Sign in
 
HomeWindows Server 2012Windows Server 2008 R2Windows Server 2003LibraryForums
Windows Server TechCenter >
dsquery user -disabled unexpected results

Answered dsquery user -disabled unexpected results

  • Monday, April 30, 2012 12:36 PM
     
     
    Sign In to Vote
    0
     

    In a test environment I created an OU and populated it with a few disabled test accounts in order to test a disabled acount deletion script.

    In AD Users and Computers, the accounts are clearly marked as disabled.

    However, when running:

    dsquery user "OU=TEST_OU,DC=domain,DC=dom" -disabled

    ...there are no accounts returned.

    Also, when running:

    dsquery user domainroot -disabled

    ...I get results of other accounts in AD (other OUs/containers) that are disabled but not users from the test OU.

    Any ideas why this might happen?

    -Thanks...

    • Edited by Joel P Young Monday, April 30, 2012 12:39 PM formatting
    •  
     

All Replies

  • Monday, April 30, 2012 12:45 PM
     
     Proposed
    Sign In to Vote
    0
     

    In a test environment I created an OU and populated it with a few disabled test accounts in order to test a disabled acount deletion script.

    In AD Users and Computers, the accounts are clearly marked as disabled.

    However, when running:

    dsquery user "OU=TEST_OU,DC=domain,DC=dom" -disabled

    ...there are no accounts returned.

    Also, when running:

    dsquery user domainroot -disabled

    ...I get results of other accounts in AD (other OUs/containers) that are disabled but not users from the test OU.

    Any ideas why this might happen?

    -Thanks...

    Hello,

    How many DCs you have?

    If you more than a single DC then this may be due to AD replication issues. To check please run dcdiag /v on each DC you have and see if there is any reported error.

    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.   

    Microsoft Student Partner 2010 / 2011
    Microsoft Certified Professional
    Microsoft Certified Systems Administrator: Security
    Microsoft Certified Systems Engineer: Security
    Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows 7, Configuring
    Microsoft Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations
    Microsoft Certified IT Professional: Enterprise Administrator
    Microsoft Certified IT Professional: Server Administrator
    Microsoft Certified Trainer

     
  • Monday, April 30, 2012 12:51 PM
     
     
    Sign In to Vote
    0

    As Mr.X said. It might be due to replication issue.

    Apart from that , you can just give a try ,

    Run Dsquery OU -name Test_OU . Get the compelte DN of Test_OU , Then put this in Dsquery users "DN of the Test_OU" -disabled and check.

    Regards,

    _Prashant_

    MCSA|MCITP SA|Microsoft Exchange 2003 Blog - http://prashant1987.wordpress.com Disclaimer: This posting is provided AS-IS with no warranties/guarantees and confers no rights.

     
  • Monday, April 30, 2012 1:02 PM
     
     
    Sign In to Vote
    0

    Yep... looks like I might have a replication problem...

    There are only 2 DCs and I get the results I expect when running the query on the other DC.

    I feel kinda stupid for not checking that 1st.

    Thanks!

     
  • Monday, April 30, 2012 1:02 PM
    Moderator
     
     Answered
    Sign In to Vote
    0

    I checked the cmd in a lab dsquery user OU=Accounts,DC=testlab,DC=com -disabled and it works on my windows 2008 R2 system. You can also use olccmp tool and see if you are getting error from that tool even.

    http://social.technet.microsoft.com/wiki/contents/articles/2195.dsquery-commands-en-us.aspx

    http://www.joeware.net/freetools/tools/oldcmp/index.htm

    Awinish Vishwakarma - MVP - Directory Services

    My Blog: awinish.wordpress.com

    Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights.

     
  • Tuesday, May 01, 2012 7:22 AM
    Moderator
     
     Answered
    Sign In to Vote
    0

    Hi,

    To troubleshoot replication issue, I would like suggest you refer to the below links:

    Troubleshooting Active Directory Replication Problems

    http://technet.microsoft.com/en-us/library/cc738415(v=ws.10).aspx

    Troubleshooting Active Directory Replication Problems

    http://technet.microsoft.com/en-us/library/bb727057.aspx

    Regards,

    Yan Li

    Yan Li

    TechNet Community Support

     
  • Tuesday, May 01, 2012 7:27 AM
    Moderator
     
     Answered
    Sign In to Vote
    0

    To troubleshoot AD replication, you can refer one more article.

    http://social.technet.microsoft.com/wiki/contents/articles/2285.aspx

    Awinish Vishwakarma - MVP - Directory Services

    My Blog: awinish.wordpress.com

    Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights.