Advertisements

Microsoft System Admins

Microsoft System Admins Products Support and configuration

Main menu

Skip to primary content
Skip to secondary content
  • About Me

Tag Archives: dsquery

Queries on Active Directory

Posted on March 6, 2013 by kazaki82
Reply

dsquery

-o {dn | rdn} Specifies output format

Finding a Computer Account

  1. Click Start, and then click Run.
  2. In the Open box, type cmd.
  3. At the command prompt, type the following command:

    dsquery computer -name name

    To find all groups in the current domain whose name starts with “PC”

    dsquery group domainroot -name PC*

    “dsquery computer -inactive 8 -limit 400”

    “dsquery computer -inactive 8 -limit 400| dsmod computer -disabled yes”

    If you need to target a specific OU, simply place DN of the OU after the computer:

    “dsquery computer “OU=Build,DC=hps,DC=com” -inactive 8 | dsmod computer -disabled yes”

    dsmove “cn=computer

Bootcfg

Configures, queries, or changes Boot.ini file settings.

Driverquery Queries for a list of drivers and driver properties.
Dsadd Adds a computer, contact, group, organization unit, or user to a directory

Tasklist

Tasklist

Displays a list of currently running processes on either a local or remote machine.

/s Computer

Specifies the name or IP address of a remote computer (do not use backslashes). The default is the local computer.

/svc

Lists all the service information for each process without truncation. Valid when the /fo parameter is set to TABLE.

Delegation of Control Wizard

http://technet.microsoft.com/en-us/library/cc756087(WS.10).aspx

  • ACL Editor
  • Ldp.exe
  • Dsacls.exe
  • Acldiag.exe
  • Dsrevoke.exe

LDP

LDP (Ldp.exe)

is a graphical tool that allows you to perform Lightweight Directory Access Protocol (LDAP) operations, such as connect, bind, search, modify, add, or delete, against any LDAP-compatible directory, including Active Directory.

To view the security descriptor of an object by using Ldp.exe

  1. In LDP, on the Connection menu, click Connect to connect to a domain or a specific domain controller.
  2. In theConnect dialog box, in theServer box, type a server name or leave the entry blank to connect to the local server, and then clickOK.
  3. On the Connection menu, click Bind.
  4. In the Bind dialog box, type a user name and password, and then click OK to bind to Active Directory.
  5. On the View menu, click Tree. In the BaseDN box, either type a specific distinguished name (DN) or leave BaseDN blank to view the entire domain.
  6. To display the object for which you want to view the security descriptor, double-click the domain object in the tree view and then double-click the appropriate container.
  7. To view the security descriptor of an object, right click the object in the tree view, select Advanced,select Security Descriptor, and then in the Security Descriptor dialog box, click OK.

    The security descriptor of the object is displayed in the details pane. Note that you can scroll to view the Security Descriptor Definition Language (SDDL) version of the security descriptor and to view the security descriptor in text format.

    To analyze the security descriptor in detail, you can either view the information in the details pane, or, if you prefer, right click in the details pane, choose Select All, choose Copy, and then paste the contents into a text file.

Dsacls.exe

Dsacls.exe is a command-line tool that you can use to query the security attributes and to change permissions and security attributes of Active Directory objects. It is the command-line equivalent of the Security tab in the Windows Active Directory snap-in tools such as Active Directory Users and Computers and Active Directory Sites and Services.

Acldiag

Acldiag.exe: ACL Diagnostics

This command-line tool detects and reports discrepancies in the access control lists (ACLs) of objects in Active Directory. It can also reapply a security delegation template to an ACL, eliminating special permissions and restoring incomplete delegations.

