dsquery

dsquery

new in WS2003

Search for a specific type of object within Active Directory.

Syntax

 dsquery   command     switches   [{-s   Server   -d   Domain   }] [-u   UserName   ]  [-p {   Password   *}] [-desc   Description   ] [-q] [-r] [-gc] [-limit   N   ]

Options

command: Any dsquery command (see below)
switches: Various switches that go with each command (see below)
{-s Server -d Domain}: Connects to a specified server or domain to run the command (if omitted, defaults to domain controller in logon domain).
[-u UserName] [-p {Password *}]: Credentials for running the command. Specify UserName as domain\ user or user@domain . If -p * , prompts for password.
-desc Description: Description for the object.
-q: Runs in quiet mode to suppress standard output of command.
-r: Performs recursive search or follows referrals during search.
-gc: Performs the search using the global catalog.
-limit N: Number of results to be returned (default is 1000).

Commands

Here is a list of supported dsquery commands together with a brief description of their syntax (only the most commonly used switches are described).

dsquery computer [{StartNode forestroot domainroot}] [-o {dn rdn samid}] [-scope { subtree onelevel base}] [-name Name ] [-samid SAMName] [-inactive Weeks] [-stalepwd Days] [-disabled]

Searches for computers within Active Directory. The switches here are:

{StartNode forestroot domainroot}: Where to begin the search (default is domainroot )
-o {dn rdn samid}: Output search results by distinguished name, relative distinguished name, or SAM account name of each object
-scope {subtree onelevel base}: Scope of search to be entire subtree of start node, immediate children of start node, or start node only
-name Name: Searches for computers with specified name (wildcards supported)
-samid SAMName: Searches for computer accounts with specified SAM account name
-inactive Weeks: Searches for computer accounts that have been stale (inactive) for a certain number of weeks
-stalepwd Days: Searches for computers whose password has not been modified for a certain number of weeks
-disabled: Searches for disabled computer accounts

dsquery contact [{StartNode forestroot domainroot}] [-o {dn rdn}] [-scope {subtree onelevel base}] [-name Name]

Searches for contacts within Active Directory. See dsquery computer earlier in this list for an explanation of switches.

dsquery group [{StartNode forestroot domainroot}] [-o {dn rdn samid}] [-scope {subtree onelevel base}] [-name Name] [-samid SAMName]

Searches for groups within Active Directory. See dsquery computer earlier in this list for an explanation of switches.

dsquery ou [{StartNode forestroot domainroot}] [-o {dn rdn}] [-scope {subtree onelevel base}] [-name Name]

Searches for organizational units within Active Directory. See dsquery computer earlier in this list for an explanation of switches.

dsquery partition [-o {dn rdn}] [-part PartitionCN]

Searches for partitions matching the common name PartitionCN .

dsquery quota [{domainroot ObjectDN}] [-o {dn rdn}] [-acct Name] [-qlimit Filter]

Searches for quota specifications within Active Directory. The switches here are:

domainroot ObjectDN: Specifies the starting point for the search, either the root of the domain or the distinguished name of a specified container
-o {dn rdn samid}: Output search results by distinguished name, relative distinguished name, or SAM account name of each object
-acct Name: The security principal to which the quota specifications queried are assigned
-qlimit Filter: Searches for quota specifications matching the filter condition, for example, " =100 " or " <=75 " percent

dsquery server [-forest] [-domain DomainName] [-site SiteName] [-o {dn rdn}] [-name Name] [-hasfsmo {schema name infr pdc rid}] [-isgc]

Searches for domain controllers within Active Directory. See dsquery computer earlier in this list for an explanation of some switches. Other switches include:

-forest: Searches for domain controllers in the forest
-domain DomainName: Searches for domain controllers in the specified domain
-site SiteName: Searches for domain controllers in the specified site
-hasfsmo {schema name infr pdc rid}: Searches for domain controllers with a specific FSMO role assigned
-isgc: Searches for domain controllers that are global catalog servers

dsquery site [-o {dn rdn}] [-name Name]

Searches for sites within Active Directory. See dsquery computer earlier in this list for an explanation of switches.

dsquery user [{StartNode forestroot domainroot}] [-o {dn rdn samid upn}] [-scope {subtree onelevel base}] [-name Name] [-upn UserPrincipalName] [-samid SAMName] [-inactive Weeks] [-stalepwd Days] [-disabled]

Searches for user accounts within Active Directory. See dsquery computer earlier in this list for an explanation of these switches.

dsquery * [{StartNode forestroot domainroot}] [-scope {subtree onelevel base}] [-filter LDAPFilter] [-attr {AttributeList *}] [-attrsonly] [-l]

Searches for objects in Active Directory by using an LDAP query.

Examples

Search for all computer accounts in the forest:

  dsquery computer forestroot -o dn  "CN=ESRV210D,OU=Sales,DC=mtit,DC=local" "CN=ESRV230D,CN=Computers,DC=mtit,DC=local" "CN=DESK155,OU=Sales,DC=mtit,DC=local" "CN=DESK156,OU=Sales,DC=mtit,DC=local" "CN=DESK157,OU=Sales,DC=mtit,DC=local"

Restrict search to computers whose name begins with D and which reside in the Sales OU, displaying results as SAM account names :

  dsquery computer OU=Sales,DC=mtit,DC=local -o samid -name d*  "DESK155$" "DESK156$" "DESK157$"

Search for the PDC Emulator in the local domain:

  dsquery server -hasfsmo pdc  "CN=ESRV210D,CN=Servers,CN=Default-First- Site,CN=Sites,CN=Configuration,DC=mtit,DC=local"

Display all partitions in Active Directory:

  dsquery partition  "DC=TAPI3Directory,DC=mtit,DC=local" "DC=DomainDnsZones,DC=mtit,DC=local" "DC=ForestDnsZones,DC=mtit,DC=local" "CN=Configuration,DC=mtit,DC=local" "DC=mtit,DC=local" "CN=Schema,CN=Configuration,DC=mtit,DC=local"

Syntax

Options

Commands

Examples

See Also