Skip navigation
Menu
Compute Engines

JSI Tip 7992. How do I know what attribute names to use when performing a 'DSQUERY *'?


In an earlier tip, I introduced DSQUERY, an Active Directory command-line tool.

In Tip 7714, What attribute names can I use with the user filtered dsquery command, I introduced the DSQUERY * form of the query, which has the following syntax:

Syntax:     dsquery * \[\{ | forestroot | domainroot\}\]
            \[-scope \{subtree | onelevel | base\}\] \[-filter \]
            \[-attr \{ | *\}\] \[-attrsonly\] \[-l\]
            \[\{-s  | -d \}\] \[-u \]
            \[-p \{ | *\}\] \[-q\] \[-r\] \[-gc\]
            \[\{-uc | -uco | -uci\}\]
The following table shows the DSQUERY * equivalent for the standard DSQUERY Types:

DSQUERY Type          Equivalent
Computer dsquery * domainroot -filter "(&(objectCategory=Computer)(objectClass=Computer)(<Optional Filter>))" -attr <AttrList> -Limit 0
Contact dsquery * domainroot -filter "(&(objectCategory=Person)(objectClass=contact)(<Optional Filter>))" -attr <AttrList> -Limit 0
Subnet dsquery * forestroot -filter "(&(objectClass=subnet)(<Optional Filter>))" -attr <AttrList> -Limit 0
Group dsquery * domainroot -filter "(&(objectCategory=Group)(objectClass=group)(<Optional Filter>))" -attr <AttrList> -Limit 0
OU dsquery * domainroot -filter "(&(objectCategory=Organizational-Unit)(objectClass=organizationalUnit)(<Optional Filter>))" -attr <AttrList> -Limit 0
Site dsquery * forestroot -filter "(&(objectClass=site)(<Optional Filter>))" -attr <AttrList> -Limit 0
Server dsquery * forestroot -filter "(&(objectClass=server)(<Optional Filter>))" -attr <AttrList> -Limit 0
User dsquery * domainroot -filter "(&(objectCategory=Person)(objectClass=User)(<Optional Filter>))" -attr <AttrList> -Limit 0
quota dsquery * domainroot -filter "(&(objectClass=quota)(<Optional Filter>))" -attr <AttrList> -Limit 0
partition dsquery * forestroot -filter "(&(objectClass=dMD)(<Optional Filter>))" -attr <AttrList> -Limit 0

The names in <AttrList> and <Optional Filter> that you can use vary by DSQUERY Type.

I have scripted DSQuery_Attributes.bat, to display the unique attributes that YOU have maintained in the Active Directory for a specified DSQUERY Type, and the  ObjectClass data values for that DSQUERY Type.

NOTE: Prior to running DSQuery_Attributes.bat, you might want to use the appropriate MMC Snap-in to create a dummy object, and use the GUI to set data into every possible field.

The syntax for using DSQuery_Attributes.bat is:

DSQuery_Attributes \[computer|contact|subnet|group|ou|site|server|user|quota|partition\] \[computer|contact|subnet|group|ou|site|server|user|quota|partition\]

Example

To generate a DSQuery_computer.txt file, a DSQuery_server.txt file,  and a DSQuery_ou.txt file in the current directory, run:

DSQuery_Attributes computer server ou

Using the information from the DSQuery_computer.txt file, you could create a filtered query  that returns only those computers that have a description, showing their distinguishedName, dNSHostName, description, and whenCreated: 

dsquery * domainroot -filter "(&(objectClass=Computer)(description=*))" -attr distinguishedname dNSHostName description whenCreated -limit 0
Using information from a DSQuery_group.txt file, you could create an unfiltered query to show all groups, using their sAMAccountName and description:

dsquery * domainroot -filter "(&(objectClass=group))" -attr sAMAccountName description -limit 0
DSQuery_Attributes.bat contains:
@echo off
If \{%1\}
\{\} @echo Syntax: DSQuery_Attributes \[computer^|contact^|subnet^|group^|ou^|site^|server^|user^|quota^|partition\]&exit /b 0

setlocal
:loop
if \{%1\}\{\} goto finish
set param=%1
shift
if exist DSQuery_%param%.txt del /q DSQuery_%param%.txt
if exist "%TEMP%\dsquery_%param%.tm1" del /q "%TEMP%\dsquery_%param%.tm1"
for /f "Tokens=*" %%a in ('dsquery %param%') do (
 for /f "Tokens=1* Delims=:" %%b in ('dsquery * forestroot -filter "(&(distinguishedName="%%a"))" -attr * -limit 0') do (
  call :Object %%b "%%c"
 )
)
if not exist "%TEMP%\dsquery_%param%.tm1" @echo NONE>"%TEMP%\dsquery_%param%.tm1"
sort "%TEMP%\dsquery_%param%.tm1" /o "%TEMP%\dsquery_%param%.tm2"
for /f "Tokens=*" %%d in ('type "%TEMP%\dsquery_%param%.tm2"') do (
 call :dups %%d
)
if exist "%TEMP%\dsquery_%param%.tm1" del /q "%TEMP%\dsquery_%param%.tm1"
if exist "%TEMP%\dsquery_%param%.tm2" del /q "%TEMP%\dsquery_%param%.tm2"
goto loop
:finish
endlocal
exit /b 0
:dups
if "%prev%" EQU "%1" goto :EOF
@echo %1>>DSQuery_%param%.txt
set prev=%1
goto :EOF
:Object
if /i "%1" EQU "ObjectClass" goto Objects
@echo %1>>"%TEMP%\dsquery_%param%.tm1"
goto :EOF
:Objects
set objectdata=%2
set objectdata=%objectdata:" =%
set objectdata=%objectdata:"=%
if /i "%objectdata%" EQU "top" goto :EOF
@echo %1:%objectdata%>>"%TEMP%\dsquery_%param%.tm1"



Hide comments

More information about text formats

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish
Recommended Reading
empty cockpit of autonomous car
What Is a Real-Time Operating System, and Who Needs One?
Mar 05, 2024
ERP button on keyboard
5 ERP Trends to Watch in 2024
Jan 17, 2024
automation key on keyboard
Storage Management as a Case Study for Network Automation Adoption
Dec 21, 2023
Abstract technology concept lighting effect on dark blue background
Top 10 Stories About Compute Engines, Linux in 2023
Dec 18, 2023