Active DirectoryMicrosoft TechnologiesWindows Server

The DS Commands – DSQUERY

In last few posts i have explained different tools, techniques which can use to query about AD objects. in there mostly we used GUI tools. But there is a command line utility which can use to perform almost all tasks which you can do using Active Directory Users and Computers Snap-in. But some one may think why its needed to use complex commands to do such while you having GUI tools. But this command line utility is giving more control over the AD tasks. you can execute few tasks together which you may have to do by few steps in GUI. For example you can search for a object and same time can edit info in search results. Most of commands use for this begins with letter "DS" so these are more often refer as "DS commands".

DSQuery – This is works similar to "Find" function in AD users and computers snap-in. It can use to query objects based on the parameters which is provided and list the matching objects.

The help file of the command can view by passing dsquery /? This command have to run as administrator in AD server.

dsquery1

The basic form of the command is

dsquery objecttype

Object type can be : user,computer,group,ou

by default search scope is the entire domain but this can be change by defining the container.

-limit specifies the number of results it returns. the default value is 100 entries. if you pass value 0 means return all values. in queries it allows to use wildcard (*)

lets look in to few of examples.

as first query i am going to use dsquery user -name "Sales*" This will search for the all the user names which starts with text "Sales" and list them all.

dsquery2

It has list down all the info in Distinguished Name (DN) format. This listed all the users who starts with name "Sales" we also can specify the exact data as well. for example dsquery user -name "Sales A" This will search for the exact value and list it down. if its cannot find it it will pass empty line.

dsquery3

As i mentioned before by default the search run against entire domain. but we can still define the container it should run against.

dsquery user  "OU=Sales Department,dc=contoso,dc=com" -name "Sales*" in this query its define the search scoop and it will only run it against OU=Sales Department,dc=contoso,dc=com

dsquery4

This is the end of this article and in next few articles i will explain other DS commands which can use.

Related posts
Cyber SecurityMicrosoft Entra IDMicrosoft Technologies

Microsoft Entra lifecycle workflows Part 02 - How to synchronize value for employeeHireDate attribute from on-premises Active Directory ?

In my previous blog post, I explained how we can automate JML (Joiners/Movers/Leavers) process by…
Read more
Azure servicesMicrosoft Entra IDMicrosoft Technologies

Step-by-Step Guide : Automate JML(Joiners/Movers/Leavers) process with Microsoft Entra lifecycle workflows

JML (Joiners/Movers/Leavers) process of an organization has a major impact on its security and…
Read more
Cyber SecurityMicrosoft DefenderMicrosoft Technologies

Microsoft Defender for Identity Part 02 – Create Directory Service Account

In Part 01 of Microsoft Defender for Identity blog series, I have explained about Microsoft Defender…
Read more
Newsletter
Become a Trendsetter

Sign up and get the best of RebelAdmin, tailored for you.

Leave a Reply

Your email address will not be published. Required fields are marked *