rundll32 dsquery,OpenQueryWindow
dsquery user -name * -limit 0 | dsget user -samid -acctexpires
dsquery user -o rdn -limit 0
dsquery * -filter "(&(objectCategory=person)(objectClass=user)(!(memberOf=Groupname,ou=West, dc=Contoso,dc=com))) -limit 0 > NotInGroup.txt
dsquery * -filter "(&(objectCategory=person)(objectClass=user)(!(memberOf=Groupname,ou=West,
dc=Contoso,dc=com))) -limit 0 > NotInGroup.txt
dsquery contact OU=Sales,DC=Contoso,DC=Com
dsquery * -filter "(primaryGroupID=513)" -limit 0 (You can change the "primaryGroupID" as per your requirement) 513:Domain Users 514:Domain Guests 515:Domain Computers 516:Domain Controllers
dsquery * -filter "(primaryGroupID=513)" -limit 0
(You can change the "primaryGroupID" as per your requirement)
513:Domain Users
514:Domain Guests
515:Domain Computers
516:Domain Controllers
dsget group "<DN of the group>" -members
dsget user "<DN of the user>" -memberof -expand
dsquery user -samid "username" | dsget user -memberof -expand
dsquery group -o rdn cn=users,dc=contoso,dc=com
dsquery group -samid "CS_CLUB_ACCOUNTS" | dsget group -members -expand | dsget user -samid
dsquery user "dc=ssig,dc=com" -disabled dsquery * -filter "(&(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=2))"
dsquery user "dc=ssig,dc=com" -disabled
dsquery * -filter "(&(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=2))"
dsquery * -filter "(&(objectCategory=person)(objectClass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2))"
dsquery * domainroot -filter "(&(objectCategory=Person)(objectClass=User)(mail=e-mailaddress))" -attr name
for /f %%x in (%1) do dsquery * domainroot -filter "(&(objectcategory=person)(objectclass=user)(mail=%%x))" -attr name
dsquery user -samid anthony | dsget user -memberof | dsget group -samid dsquery user -samid (provide the samaccount name of the user) | dsget user -memberof | dsget group -samid
dsquery user -samid anthony | dsget user -memberof | dsget group -samid
dsquery user -samid (provide the samaccount name of the user) | dsget user -memberof | dsget group -samid
dsquery user ou=targetOU,dc=domain,dc=com
dsquery group ou=targetOU,dc=domain,dc=com
dsquery group -samid “Group Pre-Win2k Name” | dsget group -members | dsget user -disabled -display
Find the below snap for your reference.
C:\>dsquery group "ou=test,dc=gs,dc=com" -limit 0 | dsget group -samid -scope -secgrp
This list can then be forwarded to dsget that can provide detailed information about objects.
In the example, the requested user list is headed by the pipe symbol after dsget that
If we wanted to carry out modifications to the information returned by DSQuery user list,
we could send the result to dsmod, which for us is making changes to all users.
In below snap shows the change in the command ensures that all users of DSQuery
Another way to get the user attributes from an OU. Find the below snap & dsquery for that.
C:\>dsquery * "ou=test,DC=contoso,DC=com" -filter "(&(objectcategory=person) (objectclass=user))" -limit 0
-attr samaccountname description department title
In this example, it displays the 6 groups that explicitly list the Administrator as member
Note: The -memberof -expand combination recursively expands the list of groups of which the user is a member. In this example, the Users group is added to the list because Domain Users is a member of the Users group. dsget user cn=Administrator,cn=Users,dc=contoso,dc=com -memberof
Note: The -memberof -expand combination recursively expands the list of groups of which the user is a member. In this example, the Users group is added to the list because Domain Users is a member of the Users group.
dsget user cn=Administrator,cn=Users,dc=contoso,dc=com -memberof
dsquery * -filter "&(objectClass=person)(objectCategory=user)" -attr cn lastLogonTimestamp -limit 0
dsquery * <ou> -filter "(&(objectCategory=Person)(objectClass=User)(!accountExpires=0)(!accountExpires=9223372036854775807))" | dsmod user -disabled yes
Dsquery * -limit 0 -filter "&(objectClass=User)(objectCategory=Person)" -attr * >>output123.txt
dsquery * "<DN>" -scope base -attr lastlogontimestamp memberoff repadmin /showattr <DCNAME> <"DN"> /attrs:lastlogon,homemta,whencreated,lastlogontimestamp,samaccountname
dsquery * "<DN>" -scope base -attr lastlogontimestamp memberoff
repadmin /showattr <DCNAME> <"DN"> /attrs:lastlogon,homemta,whencreated,lastlogontimestamp,samaccountname
Create a batch file(for /f "eol= tokens=* delims= usebackq" %%x in (%1) do dsquery * %%x -scope base -attr sAMAccountName objectsid whencreated lastlogontimestamp mail homeMTA memberof) e.g ds.bat Create a text file (All users DN e.g:dn.txt) Open cmd & run ds.bat dn.txt >> c:\attr.txt
Create a batch file(for /f "eol= tokens=* delims= usebackq" %%x in (%1) do dsquery * %%x -scope base -attr sAMAccountName objectsid whencreated lastlogontimestamp mail homeMTA memberof) e.g ds.bat
Create a text file (All users DN e.g:dn.txt)
Open cmd & run ds.bat dn.txt >> c:\attr.txt
C:\>dsquery * -filter (samaccountname=biz) -attr name whenchanged name whenchanged biz 01/03/2014 07:02:14
C:\>dsquery * -filter (samaccountname=biz) -attr name whenchanged
name whenchanged
biz 01/03/2014 07:02:14
dsquery user -samid <bbiswas> | dsget user -sid dsquery * -filter (samaccountname=santhosh) – attr sid
dsquery user -samid <bbiswas> | dsget user -sid
dsquery * -filter (samaccountname=santhosh) – attr sid
Dsquery * -filter (samaccoutname=santhosh) – attr siDhistory
dsmod user <dn> -ln "<last name>"
dsquery * "dc=contoso,dc=com" -filter "(&(objectCategory=Person)(objectClass=User)(!accountExpires=0)(!accountExpires=9223372036854775807)) " -attr sAMAccountname displayName
dsquery computer OU=Test,DC=sivarajan,DC=com -limit 5000 | dsget computer -dn -disabled | find /i " no"
dsquery computer OU=Test,DC=sivarajan,DC=com -limit 5000 | dsget computer -dn -disabled | find /c /i " no"
for /f %%x in (%1) do dsquery computer -name %%x (Create a batch file with line & create a txt file computer.txt open cmd >>>>>>batchfile computer.txt >> c:\dn.txt
for /f %%x in (%1) do dsquery computer -name %%x
(Create a batch file with line & create a txt file computer.txt
open cmd >>>>>>batchfile computer.txt >> c:\dn.txt
dsquery computer -name test1 | dsget computer -memberof | dsget group -samid
dsquery * <"DN"> -scope base -attr operatingSystem
DsQuery Server -domain contoso.com -isgc
dsquery server -forest -limit 0 | dsget server -dnsname -site -isgc
dsquery * -filter (dc=contoso) -attr *
dsquery * forestroot -filter (objectclass=serviceconnectionpoint)
dsquery * "CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=yourdomain,DC=com" -scope base -attr tombstonelifetime
dsquery * "CN=Configuration,DC=contoso,DC=com" -filter "(&(objectClass=crossRef)(objectCategory=crossRef)(systemFlags=5))" -attr NcName msDS-NC-Replica-Locations
C:\>dsquery * CN=ActiveDirectoryUpdate,CN=ForestUpdates,cn=configuration,dc=msft ,dc=net -scope base -attr revision revision 5 C:\>dsquery * CN=ActiveDirectoryRodcUpdate,CN=ForestUpdates,cn=configuration,dc= msft,dc=net -scope base -attr revision revision 2
C:\>dsquery * CN=ActiveDirectoryRodcUpdate,CN=ForestUpdates,cn=configuration,dc= msft,dc=net -scope base -attr revision revision 2
dsquery * "DC=contoso,DC=com" -scope base -attr msDS-Behavior-Version ntMixedDomain
0, 0 Windows 2000 Native domain Level
0, 1 Windows 2000 Mixed domain Level
2, 0 Windows 2003 Domain Level
3, 0 Windows 2008 Domain Level
4, 0 Windows 2008 R2 Domain Level
dsquery partition Below example for single domain Below example for parent/child domain
dsquery partition
Below example for single domain
Below example for parent/child domain
dsquery subnet -name <CIDR> | dsget subnet
dsquery site -name * -limit 0 dsquery server -s <server> | dsget server -site
dsquery site -name * -limit 0
dsquery server -s <server> | dsget server -site
dsquery server -name test1 | dsget server -site dsquery server -name (provide the server name for DN) | dsget server -site
dsquery server -name test1 | dsget server -site
dsquery server -name (provide the server name for DN) | dsget server -site
dsquery site -limit 0
dsquery * cn=schema,cn=configuration,dc=domainname,dc=local -scope base -attr objectVersion or schupgr Shortest command for finding the schema version
dsquery * cn=schema,cn=configuration,dc=domainname,dc=local -scope base -attr objectVersion
or
schupgr
Shortest command for finding the schema version
(If the command displays no attributes, ensure that you typed TRUE in capital letters >dsquery * cn=Schema,cn=Configuration,dc=contoso,dc=com -filter "(&(objectCategory=attributeSchema)(isMemberOfPartialAttributeSet=TRUE))" -limit 0 -attr name
(If the command displays no attributes, ensure that you typed TRUE in capital letters
>dsquery * cn=Schema,cn=Configuration,dc=contoso,dc=com -filter "(&(objectCategory=attributeSchema)(isMemberOfPartialAttributeSet=TRUE))" -limit 0 -attr name
dsquery server | dsget server -dnsname -site -isgc
dsquery server -isreadonly
dsquery server -name test1 | dsget server -isgc
dsquery server -hasfsmo PDC
dsquery server -hasfsmo INFR
dsquery server -hasfsmo RID
dsquery server -forest -hasfsmo Schema
dsquery server -forest -hasfsmo Name
dsquery subnet -o rdn -site <site name>
dsquery server -o rdn -site <site name>
dsquery server -o rdn -forest
dsquery * -filter "(sAMAccountName=jsmith)" -s MyServer -attr givenName sn badPwdCount The badPwdCount attribute is not replicated, so a different value is saved for each user on each domain controller.
