Contents for Ezine 66 – DSQuery
- This Week’s Secret
- This Week’s Mission is to master DSQuery
- Example 1 – To list all the OUs in your domain
- Example 2 – To find all users in the default Users folder
- Example 3 – To list all your Domain Controllers
- Example 4 – To query the FSMO roles of your Domain Controllers
- Example 5 – To find all users whose name begins with smith*
- Example 6 – To filter the output with -o rdn
- Updated Example 3 = server (singular).
♣
This Week’s Secret
Let me explain how I came to schedule DSQuery as this week’s topic.
Firstly, did you know that each Windows process has a priority? Well, one day last week I was pondering how a process with a lower priority ever got a chance to run on the processor. For example, if a process with a priority of 24 was running, how on earth could a program with a priority of 7 ever run? Surely the process with a priority of 24 always bullied the program which only had a priority of 7?
The answer is there is a secondary scheduler which boosts a process priority every time it misses a turn on the processor. So after missing 18 turns the process which started with a priority of 7 is boosted to 25 and so has its chance to run on the CPU.
Well, this week I feel that DSQuery is like that program with a priority of 7. As it has missed 24 ezines, its priority has been boosted and so it is DSQuery’s turn to feature.
Guy Recommends: SolarWinds’ Free Bulk Import Tool
Import users from a spreadsheet. Just provide a list of the users with their fields in the top row, and save as .csv file. Then launch this FREE utility and match your fields with AD’s attributes, click and import the users.
Optionally, you can provide the name of the OU where the new accounts will be born. Download your FREE bulk import tool.
If you need more comprehensive software, download a free trial of SAM (Server & Application Monitor)
This Week’s Mission is to master DSQuery
Firstly, where does DSQuery come from? Windows 2000 – no, XP – no. The answer is Windows Server 2003. Actually, Windows 2003 has a whole family of DS commands, the other members are: DSAdd, DSMod, DSRm and DSMove.
The DS family remind me of UNIX commands in that they operate at the command line, use powerful verbs, and produce plenty of action. One pre-requisite for getting the most from this DS family is a working knowledge of LDAP.
Guy Recommends: Tools4ever’s UMRA
Tired of writing scripts? The User Management Resource Administrator solution by Tools4ever offers an alternative to time-consuming manual processes.
It features 100% auto provisioning, Helpdesk Delegation, Connectors to more than 130 systems/applications, Workflow Management, Self Service and many other benefits. Click on the link for more information onUMRA.
Example 1 – To list all the OUs in your domain
How many Organizational Units are there in your domain? Let us get a listing of all OUs with this command.
dsquery ou dc=cp,dc=com
or
dsquery ou domainroot
Learning Points
Note 1: dc means domain context, not domain controller.
Note 2: The dc commands are not case sensitive, but they dislike spaces.
dc=cp, dc=com will draw an error.
Note 3: If you haven’t got any OUs (Organizational Units), I seriously suggest that you create some to organize your users.
Note 4: Best of all, in this scenario, you can substitute domainroot for dc=cp.
Example 2 – To find all users in the default Users folder
In this example we just want to trawl the users folder and find out who is in that container.
dsquery user cn=users,dc=cp,dc=com
Learning Points
Note 1: The default users’ folder is actually a container object called cn=users. My point is if you try ou=users, the command fails.
Note 2: I queried users, however dsquery requires the singular user, not userS. Other objects that you can query are computer (not computers!), group or even contact.
Challenge 1: Substitute OU=xyz for cn=users, where xyz is the name of your OU. Unfortunately, cn=users domainroot does not work.
Challenge 2: Substitute computer for user
Guy Recommends SolarWinds’ Free Network Monitor
Thus utility makes it easy to check the health of a router or firewall. Check the real-time performance, and availability statistics, for any device on your network. Get started with an extensive collection of "out-of-the-box" monitors for popular network devices. Give Network Monitor a whirl – it’s free. Download your free Network Device Monitor
If you need more comprehensive network analysis software:
Download a free trial of NPM (Network Performance Monitor)
Example 3 – To list all your Domain Controllers
Suppose you want to list all of your domain controllers, (not computers). Which command do you think would supply the information?
dsquery server
dsquery server domainroot
dsquery server dc=cp,dc=com
Learning Points
Note 1: Amazingly, dsquery server The simplest command get the job done.
Note 2: I thank Kevin K for pointing out that this command is the singular server (not the plural servers).
Example 4 – To query the FSMO roles of your Domain Controllers
Here is a wonderful command to find the FSMO roles (Flexible Single Master Roles) -hasfsmo. The arguments, which correspond to the 5 roles are: schema, rid, name, infr and pdc.
dsquery servers -hasfsmo schema
Learning Points
Note 1: The command is -hasfsmo not ?hasfsmo as in some documents.
Guy Recommends: Tools4ever’s UMRA
Tired of writing scripts? The User Management Resource Administrator solution by Tools4ever offers an alternative to time-consuming manual processes.
It features 100% auto provisioning, Helpdesk Delegation, Connectors to more than 130 systems/applications, Workflow Management, Self Service and many other benefits. Click on the link for more information onUMRA.
Example 5 – To find all users whose name begins with smith*
This example shows two ways to filter your output and so home in on what you are looking for. Let us pretend that we know the user’s name but have no idea which OU they are to be found. Moreover, we are not sure whether their name is spelt Smith, Smithy or Smithye.
dsquery user domainroot -name smith*
or
dsquery user dc=cp,dc=com -name smith*
or plain
dsquery user -name smith*
Learning Points
Note 1: Remember to type the singular user.
Note 2: Probably no need to introduce *, you probably realize it’s a wildcard.
Note 3: -name is but one of a family of filters. -desc or -disabled are others.
Example 6 – To filter the output with -o rdn
The purpose of -o rdn is to reduce the output to just the relative distinguished name. In a nutshell rdn strips away the OU=, DC= part which you may not be interested in.
dsquery user -name smith* -o rdn
Learning Points
Note 1: o is the letter oh (not a number). In my minds eye o stands for output.
Note 2: There is a switch -o dn, but this is not a switch I use.
Summary – DSQuery
Knowledge is power. The DS family in general and DSQuery in particular are handy commands for interrogating Active Directory from the command line. Perhaps the day will come when you need to find a user, computer or group without calling for the Active Users and Computers GUI.
