In this DSQuery example we just want to trawl the users folder and find out who is in that container.
dsquery user cn=users,dc=cp,dc=com
Learning Points
Note 1: The default users' folder is actually a container object called cn=users. My point is if you try ou=users, the command fails.
Note 2: I queried users, however dsquery requires the singular user, not userS. Other objects that you can query are computer (not computers!), group or even contact.
Challenge 1: Substitute OU=xyz for cn=users, where xyz is the name of your OU. Unfortunately, cn=users domainroot does not work.
Challenge 2: Substitute computer for user
Guy Recommends: Solarwinds' Free Bulk Import Tool
Import users from a spreadsheet. Just provide a list of the
users with their fields in the
top row, and save as .csv file. Then launch this FREE utility and match
your fields with AD's
attributes, click and import the users. Optionally, you can
provide the name of the OU where the new accounts will be born.
There are also two bonus tools in the free download, and all 3 have been approved by Microsoft:
Here is a wonderful command to find the FSMO roles (Flexible Single Master Roles) -hasfsmo. The arguments, which correspond to the 5 roles are: schema, rid, name, infr and pdc.
dsquery server -hasfsmo schema
Learning Points
Note 1: The command is -hasfsmo not ?hasfsmo as in some documents.
This DSQuery example shows two ways to filter your output and so home in on what you are looking for. Let us pretend that we know the user's name but have no idea which OU they are to be found. Moreover,
we are not sure whether their name is spelt Smith, Smithy or Smithye.
dsquery user domainroot -name smith* or dsquery user dc=cp,dc=com -name smith* d or plain dsquery user smith*
Learning Points
Note 1: Remember to type the singular user.
Note 2: Probably no need to introduce *, you probably realize it's a wildcard.
Note 3: -name is but one of a family of filters. -desc or -disabled are others.
Guy
Recommends: Permissions Analyzer - Free Active Directory Tool
I like the
Permissions Monitor because it enables me to see quickly WHO has permissions
to do WHAT. When you launch this tool it analyzes a users effective NTFS
permissions for a specific file or folder, takes into account network share
access, then displays the results in a nifty desktop dashboard!
Think of all the frustration that this free utility saves when you are
troubleshooting authorization problems for users access to a resource.
The purpose of -o rdn is to reduce the output to just the relative distinguished name. In a nutshell rdn strips away the OU=, DC= part which you may not be interested in.
dsquery user -name smith* -o rdn
Learning Points
Note 1: o is the letter oh (not a number). In my minds eye o stands for output.
Note 2: There is a switch -o dn, but this is not a switch I use.
Summary - DSQuery
Knowledge is power. The DS family in general and DSQuery in particular, are handy commands for interrogating Active Directory from the command line. Perhaps the day will come when you need to
find a user, computer or group without calling for the Active Users and Computers GUI.
Next try DSGet.
If you like this page then please share it with your friends
See more of the DS family of built-in Active Directory utilities
Windows Management Instrumentation (WMI) is one of the hidden
treasures of Microsoft operating systems.
Fortunately, Solarwinds
have created the
Free WMI Monitor so that you can actually see and understand these gems of
performance information. Take the guess work out of which
WMI counters to use for applications like Microsoft Active Directory,
SQL or Exchange Server.
