I was able to use dsquery on my 2008 server. I haven't had a chance to see if runs on Server 2003. This is how it can be used to help you.
Open a command prompt (Start->Run->cmd).
If you type "dsquery" (Link) you will get what is below: (I modified it a little bit and added Links)
Description: This tool's commands suite allow you to query the directory
according to specified criteria. Each of the following dsquery commands finds
objects of a specific object type, with the exception of dsquery *, which can
query for any type of object:
- Type "dsquery computer" -
- finds computers in the directory.
- More Info: Link
- Type "dsquery contact" -
- finds contacts in the directory.
- More Info: Link
- Type "dsquery subnet" -
- finds subnets in the directory.
- More Info: Link
- Type "dsquery group" -
- finds groups in the directory.
- More Info: Link
- Type "dsquery ou" -
- finds organizational units in the directory.
- More Info: Link
- Type "dsquery site" -
- finds sites in the directory.
- More Info: Link
- Type "dsquery server" -
- finds AD DCs/LDS instances in the directory.
- More Info: Link
- Type "dsquery user" -
- finds users in the directory.
- More Info: Link
- Type "dsquery quota" -
- finds quota specifications in the directory.
- More Info: Link
- Type "dsquery partition" -
- finds partitions in the directory.
- More Info: Link
- Type "dsquery *" -
- finds any object in the directory by using a generic LDAP query.
- More Info: Link
For help on a specific command, type "dsquery <ObjectType> /?" where
<ObjectType> is one of the supported object types shown above.
For example, dsquery ou /?.
Remarks:
The dsquery commands help you find objects in the directory that match
a specified search criterion: the input to dsquery is a search criterion
and the output is a list of objects matching the search. To get the
properties of a specific object, use the dsget commands (dsget /?).
The results from a dsquery command can be piped as input to one of the other
directory service command-line tools, such as dsmod, dsget, dsrm or dsmove.
Commas that are not used as separators in distinguished names must be
escaped with the backslash ("\") character
(for example, "CN=Company\, Inc.,CN=Users,DC=microsoft,DC=com").
Backslashes used in distinguished names must be escaped with a backslash
(for example,
"CN=Sales\\ Latin America,OU=Distribution Lists,DC=microsoft,DC=com").
Examples:
To find all computers that have been inactive for the last four weeks and
remove them from the directory:
dsquery computer -inactive 4 | dsrm
To find all users in the organizational unit
"ou=Marketing,dc=microsoft,dc=com" and add them to the Marketing Staff group:
dsquery user ou=Marketing,dc=microsoft,dc=com | dsmod group
"cn=Marketing Staff,ou=Marketing,dc=microsoft,dc=com" -addmbr
To find all users with names starting with "John" and display his office
number:
dsquery user -name John* | dsget user -office
To display an arbitrary set of attributes of any given object in the
directory use the dsquery * command. For example, to display the
sAMAccountName, userPrincipalName and department attributes of the object
whose DN is ou=Test,dc=microsoft,dc=com:
dsquery * ou=Test,dc=microsoft,dc=com -scope base
-attr sAMAccountName userPrincipalName department
To read all attributes of the object whose DN is ou=Test,dc=microsoft,dc=com:
dsquery * ou=Test,dc=microsoft,dc=com -scope base -attr *
Directory Service command-line tools help:
dsadd /? - help for adding objects.
dsget /? - help for displaying objects.
dsmod /? - help for modifying objects.
dsmove /? - help for moving objects.
dsquery /? - help for finding objects matching search criteria.
dsrm /? - help for deleting objects.
------
Hopefully this helped you like it helped me!
UPDATED: Need to add the full config because we missed 2 things, but here is a page I wanted to link to because it talks about how to deny users by using LDAP.
Link
The dsquery tool is built-in to Windows Server 2003 by default. If you are using Windows XP, Vista or Windows 7 then you will need to install the Server 2003 Admin Pack.
ReplyDeleteTech Notes: Finding Your Base Dn In Active Directory >>>>> Download Now
Delete>>>>> Download Full
Tech Notes: Finding Your Base Dn In Active Directory >>>>> Download LINK
>>>>> Download Now
Tech Notes: Finding Your Base Dn In Active Directory >>>>> Download Full
>>>>> Download LINK vm
Good post!
ReplyDeleteThanks,
Http://geektechblog.blogspot.com
Thanks
ReplyDeleteJust right click group name and check properties, no command tool required.
ReplyDelete