7. user
The user object
locates all users in Active Directory that match the specified search
criteria. In some cases, this object fails to find the group because you
haven't specified the group criteria correctly. Use the asterisk (*)
object when group searches fail to locate the groups you want to find.
This object uses the following syntax:
dsquery user [{StartNode | forestroot | domainroot}]
[-o {dn | rdn | upn | samid}] [-scope {subtree | onelevel | base}]
[-name Name] [-desc Description] [-upn UPN] [-samid SAMName]
[-inactive NumberOfWeeks] [-stalepwd NumberOfDays] [-disabled]
[{-s Server | -d Domain}] [-u UserName] [-p {Password | *}] [-q]
[-r] [-gc] [-limit NumberOfObjects] [{-uc | -uco | -uci}]
The following list describes each of the command line arguments.
-upn
UPN
Searches for users with the specified UPN.
-samid
SAMName
Searches for users that have the specified SAM account name.
-inactive
NumberOfWeeks
Searches for users
that have been inactive for the specified number of weeks. In this
case, the system measures activity by logons to the domain.
Consequently, even if someone uses a computer daily, the system
considers the user inactive until they log into the domain.
-stalepwd
NumberOfDays
Searches for users that have not changed their password for the specified number of days.
-disabled
Searches for users that have disabled accounts. The reason the system disabled the account isn't important.
8. quota
The quota object
locates quota specifications that match the specified search criteria.
The quota specification determines the maximum number of directory
objects a given security principal can own in a particular directory
partition. Note that this object doesn't support the samid option for the -o
command line switch. Use spaces to separate multiple distinguished
names in an argument. In addition, you can't specify a scope or name.
This object uses the following syntax:
dsquery quota {domainroot | ObjectDN} [-o {dn | rdn}] [-acct Name]
[-qlimit Filter] [-desc Description] [{-s Server | -d Domain}]
[-u UserName] [-p {Password | *}] [-q] [-r] [-gc]
[-limit NumberOfObjects] [{-uc | -uco | -uci}]
The following list describes each of the command line arguments.
-acct
Name
Forces the
utility to locate quota specifications assigned to the specified
security principal (user, group, computer, or InetOrgPerson). You may
use a distinguished name as input for this command line argument. The
command line argument also accepts the security principal information in
the form Domain\SAMAccountName.
-qlimit
Filter
Defines the
search in terms of a quota specification. This command line argument
tends to filter the output and reduce the number of responses you must
search to locate a particular entry. The utility reads any filter you
provide with this argument as a string. Always use quotes around the
argument. Any range values you provide must also appear within the
quotes, such as -qlimit "=99". Use a value of "−1" to locate quotas without any limit.
9. partition
The partition
object locates partitions within Active Directory that match the
specified search criteria. The search features of this object are
somewhat limited. You don't have access to the starting node, the samid option for the -o command line switch, the scope, the object name, or object description. This object uses the following syntax:
dsquery partition [-o {dn | rdn}] [-part Filter]
[{-s Server | -d Domain}][-u UserName] [-p {Password | *}] [-q] [-r]
[-gc] [-limit NumberOfObjects] [{-uc | -uco | -uci}]
The following describes the command line argument.
-part
Filter
Defines a filter for partition objects by specifying a common name (CN).
10. * (All Objects)
The * object differs from all of the other objects discussed in this section. First, you can use the *
object to search for any other object in Active Directory. Second, this
object relies on the LDAP to locate items in Active Directory, rather
than using the more direct approach the other objects provide. Some of
the arguments are still the same as for other objects. For example, you
can still choose a starting point for a search. This object uses the
following syntax:
dsquery * [{ObjectDN | forestroot | domainroot}]
[-scope {subtree | onelevel | base}] [-filter LDAPFilter]
[-attr {AttributeList | *}] [-attrsonly] [-l]
[{-s Server | -d Domain}] [-u UserName] [-p {Password | *}] [-q]
[-r] [-gc] [-limit NumberOfObjects] [{-uc | -uco | -uci}]
The following list describes each of the command line arguments.
-filter
LDAPFilter
Defines a search
filter that relies on LDAP. The utility searches for the specified
object using the LDAP filter in place of directly accessible values,
such as an object name. The default filter of (objectClass=*) returns all Active Directory objects. An LDAP filter consists of object name and value pairs. For example, a filter value of (&(objectCategory=Person) (sn=smith*)) locates a person with any form of the name of smith.
-attr
{AttributeList
| *}
Defines the
attributes that should appear as part of the result set. For example,
you might want to know the first and last names of persons that you
locate in Active Directory, but not their addresses. Separate each
attribute name in the list using a semicolon. Make sure you surround the
attribute list with quotes. If you specify an asterisk (*), the utility
returns all attributes for the requested object. The utility
automatically outputs the data in a list format when you use this
option, even if you don't specify the -l command line switch. The default attribute list value is the distinguished name of the selected object.
-attrsonly
Outputs only
the attribute types present for the objects in the result set. The
utility doesn't output any of the object values. The default setting
displays both the attribute type and the associated value.
-l
Displays the output in a list format. The default setting displays the output in a tabular format.
