Полезное‎ > ‎CMD‎ > ‎dsquery‎ > ‎

dsquery user

DSQuery user

Search for users in active directory.

      DSQuery User [{StartNode | forestroot | domainroot}]
	   [-o {dn | rdn | samid}]  [-scope {subtree | onelevel | base}]
            [-name Name] [-desc Description]  [-upn UPN] [-samid Filter]
			   [-inactive NumberOfWeeks] [-stalepwd NumberOfDays] [-disabled]
			      [{-s Server | -d Domain}] [-u UserName] [-p {Password | *}]
			      [-q] [-r] [-gc] [-limit NumberOfObjects]  [{-uc | -uco | -uci}]
   StartNode | forestroot | domainroot  The node in the console tree where the search starts.
                                        forestroot = search using the global catalog. 
   -o       The format used to display the search results.
              dn = distinguished name. 
              rdn = relative distinguished name.
              samid = Security Accounts Manager (SAM) account name.
   -scope   The scope of the search:
              subtree = subtree that is rooted at the start node in the console tree.
              onelevel = immediate children of the start node only.
              base = single object that the start node represents.
            If forestroot is the StartNode, then subtree is the only valid scope. 
   -name    Search for user(s) whose name attribute(CN) matches Name.
            For example, "br*"
   -desc    Search for user(s) whose description matches. For example, "contractor*"
   -upn     Users whose UPN attribute matches UPN 
   -samid   User(s) whose SAM account name matches SAMName 
  -inactive Users who have been inactive for n number of weeks
  -stalepwd Users who have not changed their passwords for n days
  -disabled Users with disabled accounts
   -s       Server to connect to (Default=the domain controller in the logon domain.)
   -d       Domain to connect to.
   -u       Username with which the user logs on to a remote server. 
   -p       Password     (UserName or Domain\UserName or Username@domain.com)
   -q       Quiet, suppress all output
   -r       Recursive search (follow referrals)
   -gc      Use the AD global catalog during the search.
   -limit   The maximum number of objects to return, default=100.
   -uc      Unicode format
   -uco     Unicode format for output only
   -uci     Unicode format for input only

DS* commands are available on networked machines with the server role A.D. Domain Services installed, Domain Controllers (or for XP users: XP Professional).


Find all users on the current domain with a name that starts with 'Admin'

C:\> dsquery user -name Admin*

Find the distinguished names of all users in the LaptopUsers OU:

C:\> dsquery user ou=LaptopUsers,ou=AcmeCo,dc=ss64,dc=com

“If he is a man of honor in one thing, he is that in all things” - Raymond Chandler

Related commands:

DSAdd - Add object
DSMod - Modify object
DSGet - Display object 
DSMove - Move object
DSQuery - Search for objects 
DSRM - Delete object
CSVDE - Import or export AD info in CSV format.
LDIFDE - Edit AD Objects, extend schema, import or export AD information.