dsquery * -filter "(sAMAccountName=jsmith)" -s MyServer -attr givenName sn badPwdCount
The badPwdCount attribute is not replicated, so a different value is saved for each user on each domain controller.
i)dsget user <user DN> -effectivepso Example: C:\>dsget user "CN=bshwjt,OU=pso,DC=contoso,DC=com" - effectivepso effectivepso "CN=test,CN=Password Settings Container,CN=System,DC=contoso,DC=com" dsget succeeded ("bshwjt" is the user and test is the "PSO" also see the below snap)
i)dsget user <user DN> -effectivepso
Example:
C:\>dsget user "CN=bshwjt,OU=pso,DC=contoso,DC=com" - effectivepso effectivepso "CN=test,CN=Password Settings Container,CN=System,DC=contoso,DC=com" dsget succeeded ("bshwjt" is the user and test is the "PSO" also see the below snap)
C:\>dsget user "CN=bshwjt,OU=pso,DC=contoso,DC=com" - effectivepso
effectivepso
"CN=test,CN=Password Settings Container,CN=System,DC=contoso,DC=com"
dsget succeeded
("bshwjt" is the user and test is the "PSO" also see the below snap)
C:\>dsquery * "<CN=your pso name>,CN=Password Settings Container,CN=System,DC=contoso,DC=com" -scope base -attr *
In this example, the SAM account name and the security ID (SID) of each user is displayed.
dsquery user | dsget user -samid -sid -limit 0 >> c:\Allusers-samid-sid.txt
dsquery * -filter "samaccountname=biswajit" -attr homemdb
dsquery * CN=ms-Exch-Schema-Version-Pt,cn=schema,cn=configuration,dc=domain,dc=local -scope base -attr rangeUpper
C:\>dsquery * forestroot -filter "&(cn=Microsoft Hyper-V)(objectCategory=serviceconnectionpoint)" -attr servicebindinginformation >> c:\hyper-v.txt
C:\>dsquery * forestroot -filter "&(cn=windows virtual machine)(objectCategory=serviceconnectionpoint)" -limit 0 -attr * >> c:\allvirtualPCs.txt
C:\>dsquery * DC=DomainDnsZones,DC=contoso,DC=com -scope base -attr msDs-masteredBy
C:\>dsquery * DC=forestDnsZones,DC=contoso,DC=com -scope base -attr msDs-masteredBy
dsquery * -filter "(UserAccountControl:1.2.840.113556.1.4.803:=2097152)"
http://social.technet.microsoft.com/wiki/contents/articles/5392.active-directory-ldap-syntax-filters.aspx
http://technet.microsoft.com/en-us/library/cc732535.aspx
http://www.rlmueller.net/ADOSearchTips.htm
Find the Blogs for more DSQUERY, those are very helpful and effective. http://social.technet.microsoft.com/wiki/contents/articles/3537.aspx http://social.technet.microsoft.com/Forums/en-AU/winserverDS/thread/bf5bce23-c1d5-43ac-a47f-8a0585792903
Find the Blogs for more DSQUERY, those are very helpful and effective.
http://technet.microsoft.com/en-us/library/cc754232%28WS.10%29.aspx#BKMK_examplesDSQuery
http://mcpmag.com/articles/2007/08/01/dsquery-and-then-some.aspx