Friday, November 11, 2011

Active Directory: Active Directory Domain Services (AD DS) Commands and Scripts

I have updated the “Active Directory: Active Directory Domain Services (AD DS) Commands and Scripts” TechNet Wiki article with more DS commands. Feel free to update/modify this article.

Identify OCS enabled users in Active Directory

Dsquery * -filter (msRTCSIP-UserEnabled=TRUE) –limit 0 –attr name samaccountname

Query Password Last Set (pwdlastset) value

dsquery * -filter "&(objectClass=User)(objectCategory=Person)" -limit 0 -attr name pwdlastset

Note: Time can be convered using the w32tm /ntte command.

Search Password Never Expires Settings

Dsquery * -limit 0 “(&(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=65536))” –attr samaccoutname name

Password Expiring in 30 Days

dsquery * -limit 0 -filter "(&(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=4194304))" -attr name samaccountname

User accounts with “Do not require kerberos preauthentication” enabled

Dsquery * -limit 0 “(&(objectCategory=person)(objectClass=user)(!userAccountControl:1.2.840.113556.1.4.803:=8388608)(!userAccountControl:1.2.840.113556.1.4.803:=65536)(pwdLastSet>=129522420000000000)(pwdLastSet<=129548340000000000))” –attr samaccountname name

List all Roaming Profile users in Active Directory

dsquery * -filter "&(objectClass=User)(objectCategory=Person)(profilePath=*)" -limit 0 -name

Generate SIDHistory Report

dsquery * -filter "&(objectClass=User)(objectCategory=Person)" –attr samAccountName sidHistory

Generate SID (ObjectSID) Report

dsquery * -filter "&(objectClass=User)(objectCategory=Person)" –attr samAccountName Object


Identify all Security Groups

dsquery * -filter "(&(objectCategory=group)
(groupType:1.2.840.113556.1.4.804:=2147483648))" –attr samAccountName name

Identify all Built-In Security Groups

dsquery * -filter "(&(objectCategory=group)
(groupType:1.2.840.113556.1.4.803:=2147483649))" –attr samAccountName name

Identify all Universal Security Groups

dsquery * -filter "(&(objectCategory=group)
(groupType:1.2.840.113556.1.4.803:=2147483656))" –attr samAccountName name

Identify all Gloabl Security Groups

dsquery * -filter "(&(objectCategory=group)
(groupType:1.2.840.113556.1.4.803:=2147483650))" –attr samAccountName name


Move Computer Objects Based on OS Version

Move Widnows 7 Computers

dsquery * CN=Computers,DC=santhosh,DC=lab -filter "(&(ObjectClass=computer)(objectCategory=Computer)(operatingSystemVersion=6.1))" | dsmove -newparent OU=Win7,OU=ComputerAccounts,DC=santhosh,DC=lab

Move Windows XP Computers

dsquery * CN=Computers,DC=santhosh,DC=lab -filter "(&(ObjectClass=computer)(objectCategory=Computer)(operatingSystemVersion=5.1))" | dsmove -newparent OU=WinXP,OU=ComputerAccounts,DC=santhosh,DC=lab

Domain Controller


Site and Subnet

List all Sites in Active Directory

Dsquery site * -name

Get Site Name from Subnet IP Address in Active Directory (For example, Site Name for Subnet

Dsquery Subnet -Name | Dsget Subnet -Site


Here are some argumentative essay tips for you, guys. Use them wisely!

Your blog is very informative and helpful for me. I am really excited to find this post. I am so happy to find this post. Are you ready Halloween in game sims 4 skill cheats ? Dress your sims up in spooktacular costumer and build the perfedct haunted house with configurable stair.

The escorts offer support to customers in the simplest way hyderabad escorts can. These escorts in hyderabad are responsible for providing the best service and protection. They do not take any extra care to provide a high-quality, charitable service for their clients. Independent luxury hyderabad escorts are always in high demand in hyderabad. Many girls think they are high-quality independent hyderabad escorts.
hyderabad escort service
goa escort service
Udaipur escort service

Post a Comment

Popular Posts


Twitter Delicious Facebook Digg Stumbleupon Favorites More