Finding things in Active Directory using the command line

Posted in microsoft
0 comments

Find computers and their description from the AD

dsquery * -filter “(&(objectClass=Computer)(objectCategory=Computer))” “%rootDN%” -attr cn description

Use LDP to search for tombstoned objects in AD

Base DN: CN=Deleted Objects,%domainRoot%, Filter: (isDeleted=*), Extended Search, Add control: 1.2.840.113556.1.4.417

Show all replicated attributes in the AD Schema

dsquery * cn=schema,cn=configuration,DC=forestRootDomain -filter “(&(objectClass=attributeSchema)(objectCategory=attributeSchema)(!systemFlags:1.2.840.113556.1.4.803:=1))” -limit 0

Show an AD schema attribute

dsquery * cn=pwd-last-set,cn=schema,cn=configuration,DC=forestRootDomain

Find a list of CNs in the directory and return their homeDirectory

for /f %i in (Users.txt) do @for /f “tokens=*” %m in (’”dsquery user -name %i”‘) do @for /f %p in (’”dsquery * %m -attr homeDirectory -l | find /i “\\” & if errorlevel 1 Echo NoHomeDirectory”‘) do @echo %i,%m,%p

Identify the DN of an Active Directory group

dsquery group -name %GroupName%

Find the current group scope of a security group

dsget group %GroupDN% -scope -secgrp

Find all user accounts with a UPN, and count the DNs returned

dsquery * domainroot -filter “&(objectclass=user)(objectcategory=person)(userprincipalname=*)” -s %server% | find /i /c “user”

Find all user accounts without a UPN, and count the DNs returned

dsquery * domainroot -filter “&(objectclass=user)(objectcategory=person)(!(userprincipalname=*))” -s %server% | find /i /c “user”

Determine whether an attribute is replicated in AD through bitwise AND

dsquery * cn=%AttributeName%,cn=schema,cn=configuration,dc=forestRootDomain -filter “!(&(systemFlags:1.2.840.113556.1.4.803:=1))”

Query for the display specifiers in the AD user class

dsquery * “CN=user-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,%forestrootDomain%” -attr *

Query a user from AD using WMI

wmic /node:”%DC%” /namespace:\\root\directory\LDAP path ds_user where “ds_cn=’%username%’” GET ds_displayName,DS_UserPrincipalName,ds_cn,ds_name,ds_whenCreated

Return the DN of a list of users

for /f %i in (%users.txt%) do @dsquery user -name %i

These were all useful to me. I found them, and more, here.

Posted by admica   @   17 March 2009
0 comments

Related Posts

Post thumbnail of AdFind - Command line Active Directory query tool for regular users
AdFind - Command line Active Directory query tool for regular users
Post thumbnail of How to Create samba users and Verify they can connect
How to Create samba users and Verify they can connect
Post thumbnail of Edit hosts file on Windows 7
Edit hosts file on Windows 7
Post thumbnail of Why Battlefield 3 won’t run on Windows XP
Why Battlefield 3 won’t run on Windows XP
Post thumbnail of Get the hostname of a system in python
Get the hostname of a system in python
Post thumbnail of Portable Python - preconfigured portable programming environment
Portable Python - preconfigured portable programming environment
Post thumbnail of Tips for using Win32 Device Namespaces in APIs
Tips for using Win32 Device Namespaces in APIs
Post thumbnail of Simple directory treeview from the command line
Simple directory treeview from the command line
Post thumbnail of Automatically uncheck everything during any Installation
Automatically uncheck everything during any Installation

Like this post? Share it!

Digg Twitter StumbleUpon Delicious Technorati Facebook RSS

0 Comments
Add Comment

No comments yet. Be the first to leave a comment !
Leave a Comment

Name

Email

Website

Previous Post
« md5sums for batch files and directories as a tripwire Next Post
Basic networking from the command line: ifconfig, eth0, wifi0, routes »
Login



Recent Comments
  • Loading...
Powered by Wordpress   |   Lunated designed by ZenVerse