Active Directory: Active Directory Domain Services (AD DS) Commands and Scripts

Active Directory: Active Directory Domain Services (AD DS) Commands and Scripts

Here are some useful commands and scripts for administering Active Directory. For more information please see Active Directory Domain Services Command Reference.

Reference
: userAccountControl

User

Identify OCS enabled users in Active Directory

Dsquery * -filter (msRTCSIP-UserEnabled=TRUE) –limit 0 –attr name samaccountname

Query Password Last Set (pwdlastset) value

Dsquery * -filter "&(objectClass=User)(objectCategory=Person)" -limit 0
-attr name pwdlastset

Note: Time can be converted using the w32tm /ntte command.

Search Password Never Expires Settings

Dsquery *  -limit 0 “(&(objectCategory=person)(objectClass=user)
(userAccountControl:1.2.840.113556.1.4.803:=65536))” –attr samaccoutname name

User accounts with no pwd required

Dsquery * domainroot -filter "(&(objectCategory=Person)(objectClass=User)
(userAccountControl:1.2.840.113556.1.4.803:=32))"

User accounts that are disabled
Dsquery * domainroot -filter "(&(objectCategory=Person)(objectClass=User)
(userAccountControl:1.2.840.113556.1.4.803:=2))"

Password Expiring in 30 Days
dsquery * -limit 0 -filter "(&(objectCategory=person)(objectClass=user)
(userAccountControl:1.2.840.113556.1.4.803:=4194304))" -attr name samaccountname

User accounts with “Do not require kerberos preauthentication” enabled

Dsquery * -limit 0 “(&(objectCategory=person)(objectClass=user)
(!userAccountControl:1.2.840.113556.1.4.803:=8388608)
(!userAccountControl:1.2.840.113556.1.4.803:=65536)
(pwdLastSet>=129522420000000000)(pwdLastSet<=129548340000000000))”
–attr samaccountname name

List all Roaming Profile users in Active Directory

Dsquery * -filter "&(objectClass=User)(objectCategory=Person)(profilePath=*)"
-limit 0 -name

Generate SIDHistory Report

Dsquery * -filter "&(objectClass=User)(objectCategory=Person)"
–attr samAccountName sidHistory

Generate SID (ObjectSID) Report

Dsquery * -filter "&(objectClass=User)(objectCategory=Person)"
–attr samAccountName Object
Group

Identify all Security Groups

dsquery * -filter "(&(objectCategory=group)
(groupType:1.2.840.113556.1.4.804:=2147483648))" –attr samAccountName name

Identify all Built-In Security Groups

dsquery * -filter "(&(objectCategory=group)
(groupType:1.2.840.113556.1.4.803:=2147483649))" –attr samAccountName name

Identify all Universal Security Groups

dsquery * -filter "(&(objectCategory=group)
(groupType:1.2.840.113556.1.4.803:=2147483656))" –attr samAccountName name

Identify all Global Security Groups

 dsquery * -filter "(&(objectCategory=group)
(groupType:1.2.840.113556.1.4.803:=2147483650))" –attr samAccountName name 
Computer

Move Computer Objects Based on OS Version

Move Windows 7 Computers

dsquery * CN=Computers,DC=santhosh,DC=lab -filter "(&(objectCategory=Computer)
(operatingSystemVersion=6.1))" | dsmove -newparent OU=Win7,OU=ComputerAccounts,DC=santhosh,DC=lab

Move Windows XP Computers

dsquery * CN=Computers,DC=santhosh,DC=lab -filter "(&(objectCategory=Computer)
(operatingSystemVersion=5.1))" | dsmove -newparent OU=WinXP,OU=ComputerAccounts,DC=santhosh,DC=lab
Site and Subnet

List all Sites in Active Directory

Dsquery site * -name

Get Site Name from Subnet IP Address in Active Directory (For example, Site Name for Subnet 192.168.2.0/24)

