The dsquery user command is very easy to use and
surprisingly powerful. For instance, from your Windows XP desktop, you can query your Windows 2000 SP3+ domain,
or Windows Server 2003 domain, for the distinguished name of all members of the sales organizational unit (OU)
who have not logged on in 4 weeks:
dsquery user ou=sales,dc=jsiinc,dc=com -inactive 4
NOTE: See What can I do with the DSGET USER command?
When you type dsquery user /?, you receive:
Description: Finds users in the directory per given criteria. Syntax: dsquery user \[\{<StartNode> | forestroot | domainroot\}\] \[-o \{dn | rdn | upn | samid\}\] \[-scope \{subtree | onelevel | base\}\] \[-name <Name>\] \[-desc <Description>\] \[-upn <UPN>\] \[-samid <SAMName>\] \[-inactive <NumWeeks>\] \[-stalepwd <NumDays>\] \[-disabled\] \[\{-s <Server> | -d <Domain>\}\] \[-u <UserName>\] \[-p \{<Password> | *\}\] \[-q\] \[-r\] \[-gc\] \[-limit <NumObjects>\] \[\{-uc | -uco | -uci\}\] Parameters: Value Description \{<StartNode> | forestroot | domainroot\} The node where the search will start: forest root, domain root, or a node whose DN is <StartNode>. Can be "forestroot", "domainroot" or an object DN. If "forestroot" is specified, the search is done via the global catalog. Default: domainroot. -o \{dn | rdn | upn | samid\} Specifies the output format. Default: distinguished name (DN). -scope \{subtree | onelevel | base\} Specifies the scope of the search: subtree rooted at start node (subtree); immediate children of start node only (onelevel); the base object represented by start node (base). Note that subtree and domain scope are essentially the same for any start node unless the start node represents a domain root. If forestroot is specified as <StartNode>, subtree is the only valid scope. Default: subtree. -name <Name> Finds users whose name matches the filter given by <Name>, e.g., "jon*" or "*ith" or "j*th". -desc <Description> Finds users whose description matches the filter given by <Description>, e.g., "jon*" or "*ith" or "j*th". -upn <UPN> Finds users whose UPN matches the filter given by <UPN>. -samid <SAMName> Finds users whose SAM account name matches the filter given by <SAMName>. -inactive <NumWeeks> Finds users that have been inactive (not logged on) for at least <NumWeeks> number of weeks. -stalepwd <NumDays> Finds users that have not changed their password for at least <NumDays> number of days. -disabled Finds users whose account is disabled. \{-s <Server> | -d <Domain>\} -s <Server> connects to the domain controller (DC) with name <Server>. -d <Domain> connects to a DC in domain <Domain>. Default: a DC in the logon domain. -u <UserName> Connect as <UserName>. Default: the logged in user. User name can be: user name, domain\user name, or user principal name (UPN). -p <Password> Password for the user <UserName>. If * is specified, then you are prompted for a password. -q Quiet mode: suppress all output to standard output. -r Recurse or follow referrals during search. Default: do not chase referrals during search. -gc Search in the Active Directory global catalog. -limit <NumObjects> Specifies the number of objects matching the given criteria to be returned, where <NumObjects> is the number of objects to be returned. If the value of <NumObjects> is 0, all matching objects are returned. If this parameter is not specified, by default the first 100 results are displayed. \{-uc | -uco | -uci\} -uc Specifies that input from or output to pipe is formatted in Unicode. -uco Specifies that output to pipe or file is formatted in Unicode. -uci Specifies that input from pipe or file is formatted in Unicode. Remarks: The dsquery commands help you find objects in the directory that match a specified search criterion: the input to dsquery is a search criteria and the output is a list of objects matching the search. To get the properties of a specific object, use the dsget commands (dsget /?). If a value that you supply contains spaces, use quotation marks around the text (for example, "CN=John Smith,CN=Users,DC=microsoft,DC=com"). If you enter multiple values, the values must be separated by spaces (for example, a list of distinguished names). Examples: To find all users in a given organizational unit (OU) whose name starts with "jon" and whose account has been disabled for logon and display their user principal names (UPNs): dsquery user ou=Test,dc=microsoft,dc=com -o upn -name jon* -disabled To find all users in only the current domain, whose names end with "smith" and who have been inactive for 3 weeks or more, and display their DNs: dsquery user domainroot -name *smith -inactive 3 To find all users in the OU given by ou=sales,dc=microsoft,dc=com and display their UPNs: dsquery user ou=sales,dc=microsoft,dc=com -o upn See also: dsquery computer /? - help for finding computers in the directory. dsquery contact /? - help for finding contacts in the directory. dsquery subnet /? - help for finding subnets in the directory. dsquery group /? - help for finding groups in the directory. dsquery ou /? - help for finding organizational units in the directory. dsquery site /? - help for finding sites in the directory. dsquery server /? - help for finding servers in the directory. dsquery user /? - help for finding users in the directory. dsquery quota /? - help for finding quotas in the directory. dsquery partition /? - help for finding partitions in the directory. dsquery * /? - help for finding any object in the directory by using a generic LDAP query. Directory Service command-line tools help: dsadd /? - help for adding objects. dsget /? - help for displaying objects. dsmod /? - help for modifying objects. dsmove /? - help for moving objects. dsquery /? - help for finding objects matching search criteria. dsrm /? - help for deleting objects. dsquery failed:The parameter is incorrect. type dsquery /? for help.
0 comments
Hide comments