Example 1: Display the ACL of a user object in Active Directory

To display the ACL of a user object in Active Directory, type:

acldiag CN=”Test Admin”,CN=Users,DC=domain1,DC=test,DC=fourthcoffee,DC=com

Dsrevoke

Dsrevoke is a new command-line tool that can be used on domain controllers that are running Windows Server 2003 or Windows 2000 Server to report the existence of all permissions for a specific user or group on a set of OUs in a domain and optionally remove from the DACLs of a set of OUs all permissions specified for a particular user or group

Advertisements

Share this:

  • Click to share on Twitter (Opens in new window)
  • Share on Facebook (Opens in new window)
  • Click to email (Opens in new window)
  • Click to print (Opens in new window)
  • Click to share on LinkedIn (Opens in new window)
  • Click to share on Google+ (Opens in new window)
  • Click to share on WhatsApp (Opens in new window)
  • Click to share on Pinterest (Opens in new window)

Like this:

Like Loading...
Posted in Active Directory, Active Directory 2008 | Tagged dsquery, dsquery computer, dsquery group, Finding a Computer Account | Leave a reply

query computers in Active directory

Posted on March 25, 2012 by kazaki82
2

##Make Sure to the following commands on AD and Run as administrator
##How to query inactive computers in AD And increase the View limit
open CMD then
dsquery computer -inactive 8 -limit 400″### How to disable the inactive computers
OPen CMD then
“dsquery computer -inactive 8 -limit 400| dsmod computer -disabled yes”
###If you need to target a specific OU, simply place DN of the OU after the computer:
“dsquery computer “OU=Build,DC=Domain,DC=com” -inactive 8 | dsmod computer -disabled yes”
dsmove “cn=computer
**************************

To find out detailed information about a user account: net user username
C:>net user etbain

********************
###To find out where (which OU) a user account resides in ADS:
dsquery user -samid username

*******************************
##to get the list of users who hasnt been active for the last 16 week
dsquery user -inactive 16 | dsget user -dn
****************************************************
## how to know on whcih DC the users has been authenticated
From Command prompt
ECHO %LOGONSERVER%

Share this:

  • Click to share on Twitter (Opens in new window)
  • Share on Facebook (Opens in new window)
  • Click to email (Opens in new window)
  • Click to print (Opens in new window)
  • Click to share on LinkedIn (Opens in new window)
  • Click to share on Google+ (Opens in new window)
  • Click to share on WhatsApp (Opens in new window)
  • Click to share on Pinterest (Opens in new window)

Like this:

Like Loading...
Posted in Active Directory 2008 | Tagged disable the inactive computers, dsquery, dsquery computer, information about a user account, net user, query computers in Active directory | 2 Replies
Advertisements

Search

Blog Stats

  • 162,573 hits

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 13 other followers

System Admin

  • kazaki82

Categories

  • Active Directory (43)
    • Active Directory 2008 (33)
      • Delegation (5)
      • Disaster Recovery (3)
      • Global Catalog (1)
      • Upgrading and Migration (3)
    • Active Directory 2012 (9)
  • AZURE (1)
  • Digital Marketing (3)
  • Exchange (5)
  • HardWare (3)
  • hybrid (2)
  • Hyper-v (2)
  • IIS (1)
  • Lync Server (1)
  • Office 365 (29)
    • Exchange online (4)
    • Hybrid Exchange (2)
    • OneDrive for Business (3)
    • SharePoint Online (2)
  • outlook 2010 (1)
  • PowerShell (1)
  • ProjectServer (1)
  • Sharepoint (119)
    • Sharepoint 2010 (49)
      • Add features to sharepoint (1)
      • Administration Tasks (10)
      • Application services (1)
      • Backup and Restore (5)
      • creating and configuring (5)
      • Enable Audit on SharePoint 2010 (1)
      • Health analyzer (3)
      • PDF Issues (2)
      • Ribbon (1)
      • Search,idexing and crawling (3)
      • Stsadm (1)
      • WebParts (1)
    • Sharepoint 2013 (60)
    • SharePoint 2016 (8)
  • Uncategorized (7)

