Saturday 19 January 2013

Active Directory DSQUERY & Miscellenous Commands with Syntax

Post : Active Directory DSQUERY & Miscellenous Commands with Syntax
URL : http://aacable.wordpress.com/2013/01/16/active-directory-dsquery-miscellenous-commands-with-syntax/
Posted : January 16, 2013 at 2:02 PM
Author : Syed Jahanzaib / Pinochio~:)
Tags : dsget
Categories : Uncategorized
Recently We were asked by the Auditors to provide some data of Active Directory for yearly Audit purpose. I already have few scripts that saved a lot of time. I also linked these scripts with the Linux base WEBMIN, so they can be called by nice GUI as showed in the example below.
http://aacable.files.wordpress.com/2013/01/webmin-1.png
.
<How to link Linux base scritps with the webmin> (http://aacable.wordpress.com/2012/04/11/howto-manage-active-directory-using-webminlinux-customized-panel/)
Following are scripts
Show All users in your domain
dsquery * dc=yourdomainname -filter "(&amp;(objectCategory=Person)(objectClass=User))" -limit 0
Show All Users Created Since 1st January, 2012 till date
dsquery * dc=yourdomainname -filter "(&amp;(objectCategory=Person)(objectClass=User)(whenCreated&gt;=20120101000000.0Z))"
Show Users For Specific Period (Jan-2012 till Dec-2012)
e.g: Display Users Created from 1st January 2012 till 31st December 2012 (1 Year) Only.
dsquery * dc=yourdomainname -filter "(&amp;(objectCategory=Person)(objectClass=User)(whenCreated&gt;=20120101000000.0Z-)(whenCreated&lt;=20121231000000.0Z-))"
> = greater then
< = less then
~ = approx
= equals

Miscellaneous commands . . .Show All Users Info (Active/Non Active)
dsquery user -limit 0 | dsget user -dn -disabled
Show Inactive Users Only (Users that haven't logged on since last 2 weeks)
dsquery user "dc=Your_Domain_Name" -inactive 2
Show DISABLED Users Only
dsquery user -disabled | dsget user -display -email -dept -title
Show ACTIVE Users Only
dsquery * -filter "(&(sAMAccountType=805306368)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))" -limit 0 | dsget user -display -email -dept -title
Show Users from Specific Group Only
dsquery group DC=yourdomainname -name "Type Group Name" | dsget group -members |sort |dsget user -display -email -dept -title
Show Only Specific User Details
Net user USERID /domain




















Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)