Hi,
this post contains command line example for querying the Active Directory using the ds* command family. The ds* commands are part of the Remote Administration Tools (RSAT)
Find a User by its Display Name
1 | dsquery user -Name "Tux*" |
Find a User by sAMAccountname/Login
1 2 | dsquery user -samid myUserSamName"CN=DisplayName myUserSamName,OU=Users,DC=myDomain,DC=net" |
Get group Memberships
1 | dsget user "CN=DisplayName myUserSamName,OU=Users,DC=myDomain,DC=net" -memberof |
Same procedure for groups. Find a group by its Display name
1 | dsquery group -Name "Group Fileshare*" |
Find a Group by its sAMAccountname
1 2 | dsquery group -samid GROUP_FILESHARE_*"CN=DisplayName Groupe,OU=groups,DC=myDomain,DC=net" |
Get groups the group is member of
1 | dsget group "CN=DisplayName Groupe,OU=groups,DC=myDomain,DC=net" -memberof |
Get all members of the group
1 | dsget group "CN=DisplayName Groupe,OU=groups,DC=myDomain,DC=net" -members |
Find a computer
1 2 | dsquery computer -name myComputer"CN=myComputer,OU=Computers,DC=myDomain,DC=net" |
Set join permissions for a computer object
1 2 | SET ADJOIN_GROUP=ComputerJoinersdsacls "CN=myComputer,OU=Computers,DC=myDomain,DC=net" /I:T /G %ADJOIN_GROUP%:CA;"Reset Password"; %ADJOIN_GROUP%:RP;; %ADJOIN_GROUP%:WP;; |
Find an Service Principal Name (with Powershell)
1 2 3 | $oDirSearch = New-Object DirectoryServices.DirectorySearcher$oDirSearch.filter = "(servicePrincipalName=host/myComputer)"$oDirSearch.Findall() | %{New-Object DirectoryServices.DirectoryEntry($_.Path)} | fl * |
Michael