 Dsquery Subnet -Name 192.168.2.0/24 | Dsget Subnet -Site

 

Active Directory
When Active Directory installed

Dsquery * “CN=Configuration,DC=Santhosh,DC=lab” -attr Whencreated -Scope Base

Find Trusts from specified Domain

Dsquery * "CN=System,DC=Santhosh,DC=lab" -filter "(objectClass=trustedDomain)"
-attr TrustPartner FlatName

Find Servers in Active Directory with descriptions

Dsquery * DC=Santhosh,DC=lab -filter "(&(objectCategory=Computer)
(operatingSystem=*server*))"
-limit 0 -attr cn description


View all replicated attributes
Dsquery * CN=Schema,CN=Configuration,DC=Santhosg,DC=lab
-filter "(&(objectCategory=attributeSchema)(!systemFlags:1.2.840.113556.1.4.803:=1))" -limit 0

Find Tombstone and Garbage Collection
Dsquery *
"CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=Santhosh,DC=lab"
-attr GarbageCollPeriod TombstoneLifetime

Find Group Policy GUIDs
Dsquery * "CN=Policies,CN=System,DC=Santhosh,DC=lab"
-filter (objectCategory=groupPolicyContainer) -attr Name DisplayName

Existing GPO’s  information
Dsquery * "CN=Policies,CN=System,DC=Santhosh,DC=lab"
-filter "(objectCategory=groupPolicyContainer)"
-attr displayName cn whenCreated gPCFileSysPath

Enumerate the trusts from the specified domain

 

Dsquery * "CN=System,DC=Santhosh,DC=lab" -filter "(objectClass=trustedDomain)"
-attr TrustPartner FlatName

Active Directory Subnet and Site Information
Dsquery * "CN=Subnets,CN=Sites,CN=Configuration,DC=Santhosh,DC=lab"
-attr CN SiteObject Description Location

Active Directory Site Links and Cost Information
Dsquery * "CN=Sites,CN=Configuration,DC=Santhosh,DC=lab"
-attr CN Cost Description ReplInterval SiteList -filter (objectClass=siteLink)

Find Group Policy display name with the GUID
Dsquery * "CN=Policies,CN=System,DC=Santhosh,DC=lab"
-filter (objectCategory=groupPolicyContainer) -attr Name DisplayName
Leave a Comment
  • Please add 6 and 6 and type the answer here:
  • Post
Wiki - Revision Comment List(Revision Comment)
Sort by: Published Date | Most Recent | Most Useful
Comments
  • Carsten Siemens edited Revision 51. Comment: Fixed typos and added tags: has TOC, has comment

  • Richard Mueller edited Revision 50. Comment: Remove (en-US) from title, add heading to TOC

  • Richard Mueller edited Revision 46. Comment: Modify anchor tag in HTML to make TOC work correctly

  • Horizon_Net edited Revision 44. Comment: added language tags

  • Ragu.R edited Revision 41. Comment: Hi santhosh , nice one. I am in need of the filter for Built-in Security principals that includes Wellknown Security principals and Built in security groups. For example , 'Authenticated Users'

  • Richard Mueller edited Revision 39. Comment: Simplified query for replicated attributes, and added carriage return for readability

  • Richard Mueller edited Revision 35. Comment: Added <br /> tags to improve word wrapping. Replaced "(objectCategory=computer)(objectClass=computer)" with "(objectCategory=computer)".

  • Santhosh Sivarajan- edited Revision 27. Comment: Added more commands

  • Santhosh Sivarajan- edited Revision 24. Comment: Formating, review etc

  • Santhosh Sivarajan- edited Revision 20. Comment: Formating

Page 1 of 2 (14 items) 12
Wikis - Comment List
Sort by: Published Date | Most Recent | Most Useful
Posting comments is temporarily disabled until 10:00am PST on Saturday, December 14th. Thank you for your patience.
Comments
Page 1 of 3 (37 items) 123