Syed Jahanzaib Personal Blog to Share Knowledge !

January 16, 2013

Active Directory DSQUERY & Miscellenous Commands with Syntax

Recently We were asked by the Auditors to provide some data of Active Directory for yearly Audit purpose. I already have few scripts that saved a lot of time. I also linked these scripts with the Linux base WEBMIN, so they can be called by nice GUI as showed in the example below.



<How to link Linux base scritps with the webmin>

Following are scripts

Show All users in your domain

dsquery * dc=yourdomainname -filter “(&(objectCategory=Person)(objectClass=User))” -limit 0

Show All Users Created Since 1st January, 2012 till date

dsquery * dc=yourdomainname -filter “(&(objectCategory=Person)(objectClass=User)(whenCreated>=20120101000000.0Z))”

Show Users For Specific Period (Jan-2012 till Dec-2012)
e.g: Display Users Created from 1st January 2012 till 31st December 2012 (1 Year) Only.

dsquery * dc=yourdomainname -filter “(&(objectCategory=Person)(objectClass=User)(whenCreated>=20120101000000.0Z-)(whenCreated<=20121231000000.0Z-))”

> = greater then
< = less then
~ = approx
= equals

Miscellaneous commands . . .

Show All Users Info (Active/Non Active)
dsquery user -limit 0 | dsget user -dn -disabled

Show Inactive Users Only (Users that haven’t logged on since last 2 weeks)
dsquery user “dc=Your_Domain_Name” -inactive 2

Show DISABLED Users Only
dsquery user -disabled | dsget user -display -email -dept -title

Show ACTIVE Users Only
dsquery * -filter “(&(sAMAccountType=805306368)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))” -limit 0 | dsget user -display -email -dept -title

Show Users from Specific Group Only
dsquery group DC=yourdomainname -name “Type Group Name” | dsget group -members |sort |dsget user -display -email -dept -title

Show Only Specific User Details
Net user USERID /domain

Delete Only Computer Name from AD Computers
dsquery computer -name PCNAME  |dsrm  -subtree -c -noprompt


Syed Jahanzaib


  1. ::JAZAK ALLAH::


    Kindly send me IBM Lotusnotes Server 8.5 installation steps.

    Comment by ABBAS — January 19, 2013 @ 8:27 AM

    • Installing IBM Lotus Domino Server is fairly easy as compare to other email servers, just a couple of clicking NEXT button and you are done. There are various step by step guides and videos available on the youtube and Google. I will make one in my free time.

      Comment by Syed Jahanzaib / Pinochio~:) — January 19, 2013 @ 11:21 AM

  2. AssAlam o alikum sir please tell us about AC Auditing in server 2008 r2 how to configure Audiiting

    Comment by umer — August 3, 2013 @ 11:47 PM

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at

%d bloggers like this: