Dsquery user
Applies To: Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows 8
Finds users in the directory who match the search criteria that you specify. If the predefined search criteria in this command are insufficient, use the more general version of the query command, dsquery *.
Dsquery is a command-line tool that is built into Windows Server 2008. It is available if you have the Active Directory Domain Services (AD DS) server role installed. To use dsquery, you must run the dsquery command from an elevated command prompt. To open an elevated command prompt, click Start, right-click Command Prompt, and then click Run as administrator.
For examples of how to use this command, see Examples.
Syntax
dsquery user [{<StartNode> | forestroot | domainroot}] [-o {dn | rdn | upn | samid}] [-scope {subtree | onelevel | base}] [-name <Name>] [-desc <Description>] [-upn <UPN>] [-samid <SAMName>] [-inactive <NumberOfWeeks>] [-stalepwd <NumberOfDays>] [-disabled] [{-s <Server> | -d <Domain>}] [-u <UserName>] [-p {<Password> | *}] [-q] [-r] [-gc] [-limit <NumberOfObjects>] [{-uc | -uco | -uci}]
Parameters
Parameter |
Description |
---|---|
{<StartNode> | forestroot | domainroot} |
Specifies the node in the console tree where the search starts. You can specify the forest root (forestroot), domain root (domainroot), or distinguished name of a node as the start node (<StartNode>). If you specify forestroot, dsquery searches by using the global catalog. The default value is domainroot. |
[-o {dn | rdn | upn | samid} |
Specifies the format in which the list of entries found by the search will be displayed. A dn value displays the distinguished name of each entry. An rdn value displays the relative distinguished name of each entry. A upn value displays the user principal name of each entry. A samid value displays the SAM account name of each entry. By default, the dn format is used. |
-scope {subtree | onelevel | base} |
Specifies the scope of the search. A subtree value specifies a subtree that is rooted at the start node in the console tree. A onelevel value specifies the immediate children of the start node only. A base value specifies the single object that the start node represents. If you specify forestroot as the start node (<StartNode>), subtree is the only valid scope. The default value is subtree. |
-name <Name> |
Searches for users whose name attributes match<Name>. For example, "jon*", "*ith", or "j*th". |
-desc <Description> |
Searches for users whose description attributes match <Description>. For example, "jon*", "*ith", or "j*th". |
-upn <UPN> |
Searches for users whose UPN attribute matches <UPN>. |
-samid <SAMName> |
Searches for users whose SAM account name matches <SAMName>. |
-inactive <NumberOfWeeks> |
Searches for users who have been inactive (stale) for at least the number of weeks that you specify. |
-stalepwd <NumberOfDays> |
Searches for users who have not changed their passwords for at least the number of days that you specify. |
-disabled |
Searches for users who have disabled accounts. |
{-s <Server> | -d <Domain>} |
Connects a computer to a remote server or domain that you specify. By default, dsquery connects the computer to the domain controller in the logon domain. |
-u <UserName> |
Specifies the user name with which the user logs on to a remote server. By default, -u uses the user name with which the user logged on. You can use any of the following formats to specify a user name:
|
-p {<Password> | *} |
Specifies to use either a password or an asterisk (*) to log on to a remote server. If you type *, dsquery prompts you for a password. |
-q |
Suppresses all output to standard output (quiet mode). |
-r |
Specifies that the search use recursion or follow referrals. By default, the search does not follow referrals during search. |
-gc |
Specifies that the search use the Active Directory global catalog. |
-limit <NumberOfObjects> |
Specifies the number of objects to return that matches the criteria that you specify. If you specify a value of 0 for <NumberOfObjects>, this parameter returns all matching objects. If you do not specify this parameter, dsquery displays the first 100 results by default. |
{-uc | -uco | -uci} |
Specifies that dsquery formats output or input data in Unicode. The following list explains each format.
|
/? |
Displays help at the command prompt. |
Remarks
The results from a dsquery search can be piped as input to one of the other directory service command-line tools, such as Dsget, Dsmod, Dsmove, or Dsrm.
If a value that you supply contains spaces, use quotation marks around the text, for example, "CN=Mike Danseglio,CN=Users,DC=Contoso,DC=Com".
If you supply multiple values for a parameter, use spaces to separate the values, for example, a list of distinguished names.
Examples
To display the UPNs of all users in an organizational unit (OU) that you specify whose names start with "Jon" and whose accounts are disabled for logon, type:
dsquery user OU=Test,DC=Contoso,DC=Com -o upn -name jon* -disabled
To display the distinguished names of all users in the current domain only whose names end with "Smith" and who have been inactive for three weeks or more, type:
dsquery user domainroot -name *smith -inactive 3
To display the UPNs of all users in the OU that you specify in OU=Sales,DC=Contoso,DC=Com, type:
dsquery user OU=Sales,DC=Contoso,DC=Com -o upn