. Basically I am looking for syntax assistance in utilising dsquert for this contents search.

0
Comment
Question by:kgeddes
  • 2
3 Comments
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 500 total points
ID: 35171596
dsquery group dc=example,dc=com -name "Domain Admins"

Find All users in current domain and all their attributes:
    dsquery * domainroot -filter "(&(objectClass=User)(sAMAccountName=*))" -attr * -limit 0
You can use the same command and only grab certain attributes like name only
    dsquery * domainroot -filter "(&(objectClass=User)(sAMAccountName=*))" -attr name -limit 0
or if you want to search for a specific user in a specific domain
dsquery * dc=example,dc=com -filter "(sAMAccountName=kgeddes)" -attr *
or something like this to list the users name, description and CN data
dsquery * dc=example,dc=com -filter "(sAMAccountName=kgeddes)" -attr name description cn

You can change the filter section to do a wide range of things
All users und contacts:
     (objectClass=user)

All security groups (local, global and universal):
     (groupType:1.2.840.113556.1.4.803:=2147483648)

All empty groups:
     (&(objectClass=group)(!member=*))

All groups which were changed since Dec 31 2008:
     (&(objectClass=group)(whenChanged>=20081231000000.0Z))

All users which didnt logon since Dec 31 2008:
     (&(&(objectCategory=person)(objectClass=user))(lastLogonTimestamp<=128752108510000000))

All users with the account configuration 'Password never expires':
     (&(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=65536))

All computer accounts which are disabled:
     (&(objectClass=computer)(userAccountControl:1.2.840.113556.1.4.803:=2))

All objects which can't be deleted:
     (systemFlags:1.2.840.113556.1.4.803:=-2147483648)

All objects which can't be renamed:
     (systemFlags:1.2.840.113556.1.4.803:=134217728)

All users with mailboxes on Exchange server 'KUNGUR':
     (msExchangeHomeserverName=/o=MAILOrg/ou=First Administrative Group/cn=Configuration/cn=Servers/cn=KUNGUR)

All users whose account is disabled:
     (&(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=2))

All hidden Exchange mail recipients:
     (msExchHideFromAddressLists=TRUE)

All hidden Exchange mail recipients (without public folder objects):
     (&(msExchHideFromAddressLists=TRUE)(!objectClass=publicFolder))

All mail recipients with fax adress:
     (proxyAddresses=FAX:*)

All domain controllers:
     (&(objectCategory=computer)(userAccountControl=532480))

All global catalog servers (LDAP search in the configuration partition):
     (&(objectCategory=nTDSDSA)(options:1.2.840.113556.1.4.803:=1))
-rich
0
 

Assisted Solution

by:kgeddes
kgeddes earned 0 total points
ID: 35171771
Cheers Rich ,  will give it a go next week and get back to you but, this looks good, thanks.
0
 

Author Closing Comment

by:kgeddes
ID: 37043492
got to what I wanted thru this answer thanks
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I guess it is not common knowledge to most Wintel engineers/administrators: If you have an SNMP-based monitoring system in your environment (and it's common to have SNMP or Syslog) it's reasonably easy to enable monitoring of the Windows Event logs,…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

832 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question