I have updated the “Active Directory: Active Directory Domain Services (AD DS) Commands and Scripts” TechNet Wiki article with more DS commands. Feel free to update/modify this article. http://social.technet.microsoft.com/wiki/contents/articles/3537.aspx
User
Identify OCS enabled users in Active Directory
Dsquery * -filter (msRTCSIP-UserEnabled=TRUE) –limit 0 –attr name samaccountname
Query Password Last Set (pwdlastset) value
dsquery * -filter "&(objectClass=User)(objectCategory=Person)" -limit 0 -attr name pwdlastset
Note: Time can be convered using the w32tm /ntte command.
Search Password Never Expires Settings
Dsquery * -limit 0 “(&(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=65536))” –attr samaccoutname name
Password Expiring in 30 Days
dsquery * -limit 0 -filter "(&(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=4194304))" -attr name samaccountname
User accounts with “Do not require kerberos preauthentication” enabled
Dsquery * -limit 0 “(&(objectCategory=person)(objectClass=user)(!userAccountControl:1.2.840.113556.1.4.803:=8388608)(!userAccountControl:1.2.840.113556.1.4.803:=65536)(pwdLastSet>=129522420000000000)(pwdLastSet<=129548340000000000))” –attr samaccountname name
List all Roaming Profile users in Active Directory
dsquery * -filter "&(objectClass=User)(objectCategory=Person)(profilePath=*)" -limit 0 -name
Generate SIDHistory Report
dsquery * -filter "&(objectClass=User)(objectCategory=Person)" –attr samAccountName sidHistory
Generate SID (ObjectSID) Report
dsquery * -filter "&(objectClass=User)(objectCategory=Person)" –attr samAccountName Object
Group
Identify all Security Groups
dsquery * -filter "(&(objectCategory=group)
(groupType:1.2.840.113556.1.4.804:=2147483648))" –attr samAccountName nameIdentify all Built-In Security Groups
dsquery * -filter "(&(objectCategory=group)
(groupType:1.2.840.113556.1.4.803:=2147483649))" –attr samAccountName nameIdentify all Universal Security Groups
dsquery * -filter "(&(objectCategory=group)
(groupType:1.2.840.113556.1.4.803:=2147483656))" –attr samAccountName nameIdentify all Gloabl Security Groups
dsquery * -filter "(&(objectCategory=group)
(groupType:1.2.840.113556.1.4.803:=2147483650))" –attr samAccountName name
Computer
Move Computer Objects Based on OS Version
Move Widnows 7 Computers
dsquery * CN=Computers,DC=santhosh,DC=lab -filter "(&(ObjectClass=computer)(objectCategory=Computer)(operatingSystemVersion=6.1))" | dsmove -newparent OU=Win7,OU=ComputerAccounts,DC=santhosh,DC=lab
Move Windows XP Computers
dsquery * CN=Computers,DC=santhosh,DC=lab -filter "(&(ObjectClass=computer)(objectCategory=Computer)(operatingSystemVersion=5.1))" | dsmove -newparent OU=WinXP,OU=ComputerAccounts,DC=santhosh,DC=lab
Domain Controller
Site and Subnet
List all Sites in Active Directory
Dsquery site * -name
Get Site Name from Subnet IP Address in Active Directory (For example, Site Name for Subnet 192.168.2.0/24)
Dsquery Subnet -Name 192.168.2.0/24 | Dsget Subnet -Site
3 comments:
You are rocking Santhosh
Thanks Biswajit :)
Here are some argumentative essay tips for you, guys. Use them wisely!
Post a Comment