لطفا منتظر باشید ...
Publisher| dsget | new in WS2003 |
properties of objects in Active Directory.
Syntax
dsget command switches [{-s Server|-d Domain}] [-u UserName]
[-p {Password|*}] [-q] [-c] [-l] [-desc]Options
- command
Any dsget command (see below).- switches
Various switches that go with each command (see below)- {-s Server | -d Domain}
Connect to a specified server or domain to run the command (if
omitted, defaults to domain controller in logon domain).- [-u UserName] [-p {Password | *}]
Credentials for running the command. Specify
UserName as
domain\user or
user@domain. If -p *,
prompts for password.- -q
Runs in quiet mode to suppress standard output of command.- -c
Reports errors and then continues with next object in argument list
if multiple objects are specified; otherwise exits upon error.- -l
Displays output in list format instead of the default table format.- -desc
Displays the description for the object.
Commands
Here is a list of supported dsget commands
together with a brief description of their syntax (only the most
commonly used switches are described):
- dsget computer ComputerDN... [-dn] [-samid] [-sid] [-disabled] [-part PartitionDN [-qlimit] [-qused]]
Displays properties of one or more computer accounts identifed by
their distinguished names. Options include:- -dn
Displays the distinguished name of each computer- -samid
Displays the SAM account name of each computer- -sid
Displays the SID of each computer- -disabled
Displays whether computer account is enabled (yes) or disabled (no)- -part PartitionDN [-qlimit] [-qused]
Displays the configured and used quota values for the computer
account in Active Directory
- dsget computer ComputerDN [-memberof [-expand]]
This variation of dsget computer displays which
groups the specified computer belongs to. The
-expand switch recursively expands the list of
groups to which the computer belongs.- dsget contact ContactDN... dn] [-fn] [-ln] [-email] ...
Displays first name, last name, email address, and other info about
one or more contacts identified by their distinguished names.- dsget group GroupDN... [-dn] [-secgrp] [-scope] [-samid] [-sid] [-part PartitionDN [-qlimit] [-qused]]
Displays properties of one or more groups identified by their
distinguished names. See dsadd group earlier in
this chapter for info about -secgrp and
-scope options.- dsget group GroupDN [-memberof [-expand]]
This variation of dsget group displays which
groups the specified group belongs to. The -expand
switch recursively expands the list of groups to which the group
belongs.- dsget ou OrganizationalUnitDN... [-dn]
Displays properties of one or more organizational units specified by
their distinguished names.- dsget partition ObjectDN... [-dn] [-qdefault] [-qtmbstnwt] [-topobjowner N]
Displays properties of the specified partition object and their
default quota and tombstone object count.- dsget quota ObjectDN [-dn] [-acct] [-qlimit]
Displays the properties of a quota specification defined in Active
Directory. Here ObjectDN is the distinguished name
of the quota object being viewed, -acct displays
the DN of the accounts to which the quotas are assigned, and
-qlimit the quota limits for the specified quotas.- dsget server ServerDN... [-dn] [-dnsname] [-site] [-isgc]
Displays properties of one or more domain controllers specified by
their distinguished names. Options here include:- -dnsname
Displays the DNS names of the servers- -site
Displays the sites to which the servers belong- -isgc
Indicates whether the server is a global catalog server (yes) or not
(no)
- dsget server ServerDN -part PartitionDN
This variation of dsget server displays the
distinguished names of the directory partitions on the specified
domain controller.- dsget server ServerDN -topobjowner N
This variation of dsget server lists the
N security principals that own the
greatest number of directory ojects on the specified domain
controller.- dsget site SiteDN... [-dn] [-autotopology] [-cachegroups] [-prefGCsite]
Displays properties of one or more sites specified by their
distinguished names. The options here are:- -autotopology
Indicates whether automatic intersite topology generation is enabled
(yes) or not (no)- -cachegroups
Indicates whether caching of universal group memberships is enabled
(yes) or not (no)- -prefGCsite
Displays the preferred global catalog site used for refreshing
universal group membership caching for domain controllers in this
site
- dsget subnet SubnetDN [-dn] [-site]
Displays properties of one or more subnets specified by their
distinguished names.- dsget user UserDN... [-dn] [-samid] [-sid] [-upn] [-fn] [-ln] [-display] [-pwd] [-tel] [-email] [-title] [-company] [-hmdir] [-profile] [-pwdneverexpires] ...
Displays the properties of one or more user accounts specified by
their distinguished names. See dsadd user earlier
in this chapter for information on some of the switches here.- dsget user UserDN [-memberof] [-expand]
This variation of dsget user displays which groups
the specified user belongs to. The -expand switch
recursively expands the list of groups to which the user belongs.
Examples
Display the SAM account name and SID number of the computer named
DESK155 located in the Sales OU of the
mtit.local domain:
dsget computer CN=DESK155,OU=Sales,DC=mtit,DC=local -samid -sid
samid sid
DESK155$ S-1-5-21-3989638602-2554627321-2483607968-1111
dsget succeeded
Use dsget in interactive mode to display the
account status (enabled or disabled) for three computers in the Sales
OU:
dsget computer -disabled
CN=DESK155,OU=Sales,DC=mtit,DC=local
CN=DESK156,OU=Sales,DC=mtit,DC=local
CN=DESK157,OU=Sales,DC=mtit,DC=local
^Z
disabled
no
no
yes
dsget succeeded
Display selected properties of Human Resources group in list format:
dsget group "CN=Human Resources,OU=Sales,DC=mtit,
DC=local" -dn -secgrp -scope -samid -sid -l
dn: CN=Human Resources,OU=Sales,DC=mtit,DC=local
samid: Human Resources
sid: S-1-5-21-3989638602-2554627321-2483607968-1112
scope: domain local
secgrp: yes
dsget succeeded
Display properties of user Bob Jones in the Sales department:
dsget user CN=bjones,OU=Sales,DC=mtit,DC=local -samid -sid -upn -l
samid: bjones
sid: S-1-5-21-3989638602-2554627321-2483607968-1114
upn: bjones@mtit.local
dsget succeeded
Display the groups to which Bob belongs:
dsget user CN=bjones,OU=Sales,DC=mtit,DC=local -memberof
"CN=Human Resources,OU=Sales,DC=mtit,DC=local"
"CN=Domain Users,CN=Users,DC=mtit,DC=local"
List the properties of a domain controller named ESRV210D located in
Default-First-Site, in particular its DNS name and whether it is a
global catalog server or not:
dsget server CN=ESRV210D,CN=Servers,CN=Default-FirstSite,
CN=Sites,CN=Configuration, DC=mtit,DC=local -dnsname -isgc -l
dnsname: esrv210d.mtit.local
isgc: yes
dsget succeeded
Note that here the distinguished name involved the location of the
domain controller in the Configuration container.
See Also
Active Directory , dsadd,
dsmod, dsmove,
dsquery, dsrm,
Groups , Users
