Tuesday, June 14, 2011

Searching Active Directory Using DSQUERY and LDAP Query

Here are some useful DSQUERY and LDAP query commands to search Active Directory.  

The following query lists all users with dial-In access permission (allow) in Active Directory: 

Using LDAP custom query - (&(objectClass=User)(objectCategory=Person)(msNPAllowDialin=TRUE))

image

Using DSQUERY command:

Dsquery * -filter ("&(objectClass=User)(objectCategory=Person)(msNPAllowDialin=TRUE)") -attr name

image

The following query lists all enabled user account that have never been logged into before: 

LDAP Query - (&(objectCategory=person)(objectClass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2)(!lastLogonTimeStamp>=1))

image

Using DSQUERY Command:

dsquery * -filter ("&(objectCategory=person)(objectClass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2)(!lastLogonTimeStamp>=1))" –limit 0 -attr name description

image

0 comments:

Post a Comment

Popular Posts

Share

Twitter Delicious Facebook Digg Stumbleupon Favorites More