Site Meter Microsoft Talk » Blog Archive » More Essential Tools for Active Directory

More Essential Tools for Active Directory

by Alpesh Nakar

microsoft_logo2 Dsget and Dsquery

The ds* command-line toolset also includes two tools used to query Active Directory for information rather than for creating or modifying objects.

Dsget takes an object’s DN as input and provides you with the value of the attribute or attributes you specify. Dsget uses the same submenus as dsadd and dsmod—user, computer, contact, group, ou, and quota.

To obtain the SAM Account Name and Security Identifier (SID) of a user account, enter the following command (note that the following is all on one line):

dsget user cn=afuller,ou=IT,dc=contoso,dc=com
    –samAccountName –sid

You’ll get output such as that in Figure 3.

Figure 3 Running dsget

Figure 3 Running dsget (Click the image for a smaller view)

Figure 3 Running dsget

Figure 3 Running dsget (Click the image for a larger view)

Dsquery returns a list of Active Directory objects that meet criteria you specify. You can specify the following parameters no matter which submenu you’re using:

dsquery <ObjectType> <StartNode> -s <Search Scope> -o <OutputFormat>

For ObjectType, dsquery can use the following submenus, each of which has its own syntax: computer, contact, subnet, group, ou, site, server (note that the server submenu retrieves information about domain controllers, not any member servers in your environment), user, quota, and partition. And if one of these query types doesn’t fit the bill, you can use the * submenu, which lets you enter a free-form LDAP query.

StartNode specifies the location in the Active Directory tree where the search will start. You can use a specific DN such as ou=IT,dc=contoso,dc=com, or one of the following shortcut specifiers: domainroot, which begins at the root of a particular domain, or forestroot, which begins at the root of the forest root domain using a Global Catalog server to perform the search.

Finally, the Search Scope option specifies how dsquery should search the Active Directory tree. Subtree (the default) queries the specified StartNode and all of its child objects, onelevel queries only the immediate children of the StartNode, and base queries the StartNode object only.

To better understand search scopes, consider an OU that contains both user objects and a child OU that itself contains additional objects. Using the subtree scope will query the OU, all of the user objects contained within it, and the child OU and its contents. The onelevel scope will query only the users contained within the OU and will not query the child OU or its contents. A base query will search only the OU itself without querying any of the objects contained within it.

Finally, you can use Output Format to control how the results of dsquery are formatted. By default, dsquery returns the distinguished names of any objects that match the query, like this:

"cn=afuller,ou=Training,dc=contoso,dc=com"
"cn=rking,ou=ITTraining,ou=Training,dc=contoso,dc=com"

To query for all user objects contained within the IT OU and any child OUs, use the following:

dsquery user ou=IT,dc=contoso,dc=com

You can further refine this query by adding additional switches such as -disabled, which returns only disabled user accounts; -inactive x, which returns only users who haven’t logged on in the past x weeks or more; or -stalepwd x, which will return only users who have not changed their passwords in x days or more.

Depending on the number of objects in your directory, you may need to specify the -limit x switch when running your query. By default, dsquery will return up to 100 objects that match the specifics of your query; you can specify a larger number such as -limit 500, or use -limit 0 to instruct dsquery to return all matching objects.

You can use the other submenus to perform useful queries for other object types as well. Consider the following query, which returns every subnet defined in Active Directory Sites and Services that’s in the 10.1.x.x address space:

dsquery subnet –name 10.1.*

Or use the following to return every subnet located in the Corp site:

dsquery subnet –site Corp

With another submenu, you can quickly determine how many domain controllers in your forest are configured as Global Catalog servers:

dsquery server –forest –isgc

You can also use this syntax to help you determine which domain controller in your domain hosts the Primary Domain Controller (PDC) Emulator Flexible Single Master Operations (FSMO) role:

dsquery server –hasfsmo pdc

As with the other ds* commands that include submenus, you can view all of the switches available within a particular dsquery submenu by going to the command prompt and typing dsquery user /?, dsquery computer /?, dsquery subnet /?, and so forth.

An additional slick trick is to pipe the output of dsquery into another tool such as dsmod using the | character (shift-backslash on U.S. keyboards). For example, let’s say your company has renamed a department from Training to Internal Development and now you have to update the description field of each relevant user from the old department name to the new. On a single command line, you can query for user objects that have a description field of Training and then modify that description field in bulk, as follows:

dsquery user –description "Training" | dsmod
    -description "Internal Development"
Recommended Download: Microsoft Outlook Connector | HowTo: An interactive guide for Office 2007

Posted in Server on November 16th, 2007

Link to this Entry

Recent Posts

Related Posts

Leave a Reply


About Microsoft Talk

This blog is for you all Microsoft enthusiasts out there. Somehow we happen to use Microsoft directly or indirectly. Microsoft revolutised what we call IT today. We are connected with Microsoft in some or the other way. Depending on which side of the fence you are on, you take note, Microsoft is everywhere. If you use non-MS products, your ISP, your web-host, yours truly - somebody somewhere is using Microsoft or is a spin off as a result of something that Microsoft had to offer then. Invariable, we do end end up using Microsoft Technologies. What do you think?

