DSQuery

DSQUERY

DSQUERY has ten sub command where each one is predefined for a particular type of object.

dsquery computer - finds computers in the directory.
dsquery contact - finds contacts in the directory.
dsquery subnet - finds subnets in the directory.
dsquery group - finds groups in the directory.
dsquery ou - finds organizational units in the directory.
dsquery site - finds sites in the directory.
dsquery server - finds domain controllers in the directory.
dsquery user - finds users in the directory.
dsquery quota - finds quota specifications in the directory.
dsquery partition - finds partitions in the directory.

Also, we can use star where all type of objects will be included in the result.

dsquery * - finds any object in the directory by using a generic LDAP query.

There are few switches which is common on the entire dsquery. So I will explain about them first.

{ forestroot domainroot}

The node where the search will start: forest root, domain root, or a node whose DN is .
It can be “forestroot”, “domainroot” or an object DN. If “forestroot” is specified, the search is done via the global catalog. Default: domainroot.

Example:
E:\Documents and Settings\Administrator>dsquery computer “OU=Domain Controllers,DC=a,DC=com” -name *

“CN=TEST,OU=Domain Controllers,DC=a,DC=com”
“CN=DC2,OU=Domain Controllers,DC=a,DC=com”

If I explicitly mention the start node, it will start doing the query from that point. If we opt for “forestroot”, it will query the GC. This is required when we are querying for the objects from other domain. If we are not mentioning anything, by default “domainroot” will be used.

{-s -d }

-s connects to the domain controller (DC) with name .
-d connects to a DC in domain .
Default: a DC in the logon domain.

-u

Connect as . Default: the logged in user. User name can be: user name, domain\user name, or user principal name (UPN).

-p

Password for the user . If * then prompt for password.

Example:
E:\Documents and Settings\Administrator>dsquery user -name a* -s test.a.com -u administrator -p *
Enter Password:

“CN=Administrator,CN=Users,DC=a,DC=com”
“CN=as,CN=Users,DC=a,DC=com”

We can use -d instead of -s, so that it will connect any of the available domain controller. While -s will directly route the query to that particular server.

-u and -p are optional as by default, the query will use the credentials of the currently logged in user who initiates the query. This is required when the currently logged in user doesn’t have a minimum of read access on the database, we need to use an alternate account who has sufficient privilege.

-limit

Specifies the number of objects matching the given criteria to be returned, where is the number of objects to be returned. If the value of is 0, all matching objects are returned. If this parameter is not specified, by default the first100 results are displayed.

Example:
E:\Documents and Settings\Administrator>dsquery * -limit 10
“DC=a,DC=com”
“CN=Users,DC=a,DC=com”
“CN=Computers,DC=a,DC=com”
“OU=Domain Controllers,DC=a,DC=com”
“CN=System,DC=a,DC=com”
“CN=LostAndFound,DC=a,DC=com”
“CN=Infrastructure,DC=a,DC=com”
“CN=ForeignSecurityPrincipals,DC=a,DC=com”
“CN=Program Data,DC=a,DC=com”
“CN=Microsoft,CN=Program Data,DC=a,DC=com”

Dsquery has reached the specified limit on number of results to display; use a different value for the -limit option to display more results.

Courtesy: insideactivedirectory.com