Search This Blog

Tuesday, December 18, 2012

Active Directory | LDAP - DSQuery user






DSQuery user

Search for users in active directory.

Syntax
    DSQuery User [{StartNode | forestroot | domainroot}] [-o {dn | rdn | samid}] [-scope {subtree | onelevel | base}] [-name Name] [-desc Description] [-upn UPN] [-samid Filter] [-inactive NumberOfWeeks] [-stalepwd NumberOfDays] [-disabled] [{-s Server | -d Domain}] [-u UserName] [-p {Password | *}] [-q] [-r] [-gc] [-limit NumberOfObjects] [{-uc | -uco | -uci}]
Key
         StartNode | forestroot | domainroot The node in the console tree where the search starts. forestroot = search using the global catalog.

-o                               The format used to display the search results.
                                    dn = distinguished name.
                                    rdn = relative distinguished name.
                                    samid = Security Accounts Manager (SAM) account name.

-scope                     The scope of the search:
                                     subtree = subtree that is rooted at the start node in the console tree.
                                     onelevel = immediate children of the start node only.
                                     base = single object that the start node represents.
                                     If forestroot is the StartNode, then subtree is the only valid scope.

-name                        Search for user(s) whose name attribute(CN) matches Name.
                                     For example, "br*"

-desc                              Search for user(s) whose description matches. For example, "contractor*"

 -upn                                Users whose UPN attribute matches UPN

 -samid                           User(s) whose SAM account name matches SAMName

 -inactive                    Users who have been inactive for n number of weeks

 -stalepwd                     Users who have not changed their passwords for n days

-disabled                    Users with disabled accounts

 -s                                     Server to connect to (Default=the domain controller in the logon domain.)

 -d                                     Domain to connect to.

 -u                                     Username with which the user logs on to a remote server.

 -p                                       Password (UserName or Domain\UserName or Username@domain.com)

 -q                                     Quiet, suppress all output

 -r                                     Recursive search (follow referrals)

 -gc                                    Use the AD global catalog during the search.

 -limit                             The maximum number of objects to return, default=100.

 -uc                                    Unicode format

 -uco                                Unicode format for output only

 -uci                                  Unicode format for input only

Examples

Find all inactive accounts (more than 4 weeks inactive)

C:\> dsquery user -inactive 4

Disable all inactive accounts (more than 4 weeks inactive)

C:\> dsquery user -inactive 4 | dsmod user -disabled yes

Export all active users to .txt file.

C:\> dsquery user -limit 1000 -o rdn -name * > c:\all_users.txt

Export all disabled users to .txt file.

C:\> dsquery user -limit 1000 -o rdn -disabled -name * > c:\all_disabled_users.txt

Posted by at 0 comments
Labels: , , ,
Subscribe to: Posts (Atom)