Thursday, March 26, 2009

One-liners with dsquery

Get all the members of a group:
dsquery group -name group_name dsget group -members

See all the users with their associated logon script:
dsquery * domainroot -filter "(&(objectCategory=Person)(objectClass=User))" -limit 0 -attr sAMAccountName sn distinguishedName scriptPath

See the groups from Active Directory that does not have any members:
dsquery * -filter "&(objectCategory=group)(!member=*)" -limit 0 -attr groupType sAMAccountName distinguishedName

See when a group was created, and membership:
dsquery * -filter "&(objectCategory=group)" -limit 0 -attr whenCreated samaccountname memberof

Check the expiration date of all users accounts in an OU:
dsquery user "OU=XXX,DC=test,DC=com" dsget user -dn -acctexpires

P.S. I see that for an unknown reason, the pipe command does not appear in my post. So, i must mention that before every dsget command in the upper scripts there is a pipe sign.

No comments: