DSQuery user (installable option via RSAT /AD DS)

Search for users in active directory.

      DSQuery User [{StartNode | forestroot | domainroot}]
         [-o {dn | rdn | samid}]  [-scope {subtree | onelevel | base}]
            [-name Name] [-desc Description]  [-upn UPN] [-samid Filter]
               [-inactive NumberOfWeeks] [-stalepwd NumberOfDays] [-disabled]
                  [{-s Server | -d Domain}] [-u UserName] [-p {Password | *}]
                     [-q] [-r] [-gc] [-limit NumberOfObjects]  [{-uc | -uco | -uci}]

   StartNode | forestroot | domainroot  The node in the console tree where the search starts.
                                        forestroot = search using the global catalog. 

   -o       The format used to display the search results.
              dn = distinguished name. 
              rdn = relative distinguished name.
              samid = Security Accounts Manager (SAM) account name.

   -scope   The scope of the search:
              subtree = subtree that is rooted at the start node in the console tree.
              onelevel = immediate children of the start node only.
              base = single object that the start node represents.
            If forestroot is the StartNode, then subtree is the only valid scope. 

   -name    Search for user(s) whose name attribute(CN) matches Name.
            For example, "br*"

   -desc    Search for user(s) whose description matches. For example, "contractor*"

   -upn     Users whose UPN attribute matches UPN
   -samid   User(s) whose SAM account name matches SAMName

  -inactive Users who have been inactive for n number of weeks.
  -stalepwd Users who have not changed their passwords for n days.
  -disabled Users with disabled accounts.

   -s       Server to connect to (Default=the domain controller in the logon domain.)
   -d       Domain to connect to.

   -u       Username with which the user logs on to a remote server. 
   -p       Password     (UserName or Domain\UserName or Username@domain.com)

   -q       Quiet, suppress all output.
   -r       Recursive search (follow referrals).
   -gc      Use the AD global catalog during the search.
   -limit   The maximum number of objects to return, default=100.

   -uc      Unicode format.
   -uco     Unicode format for output only.
   -uci     Unicode format for input only.


Find all users on the current domain with a name that starts with 'Admin'

C:\> dsquery user -name Admin*

Echo all inactive accounts (more than 4 weeks inactive)

C:\> dsquery user -inactive 4

Disable all inactive accounts (more than 4 weeks inactive)

C:\> dsquery user -inactive 4 | dsmod user -disabled yes

Find the distinguished names of all users in the LaptopUsers OU:

C:\> dsquery user ou=LaptopUsers,ou=AcmeCo,dc=ss64,dc=com

“If he is a man of honor in one thing, he is that in all things” ~ Raymond Chandler

Related commands

DSQuery Group -Search for groups.
DSAdd - Add object.
DSMod - Modify object.
DSGet - Display object.
DSMove - Move object.
DSQuery - Search for objects.
DSRM - Delete object.
PowerShell: Get-adUser - Get one or more AD users.

Copyright © 1999-2024 SS64.com
Some rights reserved