DSQuery computer (installable option via RSAT /AD DS)

Search for computers in active directory.

Syntax
      DSQuery Computer [{StartNode | forestroot | domainroot}]
         [-o {dn | rdn | samid}]  [-scope {subtree | onelevel | base}]
            [-name Name] [-desc Description] [-samid SAMName] [-inactive NumberOfWeeks]
               [-stalepwd NumberOfDays] [-disabled] 
                  [{-s Server | -d Domain}] [-u UserName] [-p {Password | *}]
                     [-q] [-r] [-gc] [-limit NumberOfObjects] [{-uc | -uco | -uci}]

Key
   StartNode | forestroot | domainroot  The node in the console tree where the search starts.
                                        forestroot = search using the global catalog. 

   -o           The format used to display the search results.
                dn = distinguished name. 
                rdn = relative distinguished name.
                samid = Security Accounts Manager (SAM) account name.

   -scope       The scope of the search:
                subtree = subtree that is rooted at the start node in the console tree.
                onelevel = immediate children of the start node only.
                base = single object that the start node represents.
                If forestroot is the StartNode, then subtree is the only valid scope. 

   -name        Search for computer(s) whose name attribute(CN) matches Name.
                For example, "br*"

   -desc        Search for computer(s) whose description matches. For example, "dell*"

   -samid       Search for computer(s) whose SAM account names match SAMName

   -inactive    Search for computer(s) that have been inactive for N number of weeks.

   -stalepwd    Search for computer(s) whose passwords have not changed for n number of days.

   -disabled    Search for computer(s) whose accounts are disabled.

   -s       Server to connect to (Default=the domain controller in the logon domain.)
   -d       Domain to connect to.

   -u       Username with which the user logs on to a remote server. 
   -p       Password     (UserName or Domain\UserName or Username@domain.com)

   -q       Quiet, suppress all output.
   -r       Recursive search (follow referrals).
   -gc      Use the AD global catalog during the search.
   -limit   The maximum number of objects to return, default=100.

   -uc      Unicode format.
   -uco     Unicode format for output only.
   -uci     Unicode format for input only.

Examples

Find all computers on the current domain with a name that starts with "wks":

C:\> dsquery computer -name wks* -desc desktop*

Find all computers in the Aberdeen OU:

C:\> dsquery computer ou=Aberdeen,ou=Workstations,dc=ss64,dc=com

List the first 500 inactive computer accounts (more than 52 weeks inactive):

C:\> dsquery computer -inactive 52 -limit 500

Disable all inactive computer accounts (more than 52 weeks inactive):

C:\> dsquery computer -inactive 52 | dsmod computer -disabled yes

Delete all inactive computer accounts (more than 52 weeks inactive):

C:\> dsquery computer -inactive 52 | dsrm -noprompt

“The best weapon against an enemy is another enemy" ~ Friedrich Nietzsche

Related commands

DSQuery Server - Search for server.
DSAdd - Add object.
DSMod - Modify object.
DSGet - Display object.
DSMove - Move object.
DSQuery - Search for objects.
DSRM - Delete object.
PowerShell: Get-adComputer - Get one or more AD computers.


 
Copyright © 1999-2024 SS64.com
Some rights reserved