Dsquery.exe is a command-line utility for obtaining information about various objects in the Active Directory domain. The utility is available in all Windows Server versions by default. To use it on desktop OSs, you need to install the appropriate version of Remote Server Administration Tools.
The dsquery command allows you to query the LDAP directory to find objects that meet the specified criteria. As an attribute of the dsquery command, you need to specify the type of the AD object that you are searching for. For example:
- dsquery computer
- dsquery contact
- dsquery subnet
- dsquery group
- dsquery ou
- dsquery site
- dsquery server
- dsquery user
- dsquery quota
- dsquery partition
- dsquery *
The last command is used to find any objects in the AD directory using a common LDAP query.
To get help about a specific command, type:
dsquery <object_type> /?
Consider some useful examples of using the dsquery command to retrieve information from the AD.
To find all domain controllers in the forest, run the command:
dsquery Server -o rdn -Forest
List all domain DC:
dsquery Server -domain techcrises.com
To display all DCs that also hold the Global Catalog role:
dsquery Server -domain techcrises.com -isgc
List of all domain controllers in the forest that hold the FSMO role Schema Master:
dsquery Server -Forest -hasfsmo schema
Display all subnets in the London site:
dsquery subnet –site London
By default, the dsquery utility allows you to display only 100 objects from AD. To use the command to return more than 100 results, use the -limit argument. The -limit 0 option means that the results in the output are unlimited.
List all user accounts in the domain:
dsquery * -filter "(&(objectcategory=person)(objectclass=user)(name=*))" -limit 0 -attr samaccountname
By default, the dsquery command displays a list of objects that match the criteria on the console screen, but you can save the resulting list to a file, by redirecting the results of the command in this way:
dsquery User > AllUsers.txt
You can get information about a particular user:
dsquery * -filter "(&(objectcategory=person)(objectclass=user)(samaccountname=jdouglas))" -limit 0 -attr *
To get the user’s SID, use the command:
dsquery * -filter "&(objectcategory=user)(samaccountname=jdouglas)" -attr objectsid
The following command returns a list of groups in the domain:
dsquery * -filter "(&(objectcategory=group)(objectclass=group)(name=*))" -limit 0 -attr Name
Display a list of computers in the domain whose names begin from PC-LON:
dsquery computer -name PC-LON*
The dsquery utility can be used with a pipeline with other utilities (dsmod, dsget, dsrm or dsmove), and then the dsquery command will be used as input for them. For example, to save members of a particular AD group to a text file, use the following pipeline:
dsquery group ‘DC=techcrises,DC=com’ -name ‘domain admins’ | dsget group -members > GroupMembers.txt
You can disable the accounts of the found users:
dsquery user -name Test* | dsmod user -disabled yes
Find and remove all computers that are inactive for more than 10 weeks from AD:
dsquery computer -inactive 10 | dsrm
Add all users from a specific OU to the AD security group:
dsquery user ‘ou=London,dc=techcrises,dc=com’ | dsmod group ’cn=LondonUsers,ou=London,dc=techcrises,dc=com’ –addmbr
To get a list of users who have not changed their password in the domain for more than 60 days:
dsquery user -stalepwd 60 -limit 0
At first glance, the syntax of the dsquery utility is quite complex. But if you try to execute several queries yourself, you will realize that most dsquery subcommands use the same standard syntax and contain only a few extensions of the standard syntax that are specific to the type of object they are working with.