With MSTALKONLINE, you will come to experience Microsoft Technologies, that you experience day to day. In the weeks to come, I will focus on latest and greatest happenings in the land of Microsoft and your comments and suggestions will be one of the driving factors

Microsoft Talk Author(s)
    » Alpesh-Nakar

NAVIGATE

LINKS

CATEGORIES

TOP COMMENTERS

RECENT COMMENTS

SUBSCRIBE

ARCHIVES

Blogging Flair

 

Technology Channel Posts

  • And We’re Back!
    Hi everyone! Phew! We are back in action (as you can see). Did you miss me? I missed you! Group hug! Too much? Okay. I’ll behave. I am very glad to be back in action and posting here on [...]
  • Sometimes Old Is New (to You)
    While looking for something else, I came upon an older article about a copy of a well respected subwoofer by Hsu Research. The project is very straightforward, using sound building techniques, and [...]
  • Technical Difficulties
    Hello everyone. As you likely already know, many of the sites on the 451press network are down and have been down for some time (what seems like forever!). I would like to apologize on behalf [...]
  • ATi Brings Back A Winner
    For the last couple of years, there has been a huge hole in the video card market. It was 2006 when the last ATi All-in-Wonder was produced, and nVidia had discontinued their similar offering before [...]
  • The Search for Truth… (continued)
    On the other side are aligned a much smaller number of scientists, some dedicated amateurs, very little money (the grants get taken away as soon as it’s clear the research is leading away from AGW) [...]
  • Introduction to Forums – A Warning
    While getting on to a forum and posting (especially for the first time) can be a lot of fun and exhilarating, there is a sobering note that comes along with joining forums (and with communicating [...]
  • Home Theater On The Cheap Rides Again
    Now and then, a choice comes up which makes sense right away, yet allows expansion capability and growth potential. It is not often that a Home Theater in a Box will be acceptable to any serious [...]
  • The Search for Truth…
    In Using the Net and Finding the Truth I used the search for information about Anthropogenetic Global Warming (AGW – Human-caused Global Warming) to talk about Internet use. Here is an example [...]
  • From Time Window to Time Portal
    DCM Time Windows were one of the speakers that defined the ‘cheapskate’ high end of the late ‘70s. Looking at the speaker was anything but awe inspiring. It was a small two-way tower, with [...]
  • Introducing Mr. JM
    I pretty much grew up with computers as part of my life. I had them at school and used typing, games, etc programs. I remember using dot matrix printers and planning the most basic version of [...]

 

Hot Off The Press

  • Weekly Forecast: View To A Kill
    (Hint: Play song and read at the same time!) Mystery, intrigue and dances in the fire, or a least a little snarkiness, are the keynotes of this dramatic week as the planet of secrets, Pluto, [...]
  • Some Summer Music Pics from Five Magazine
    That's this SUNDAY in TAOS....go camping too. Brave Combo Nearly thirty years ago, someone classifi ed Denton, Texas’ Brave Combo as a new wave polka band, which they are. Th ey even won [...]
  • So You Think You Can Dance - Will B. Wingfield
    So, let me get this party started this season.  I've been watching half-heartedly until tonight, but tonight, some of these guys really got my attention tonight.  And, at the ripe age of [...]
  • July Book Blowout
    I can’t quite remember how I found it, but Mrs. S at Blue Archipelago is hosting a reading challenge for the month of July and I have decided to take part. Usually I’m a bit wary of joining [...]
  • Kids Learn Space Science with the Zula Patrol
    Yesterday I watched the Zula Patrol premiere as part of the qubo block on ION. Besides the kind of annoying theme song at the beginning I found this to be a pretty good educational cartoon for [...]
  • News from Five Magazine
    At last! Let's see how far I get. www.readfive.comThis summer in Taos Joan Armitrading will perform. Here an interview by Bill Nevins with Joan A. “Under the surface there was always a [...]
  • Idol Teachers
    I just watched a video clip. It was from the pilot episode of a potential new sitcom called Teachers. The pilot seems to revolve around the life of a young, fresh-faced teacher named Tim Donnely, [...]
  • Love Question Nine
    Woo hoo! I’m glad to be back and doing the Love Questions meme from Short Sweet Love Poems. I do enjoy the questions and reading the thoughts of others. This week we have a very interesting, [...]
  • Fruits of the Spirit: Be kind to each other
    But the fruit of the Spirit is love, joy, peace, patience, kindness, goodness, faithfulness, gentleness and self-control. Against such things there is no law. Galatians 5:22-23 Kindness is [...]
  • Happy Day After the 4th!
    I'm sorry I didn't post yesterday Jolie-Pitt fans. One weekend a month we have an 8 year old girl for respite, and things kind of go a bit haywire when that happens. Going from a 2 children home to a [...]