New DS built-in tools for Windows Server 2003
At last I have found a real useful member of the DS family of utilities. If I need
to find a user quickly from the command prompt, i call for DSQuery.
Let us find how many Organizational Units are there in your domain? This command will produce a listing of all OUs with this command.
dsquery ou dc=mydom,dc=com
or
dsquery ou domainroot
Learning Points
Note 1: dc does NOT mean domain controller, it means domain context.
Note 2: The dc commands are not case sensitive, but they dislike spaces.
dc=mydom, dc=com will draw an error.
Note 3: If you haven't got any OUs (Organizational Units), I seriously suggest that you create some to organize your users.
Note 4: Best of all, in this scenario, you can substitute domainroot for dc=cp.
In this example we just want to trawl the users folder and find out who is in that container.
dsquery user cn=users,dc=cp,dc=com
Learning Points
Note 1: The default users' folder is actually a container object called cn=users. My point is if you try ou=users, the command fails.
Note 2: I queried users, however dsquery requires the singular user, not userS. Other objects that you can query are computer (not computers!), group or even contact.
Challenge 1: Substitute OU=xyz for cn=users, where xyz is the name of your OU. Unfortunately, cn=users domainroot does not work.
Challenge 2: Substitute computer for user
Suppose you want to list all of your domain controllers, (not computers). Which command do you think would supply the information?
dsquery server
dsquery server domainroot
dsquery server dc=cp,dc=com
Learning Points
Note 1: Amazingly, dsquery server, the simplest command get the job done. Note 2: I thank Jim D for pointing out that we want here is the singular 'server'.
Here is a wonderful command to find the FSMO roles (Flexible Single Master Roles) -hasfsmo. The arguments, which correspond to the 5 roles are: schema, rid, name, infr and pdc.
dsquery server -hasfsmo schema
Learning Points
Note 1: The command is -hasfsmo not ?hasfsmo as in some documents.
This DSQuery example shows two ways to filter your output and so home in on what you are looking for. Let us pretend that we know the user's name but have no idea which OU they are to be found. Moreover,
we are not sure whether their name is spelt Smith, Smithy or Smithye.
dsquery user domainroot -name smith*
or
dsquery user dc=cp,dc=com -name smith* d
or plain
dsquery user smith*
Learning Points
Note 1: Remember to type the singular user.
Note 2: Probably no need to introduce *, you probably realize it's a wildcard.
Note 3: -name is but one of a family of filters. -desc or -disabled are others.
The purpose of -o rdn is to reduce the output to just the relative distinguished name. In a nutshell rdn strips away the OU=, DC= part which you may not be interested in.
dsquery user -name smith* -o rdn
Learning Points
Note 1: o is the letter oh (not a number). In my minds eye o stands for output.
Note 2: There is a switch -o dn, but this is not a switch I use.
Summary - DSQuery
Knowledge is power. The DS family in general and DSQuery in particular, are handy commands for interrogating Active Directory from the command line. Perhaps the day will come when you need to
find a user, computer or group without calling for the Active Users and Computers GUI. Next try DSGet.
The DS family of built-in utilities
See Also
|
