| dsquery | new in WS2003 |
Search for a specific type of object within Active Directory.
dsquery command switches [{-s Server|-d Domain}] [-u UserName]
[-p {Password|*}] [-desc Description] [-q] [-r] [-gc] [-limit N]
command
Any dsquery command (see below)
switches
Various switches that go with each command (see below)
{-s Server | -d Domain}
Connects to a specified server or domain to run the command (if omitted, defaults to domain controller in logon domain).
[-u UserName] [-p {Password | *}]
Credentials for running the command. Specify UserName as domain\user or user@domain. If -p *, prompts for password.
-desc Description
Description for the object.
-q
Runs in quiet mode to suppress standard output of command.
-r
Performs recursive search or follows referrals during search.
-gc
Performs the search using the global catalog.
-limit N
Number of results to be returned (default is 1000).
Here is a list of supported dsquery commands together with a brief description of their syntax (only the most commonly used switches are described).
dsquery computer [{StartNode | forestroot | domainroot}] [-o {dn | rdn | samid}] [-scope {subtree | onelevel | base}] [-name Name] [-samid SAMName] [-inactive Weeks] [-stalepwd Days] [-disabled]
Searches for computers within Active Directory. The switches here are:
{StartNode | forestroot | domainroot}
Where to begin the search (default is domainroot)
-o {dn | rdn | samid}
Output search results by distinguished name, relative distinguished name, or SAM account name of each object
-scope {subtree | onelevel | base}
Scope of search to be entire subtree of start node, immediate children of start node, or start node only
-name Name
Searches for computers with specified name (wildcards supported)
-samid SAMName
Searches for computer accounts with specified SAM account name
-inactive Weeks
Searches for computer accounts that have been stale (inactive) for a certain number of weeks
-stalepwd Days
Searches for computers whose password has not been modified for a certain number of weeks
-disabled
Searches for disabled computer accounts
dsquery contact [{StartNode | forestroot | domainroot}] [-o {dn | rdn}] [-scope {subtree | onelevel | base}] [-name Name]
Searches for contacts within Active Directory. See dsquery computer earlier in this list for an explanation of switches.
dsquery group [{StartNode | forestroot | domainroot}] [-o {dn | rdn | samid}] [-scope {subtree | onelevel | base}] [-name Name] [-samid SAMName]
Searches for groups within Active Directory. See dsquery computer earlier in this list for an explanation of switches.
dsquery ou [{StartNode | forestroot | domainroot}] [-o {dn | rdn}] [-scope {subtree | onelevel | base}] [-name Name]
Searches for organizational units within Active Directory. See dsquery computer earlier in this list for an explanation of switches.
dsquery partition [-o {dn | rdn}] [-part PartitionCN]
Searches for partitions matching the common name PartitionCN.
dsquery quota [{domainroot | ObjectDN}] [-o {dn | rdn}] [-acct Name] [-qlimit Filter]
Searches for quota specifications within Active Directory. The switches here are:
domainroot | ObjectDN
Specifies the starting point for the search, either the root of the domain or the distinguished name of a specified container
-o {dn | rdn | samid}
Output search results by distinguished name, relative distinguished name, or SAM account name of each object
-acct Name
The security principal to which the quota specifications queried are assigned
-qlimit Filter
Searches for quota specifications matching the filter condition, for example, "=100" or "<=75" percent
dsquery server [-forest] [-domain DomainName] [-site SiteName] [-o {dn | rdn}] [-name Name] [-hasfsmo {schema | name | infr | pdc | rid}] [-isgc]
Searches for domain controllers within Active Directory. See dsquery computer earlier in this list for an explanation of some switches. Other switches include:
-forest
Searches for domain controllers in the forest
-domain DomainName
Searches for domain controllers in the specified domain
-site SiteName
Searches for domain controllers in the specified site
-hasfsmo {schema | name | infr | pdc | rid}
Searches for domain controllers with a specific FSMO role assigned
-isgc
Searches for domain controllers that are global catalog servers
dsquery site [-o {dn | rdn}] [-name Name]
Searches for sites within Active Directory. See dsquery computer earlier in this list for an explanation of switches.
dsquery user [{StartNode | forestroot | domainroot}] [-o {dn | rdn | samid | upn}] [-scope {subtree | onelevel | base}] [-name Name] [-upn UserPrincipalName] [-samid SAMName] [-inactive Weeks] [-stalepwd Days] [-disabled]
Searches for user accounts within Active Directory. See dsquery computer earlier in this list for an explanation of these switches.
dsquery * [{StartNode | forestroot | domainroot}] [-scope {subtree | onelevel | base}] [-filter LDAPFilter] [-attr {AttributeList | *}] [-attrsonly] [-l]
Searches for objects in Active Directory by using an LDAP query.
Search for all computer accounts in the forest:
dsquery computer forestroot -o dn "CN=ESRV210D,OU=Sales,DC=mtit,DC=local" "CN=ESRV230D,CN=Computers,DC=mtit,DC=local" "CN=DESK155,OU=Sales,DC=mtit,DC=local" "CN=DESK156,OU=Sales,DC=mtit,DC=local" "CN=DESK157,OU=Sales,DC=mtit,DC=local"
Restrict search to computers whose name begins with
D and which reside in the Sales OU, displaying results as SAM account names:
dsquery computer OU=Sales,DC=mtit,DC=local -o samid -name d* "DESK155$" "DESK156$" "DESK157$"
Search for the PDC Emulator in the local domain:
dsquery server -hasfsmo pdc "CN=ESRV210D,CN=Servers,CN=Default-First- Site,CN=Sites,CN=Configuration,DC=mtit,DC=local"
Display all partitions in Active Directory:
dsquery partition "DC=TAPI3Directory,DC=mtit,DC=local" "DC=DomainDnsZones,DC=mtit,DC=local" "DC=ForestDnsZones,DC=mtit,DC=local" "CN=Configuration,DC=mtit,DC=local" "DC=mtit,DC=local" "CN=Schema,CN=Configuration,DC=mtit,DC=local"
Active Directory , dsadd, dsget, dsmod, dsmove, dsrm,
Groups ,
Users