dsquery user

DSQuery user

Search for users in active directory.

Syntax DSQuery User [{StartNode | forestroot | domainroot}] [-o {dn | rdn | samid}] [-scope {subtree | onelevel | base}] [-name Name] [-desc Description] [-upn UPN] [-samid Filter] [-inactive NumberOfWeeks] [-stalepwd NumberOfDays] [-disabled] [{-s Server | -d Domain}] [-u UserName] [-p {Password | *}] [-q] [-r] [-gc] [-limit NumberOfObjects] [{-uc | -uco | -uci}] Key StartNode | forestroot | domainroot The node in the console tree where the search starts. forestroot = search using the global catalog. -o The format used to display the search results. dn = distinguished name. rdn = relative distinguished name. samid = Security Accounts Manager (SAM) account name. -scope The scope of the search: subtree = subtree that is rooted at the start node in the console tree. onelevel = immediate children of the start node only. base = single object that the start node represents. If forestroot is the StartNode, then subtree is the only valid scope. -name Search for user(s) whose name attribute(CN) matches Name. For example, "br*" -desc Search for user(s) whose description matches. For example, "contractor*" -upn Users whose UPN attribute matches UPN -samid User(s) whose SAM account name matches SAMName -inactive Users who have been inactive for n number of weeks -stalepwd Users who have not changed their passwords for n days -disabled Users with disabled accounts -s Server to connect to (Default=the domain controller in the logon domain.) -d Domain to connect to. -u Username with which the user logs on to a remote server. -p Password (UserName or Domain\UserName or Username@domain.com) -q Quiet, suppress all output -r Recursive search (follow referrals) -gc Use the AD global catalog during the search. -limit The maximum number of objects to return, default=100. -uc Unicode format -uco Unicode format for output only -uci Unicode format for input only

DS* commands are available on networked machines with the server role A.D. Domain Services installed, Domain Controllers (or for XP users: XP Professional).


Find all users on the current domain with a name that starts with 'Admin'

C:\> dsquery user -name Admin*

Find the distinguished names of all users in the LaptopUsers OU:

C:\> dsquery user ou=LaptopUsers,ou=AcmeCo,dc=ss64,dc=com

“If he is a man of honor in one thing, he is that in all things” - Raymond Chandler

Related commands:

DSAdd - Add object

DSMod - Modify object

DSGet - Display object

DSMove - Move object

DSQuery - Search for objects

DSRM - Delete object

CSVDE - Import or export AD info in CSV format.

LDIFDE - Edit AD Objects, extend schema, import or export AD information.