Archives

  • April 2018 (2)
  • March 2018 (1)
  • August 2017 (5)
  • May 2017 (1)
  • March 2017 (11)
  • February 2017 (1)
  • January 2017 (3)
  • December 2016 (5)
  • September 2016 (1)
  • August 2016 (9)
  • April 2016 (2)
  • March 2016 (1)
  • January 2016 (5)
  • December 2015 (3)
  • November 2015 (7)
  • October 2015 (2)
  • June 2015 (3)
  • March 2015 (3)
  • December 2014 (2)
  • November 2014 (3)
  • October 2014 (3)
  • July 2014 (10)
  • June 2014 (1)
  • May 2014 (2)
  • April 2014 (2)
  • March 2014 (4)
  • January 2014 (2)
  • December 2013 (16)
  • November 2013 (2)
  • August 2013 (1)
  • July 2013 (2)
  • June 2013 (2)
  • April 2013 (7)
  • March 2013 (6)
  • February 2013 (11)
  • January 2013 (10)
  • December 2012 (4)
  • June 2012 (9)
  • April 2012 (7)
  • March 2012 (20)
  • June 2011 (1)

Tags

  • "Create a custom task to delegate
  • ADPREP
  • Audit Logon Events
  • Backup-SPSite
  • Backup and Restore a Site Collection
  • Content Web Applications
  • Create a user profile service application
  • delegate control move computer objects from one OU to another
  • DFRS migration
  • disable the inactive computers
  • dsquery
  • dsquery computer
  • Enable Global catalog
  • Exam 70-667
  • FAST Query Language
  • FQL
  • FRs Migrate to DFRS
  • Get-SPServiceApplicationPool
  • Get Global Catalog from DNS
  • get list of Application pools with accounts assigned to it
  • Global Catalog
  • How to get the name of the application pools when they are using GUIDs
  • How to know the Global Catalog server
  • http://quizlet.com/3088338/sharepoint-2010-exam-70-667-flash-cards
  • Import user profiles from Active Directory
  • information about a user account
  • It will be Get-SPServiceApplicationPool | select Id
  • Missing server side dependencies
  • Name
  • net user
  • ntdsuti
  • open PDF files in browser
  • open PDF files in browser and set file type association icons in SharePoint 2010
  • Organization browser
  • Planning to Upgrade Active Directory Domains
  • Powershell commands
  • Profile Synchronization.
  • ProfileSynchronizationSetupJob
  • Profile Synchronization Status
  • query computers in Active directory
  • Reset the DSRM Administrator Password
  • reset the password for another server
  • Restore-SPSite
  • Restore and backup
  • Restoring a site collection
  • Schema Master of a forest.
  • server 2008 sysVol
  • set dsrm password
  • set or change the database collation
  • Setup SharePoint 2010 User Profile
  • Sharepoint
  • SharePoint 2010 Exam
  • SharePoint Central Administration v4
  • SharePoint has decided to use GUIDs for this Name
  • sharepoint scripts
  • Sharepoint size
  • Sharepoint solutions
  • SharePoint Web Services Root
  • SharePoint Web Services System
  • System Recovery Password
  • System requirements
  • UPGRADING ACTIVE DIRECTORY
  • UPGRADING ACTIVE DIRECTORY TO WINDOWS 2008 R2 ADDS DOMAIN
  • User Profiles
  • User Profile Synchronization service
  • User Profile Synchronization with Active Directory
  • Using SQL Server Management Studio
  • What are the Application Pools that SharePoint 2010 creates
  • What is Global Catalog
  • WINDOWS 2008 R2 ADDS DOMAIN
  • You have a sharepoint 2010 server farm. You have a web application
  • [8d6034c4-a416-e535-281a-6b714894e1aa]
  • [MissingWebPart]
  • [MissingWebPart]WebPart class
  • [MissingWebPart] WebPart class [8d6034c4-a416-e535-281a-6b714894e1aa]
Advertisements
Blog at WordPress.com.
loading Cancel
Post was not sent - check your email addresses!
Email check failed, please try again
Sorry, your blog cannot share posts by email.
Cancel
%d bloggers like this: