Dsquery * -filter (msRTCSIP-UserEnabled=TRUE) –limit 0 –attr name samaccountnameQuery Password Last Set (pwdlastset) value
Dsquery * -filter "&(object)(objectCategory=Person)" -limit 0
-attr name pwdlastsetNote: Time can be convered using the w32tm /ntte command.
Search Password Never Expires Settings
Dsquery * -limit 0 “(&(objectCategory=person)(object)
(userAccountControl:1.2.840.113556.1.4.803:=65536))” –attr samaccoutname nameUser accounts with no pwd required
Dsquery * domainroot -filter "(&(objectCategory=Person)(object)
(userAccountControl:1.2.840.113556.1.4.803:=32))"
User accounts that are disabled
Dsquery * domainroot -filter "(&(objectCategory=Person)(object)
(userAccountControl:1.2.840.113556.1.4.803:=2))"
Password Expiring in 30 Daysdsquery * -limit 0 -filter "(&(objectCategory=person)(object)
(userAccountControl:1.2.840.113556.1.4.803:=4194304))" -attr name samaccountnameUser accounts with “Do not require kerberos preauthentication” enabled
Dsquery * -limit 0 “(&(objectCategory=person)(object)
(!userAccountControl:1.2.840.113556.1.4.803:=8388608)
(!userAccountControl:1.2.840.113556.1.4.803:=65536)
(pwdLastSet>=129522420000000000)(pwdLastSet<=129548340000000000))”
–attr samaccountname nameList all Roaming Profile users in Active Directory
Dsquery * -filter "&(object)(objectCategory=Person)(profilePath=*)"
-limit 0 -nameGenerate SIDHistory Report
Dsquery * -filter "&(object)(objectCategory=Person)"
–attr samAccountName sidHistoryGenerate SID (ObjectSID) Report
Dsquery * -filter "&(object)(objectCategory=Person)"
–attr samAccountName ObjectGroupIdentify all Security Groups
dsquery * -filter "(&(objectCategory=group)
(groupType:1.2.840.113556.1.4.804:=2147483648))" –attr samAccountName nameIdentify all Built-In Security Groups
dsquery * -filter "(&(objectCategory=group)
(groupType:1.2.840.113556.1.4.803:=2147483649))" –attr samAccountName nameIdentify all Universal Security Groups
dsquery * -filter "(&(objectCategory=group)
(groupType:1.2.840.113556.1.4.803:=2147483656))" –attr samAccountName nameIdentify all Gloabl Security Groups
dsquery * -filter "(&(objectCategory=group)
(groupType:1.2.840.113556.1.4.803:=2147483650))" –attr samAccountName name ComputerMove Computer Objects Based on OS Version
Move Widnows 7 Computers
dsquery * CN=Computers,DC=santhosh,DC=lab -filter "(&(objectCategory=Computer)
(operatingSystemVersion=6.1))" | dsmove -newparent OU=Win7,OU=ComputerAccounts,DC=santhosh,DC=labMove Windows XP Computers
dsquery * CN=Computers,DC=santhosh,DC=lab -filter "(&(objectCategory=Computer)
(operatingSystemVersion=5.1))" | dsmove -newparent OU=WinXP,OU=ComputerAccounts,DC=santhosh,DC=labSite and SubnetList all Sites in Active Directory
Dsquery site * -name
Get Site Name from Subnet IP Address in Active Directory (For example, Site Name for Subnet 192.168.2.0/24)
Dsquery Subnet -Name 192.168.2.0/24 | Dsget Subnet -Site
Actvie Directory
When Active Directory installed
Dsquery * “CN=Configuration,DC=Santhosh,DC=lab” -attr Whencreated -Scope Base
Find Trusts from specified Domain
Dsquery * "CN=System,DC=Santhosh,DC=lab" -filter "(object)"
-attr TrustPartner FlatName
Find Servers in Active Directory with descriptions
Dsquery * DC=Santhosh,DC=lab -filter "(&(objectCategory=Computer)
(operatingSystem=*server*))"
-limit 0 -attr cn description
View all replicated attributes
Dsquery * CN=Schema,CN=Configuration,DC=Santhosg,DC=lab
-filter "(&(objectCategory=attributeSchema)(!systemFlags:1.2.840.113556.1.4.803:=1))" -limit 0
Find Tombstone and Garbage Collection
Dsquery *
"CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=Santhosh,DC=lab"
-attr GarbageCollPeriod TombstoneLifetime
Find Group Policy GUIDs
Dsquery * "CN=Policies,CN=System,DC=Santhosh,DC=lab"
-filter (objectCategory=groupPolicyContainer) -attr Name DisplayName
Existing GPO’s information
Dsquery * "CN=Policies,CN=System,DC=Santhosh,DC=lab"
-filter "(objectCategory=groupPolicyContainer)"
-attr displayName cn whenCreated gPCFileSysPath
Enumerate the trusts from the specified domain
Dsquery * "CN=System,DC=Santhosh,DC=lab" -filter "(object)"
-attr TrustPartner FlatName
Active Directory Subnet and Site Information
Dsquery * "CN=Subnets,CN=Sites,CN=Configuration,DC=Santhosh,DC=lab"
-attr CN SiteObject Description Location
Active Directory Site Links and Cost Information
Dsquery * "CN=Sites,CN=Configuration,DC=Santhosh,DC=lab"
-attr CN Cost Description ReplInterval SiteList -filter (object)
Find Group Policy display name with the GUID
Dsquery * "CN=Policies,CN=System,DC=Santhosh,DC=lab"
-filter (objectCategory=groupPolicyContainer) -attr Name DisplayName