Полезное‎ > ‎CMD‎ > ‎dsquery‎ > ‎

dsquery ldap

DSQuery *

Find objects in the directory using a Lightweight Directory Access Protocol (LDAP) query.

      DSQuery *  [{StartNode | forestroot | domainroot}] [-scope {subtree | onelevel | base}]
			        [-filter LDAPFilter] [-attr {AttributeList | *}] [-attrsonly] [-l]
				       [{-s Server | -d Domain}] [-u UserName] [-p {Password | *}]
			              [-q] [-r] [-gc] [-limit NumberOfObjects]  [{-uc | -uco | -uci}]
   StartNode | forestroot | domainroot  The node in the console tree where the search starts.
                                        forestroot = search using the global catalog.
   -scope   The scope of the search:
               subtree  = subtree that is rooted at the start node in the console tree.
               onelevel = immediate children of the start node only.
               base     = single object that the start node represents.
            If forestroot is the StartNode, then subtree is the only valid scope.
   -filter  Apply an explicit LDAP search filter  e.g. (&(objectCategory=Person)(sn=smith*))
            Default = (objectClass=*)
   -attr    Select the Attributes to display - semicolon separated LDAP display names.
            ( -attr * will display all the attributes in a list.)
            Default = DN.
 -attrsonly Display only attribute types, not their values. Default=display both.
   -l       Display entries in a list instead of a table.
   -s       Server to connect to (Default=the domain controller in the logon domain.)
   -d       Domain to connect to.
   -u       Username with which the user logs on to a remote server. 
   -p       Password     (UserName or Domain\UserName or Username@domain.com)
   -q       Quiet, suppress all output
   -r       Recursive search (follow referrals)
   -gc      Use the AD global catalog during the search.
   -limit   The maximum number of objects to return, default=100.
   -uc      Unicode format
   -uco     Unicode format for output only
   -uci     Unicode format for input only

DS* commands are available on networked machines with the server role A.D. Domain Services installed, Domain Controllers (or for XP users: XP Professional).


Display all the attributes of an object given its distinguished name:

C:\> dsquery * OU=Demo,DC=ss64,DC=Com -scope base -attr *

Display the SAM account name of an object given its distinguished name:

C:\> dsquery * OU=Demo,DC=ss64,DC=Com -scope base -attr sAMAccountName

“Some say Lady Gaga is a lie. And they are right, I am a lie and everyday I kill to make it true” - Lady Gaga

Related commands:

DSAdd - Add object
DSMod - Modify object
DSGet - Display object 
DSMove - Move object
DSQuery - Search for objects 
DSRM - Delete object
CSVDE - Import or export AD info in CSV format.
LDIFDE - Edit AD Objects, extend schema, import or export AD information.