Search for users in active directory.
Syntax
DSQuery User [{StartNode | forestroot | domainroot}]
[-o {dn | rdn | samid}] [-scope {subtree | onelevel | base}]
[-name Name] [-desc Description] [-upn UPN] [-samid Filter]
[-inactive NumberOfWeeks] [-stalepwd NumberOfDays] [-disabled]
[{-s Server | -d Domain}] [-u UserName] [-p {Password | *}]
[-q] [-r] [-gc] [-limit NumberOfObjects] [{-uc | -uco | -uci}]
Key
StartNode | forestroot | domainroot The node in the console tree where the search starts.
forestroot = search using the global catalog.
-o The format used to display the search results.
dn = distinguished name.
rdn = relative distinguished name.
samid = Security Accounts Manager (SAM) account name.
-scope The scope of the search:
subtree = subtree that is rooted at the start node in the console tree.
onelevel = immediate children of the start node only.
base = single object that the start node represents.
If forestroot is the StartNode, then subtree is the only valid scope.
-name Search for user(s) whose name attribute(CN) matches Name.
For example, "br*"
-desc Search for user(s) whose description matches. For example, "contractor*"
-upn Users whose UPN attribute matches UPN
-samid User(s) whose SAM account name matches SAMName
-inactive Users who have been inactive for n number of weeks
-stalepwd Users who have not changed their passwords for n days
-disabled Users with disabled accounts
-s Server to connect to (Default=the domain controller in the logon domain.)
-d Domain to connect to.
-u Username with which the user logs on to a remote server.
-p Password (UserName or Domain\UserName or Username@domain.com)
-q Quiet, suppress all output
-r Recursive search (follow referrals)
-gc Use the AD global catalog during the search.
-limit The maximum number of objects to return, default=100.
-uc Unicode format
-uco Unicode format for output only
-uci Unicode format for input only
Examples
Find all users on the current domain with a name that starts with 'Admin'
C:\> dsquery user -name Admin*
Echo all inactive accounts (more than 4 weeks inactive)
C:\> dsquery user -inactive 4
Disable all inactive accounts (more than 4 weeks inactive)
C:\> dsquery user -inactive 4 | dsmod user -disabled yes
Find the distinguished names of all users in the LaptopUsers OU:
C:\> dsquery user ou=LaptopUsers,ou=AcmeCo,dc=ss64,dc=com
“If he is a man of honor in one thing, he is that in all things” ~ Raymond Chandler
Related:
DSQuery Group -Search for groups.
DSAdd - Add object.
DSMod - Modify object.
DSGet - Display object.
DSMove - Move object.
DSQuery - Search for objects.
DSRM - Delete object.
PowerShell: Get-adUser - Get one or more AD users.