I have updated the “Active Directory: Active Directory Domain Services (AD DS) Commands and Scripts” TechNet Wiki article with more DS commands. Feel free to update/modify this article. http://social.technet.microsoft.com/wiki/contents/articles/3537.aspx
User
Identify OCS enabled users in Active Directory
Dsquery * -filter (msRTCSIP-UserEnabled=TRUE) –limit 0 –attr name samaccountname
Query Password Last Set (pwdlastset) value
dsquery * -filter "&(objectClass=User)(objectCategory=Person)" -limit 0 -attr name pwdlastset
Note: Time can be convered using the w32tm /ntte command.
Search Password Never Expires Settings
Dsquery * -limit 0 “(&(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=65536))” –attr samaccoutname name
Password Expiring in 30 Days
dsquery * -limit 0 -filter "(&(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=4194304))" -attr name samaccountname
User accounts with “Do not require kerberos preauthentication” enabled
Dsquery * -limit 0 “(&(objectCategory=person)(objectClass=user)(!userAccountControl:1.2.840.113556.1.4.803:=8388608)(!userAccountControl:1.2.840.113556.1.4.803:=65536)(pwdLastSet>=129522420000000000)(pwdLastSet<=129548340000000000))” –attr samaccountname name
List all Roaming Profile users in Active Directory
dsquery * -filter "&(objectClass=User)(objectCategory=Person)(profilePath=*)" -limit 0 -name
Generate SIDHistory Report
dsquery * -filter "&(objectClass=User)(objectCategory=Person)" –attr samAccountName sidHistory
Generate SID (ObjectSID) Report
dsquery * -filter "&(objectClass=User)(objectCategory=Person)" –attr samAccountName Object
Group
Identify all Security Groups
dsquery * -filter "(&(objectCategory=group)
(groupType:1.2.840.113556.1.4.804:=2147483648))" –attr samAccountName nameIdentify all Built-In Security Groups
dsquery * -filter "(&(objectCategory=group)
(groupType:1.2.840.113556.1.4.803:=2147483649))" –attr samAccountName nameIdentify all Universal Security Groups
dsquery * -filter "(&(objectCategory=group)
(groupType:1.2.840.113556.1.4.803:=2147483656))" –attr samAccountName nameIdentify all Gloabl Security Groups
dsquery * -filter "(&(objectCategory=group)
(groupType:1.2.840.113556.1.4.803:=2147483650))" –attr samAccountName name
Computer
Move Computer Objects Based on OS Version
Move Widnows 7 Computers
dsquery * CN=Computers,DC=santhosh,DC=lab -filter "(&(ObjectClass=computer)(objectCategory=Computer)(operatingSystemVersion=6.1))" | dsmove -newparent OU=Win7,OU=ComputerAccounts,DC=santhosh,DC=lab
Move Windows XP Computers
dsquery * CN=Computers,DC=santhosh,DC=lab -filter "(&(ObjectClass=computer)(objectCategory=Computer)(operatingSystemVersion=5.1))" | dsmove -newparent OU=WinXP,OU=ComputerAccounts,DC=santhosh,DC=lab
Domain Controller
Site and Subnet
List all Sites in Active Directory
Dsquery site * -name
Get Site Name from Subnet IP Address in Active Directory (For example, Site Name for Subnet 192.168.2.0/24)
Dsquery Subnet -Name 192.168.2.0/24 | Dsget Subnet -Site
4 comments:
You are rocking Santhosh
Thanks Biswajit :)
Here are some argumentative essay tips for you, guys. Use them wisely!
Great Article
IEEE Projects on Information Security
Project Centers in Chennai
JavaScript Training in Chennai
JavaScript Training in Chennai
Post a Comment