dsget

Previous page
Table of content
Next page

dsget new in WS2003

Displays properties of objects in Active Directory.

Syntax 

 dsget   command     switches   [{-s   Server   -d   Domain   }] [-u   UserName   ]  [-p {   Password   *}] [-q] [-c] [-l] [-desc]

Options

command

Any dsget command (see below).

switches

Various switches that go with each command (see below)

{-s Server -d Domain}

Connect to a specified server or domain to run the command (if omitted, defaults to domain controller in logon domain).

[-u UserName] [-p {Password *}]

Credentials for running the command. Specify UserName as domain\ user or user@domain . If -p * , prompts for password.

-q

Runs in quiet mode to suppress standard output of command.

-c

Reports errors and then continues with next object in argument list if multiple objects are specified; otherwise exits upon error.

-l

Displays output in list format instead of the default table format.

-desc

Displays the description for the object.

Commands

Here is a list of supported dsget commands together with a brief description of their syntax (only the most commonly used switches are described):

dsget computer ComputerDN... [-dn] [-samid] [-sid] [-disabled] [-part PartitionDN [-qlimit] [-qused]]

Displays properties of one or more computer accounts identifed by their distinguished names . Options include:

-dn

Displays the distinguished name of each computer

-samid

Displays the SAM account name of each computer

-sid

Displays the SID of each computer

-disabled

Displays whether computer account is enabled (yes) or disabled (no)

-part PartitionDN [-qlimit] [-qused]

Displays the configured and used quota values for the computer account in Active Directory

dsget computer ComputerDN [-memberof [-expand]]

This variation of dsget computer displays which groups the specified computer belongs to. The -expand switch recursively expands the list of groups to which the computer belongs.

dsget contact ContactDN... dn] [-fn] [-ln] [-email] ...

Displays first name, last name, email address, and other info about one or more contacts identified by their distinguished names.

dsget group GroupDN... [-dn] [-secgrp] [-scope] [-samid] [-sid] [-part PartitionDN [-qlimit] [-qused]]

Displays properties of one or more groups identified by their distinguished names. See dsadd group earlier in this chapter for info about -secgrp and -scope options.

dsget group GroupDN [-memberof [-expand]]

This variation of dsget group displays which groups the specified group belongs to. The -expand switch recursively expands the list of groups to which the group belongs.

dsget ou OrganizationalUnitDN... [-dn]

Displays properties of one or more organizational units specified by their distinguished names.

dsget partition ObjectDN... [-dn] [-qdefault] [-qtmbstnwt] [-topobjowner N]

Displays properties of the specified partition object and their default quota and tombstone object count.

dsget quota ObjectDN [-dn] [-acct] [-qlimit]

Displays the properties of a quota specification defined in Active Directory. Here ObjectDN is the distinguished name of the quota object being viewed , -acct displays the DN of the accounts to which the quotas are assigned, and -qlimit the quota limits for the specified quotas.

dsget server ServerDN... [-dn] [-dnsname] [-site] [-isgc]

Displays properties of one or more domain controllers specified by their distinguished names. Options here include:

-dnsname

Displays the DNS names of the servers

-site

Displays the sites to which the servers belong

-isgc

Indicates whether the server is a global catalog server (yes) or not (no)

dsget server ServerDN -part PartitionDN

This variation of dsget server displays the distinguished names of the directory partitions on the specified domain controller.

dsget server ServerDN -topobjowner N

This variation of dsget server lists the N security principals that own the greatest number of directory ojects on the specified domain controller.

dsget site SiteDN... [-dn] [-autotopology] [-cachegroups] [-prefGCsite]

Displays properties of one or more sites specified by their distinguished names. The options here are:

-autotopology

Indicates whether automatic intersite topology generation is enabled (yes) or not (no)

-cachegroups

Indicates whether caching of universal group memberships is enabled (yes) or not (no)

-prefGCsite

Displays the preferred global catalog site used for refreshing universal group membership caching for domain controllers in this site

dsget subnet SubnetDN [-dn] [-site]

Displays properties of one or more subnets specified by their distinguished names.

dsget user UserDN... [-dn] [-samid] [-sid] [-upn] [-fn] [-ln] [-display] [-pwd] [-tel] [-email] [-title] [-company] [-hmdir] [-profile] [-pwdneverexpires] ...

Displays the properties of one or more user accounts specified by their distinguished names. See dsadd user earlier in this chapter for information on some of the switches here.

dsget user UserDN [-memberof] [-expand]

This variation of dsget user displays which groups the specified user belongs to. The -expand switch recursively expands the list of groups to which the user belongs.

Examples

Display the SAM account name and SID number of the computer named DESK155 located in the Sales OU of the mtit.local domain: 

  dsget computer CN=DESK155,OU=Sales,DC=mtit,DC=local -samid -sid  samid       sid   DESK155$    S-1-5-21-3989638602-2554627321-2483607968-1111 dsget succeeded

Use dsget in interactive mode to display the account status (enabled or disabled) for three computers in the Sales OU: 

  dsget computer -disabled   CN=DESK155,OU=Sales,DC=mtit,DC=local   CN=DESK156,OU=Sales,DC=mtit,DC=local   CN=DESK157,OU=Sales,DC=mtit,DC=local   ^Z  disabled   no   no   yes dsget succeeded

Display selected properties of Human Resources group in list format: 

  dsget group "CN=Human Resources,OU=Sales,DC=mtit,   DC=local" -dn -secgrp -scope -samid -sid -l  dn: CN=Human Resources,OU=Sales,DC=mtit,DC=local samid: Human Resources sid: S-1-5-21-3989638602-2554627321-2483607968-1112 scope: domain local secgrp: yes     dsget succeeded

Display properties of user Bob Jones in the Sales department: 

  dsget user CN=bjones,OU=Sales,DC=mtit,DC=local -samid -sid -upn -l  samid: bjones sid: S-1-5-21-3989638602-2554627321-2483607968-1114 upn: bjones@mtit.local     dsget succeeded

Display the groups to which Bob belongs: 

  dsget user CN=bjones,OU=Sales,DC=mtit,DC=local -memberof  "CN=Human Resources,OU=Sales,DC=mtit,DC=local" "CN=Domain Users,CN=Users,DC=mtit,DC=local"

List the properties of a domain controller named ESRV210D located in Default-First-Site, in particular its DNS name and whether it is a global catalog server or not: 

  dsget server CN=ESRV210D,CN=Servers,CN=Default-FirstSite,  CN=Sites,CN=Configuration, DC=mtit,DC=local -dnsname -isgc -l  dnsname: esrv210d.mtit.local isgc: yes dsget succeeded

Note that here the distinguished name involved the location of the domain controller in the Configuration container.

See Also

Active Directory , dsadd , dsmod , dsmove , dsquery , dsrm , Groups , Users


Previous page
Table of content
Next page
Windows Server 2003 in a Nutshell
Windows Server 2003 in a Nutshell
ISBN: 0596004044
EAN: 2147483647
Year: 2003
Pages: 415
Authors: Mitch Tulloch
BUY ON AMAZON
Cisco IP Communications Express: CallManager Express with Cisco Unity Express
Managing Enterprise Systems with the Windows Script Host
Microsoft Windows Server 2003(c) TCP/IP Protocols and Services (c) Technical Reference
Java How to Program (6th Edition) (How to Program (Deitel))
Sap Bw: a Step By Step Guide for Bw 2.0
DNS & BIND Cookbook
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy