Dsquery *
Applies To: Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows 8
Finds any objects in the directory according to criteria using a Lightweight Directory Access Protocol (LDAP) query.
Dsquery is a command-line tool that is built into Windows Server 2008. It is available if you have the Active Directory Domain Services (AD DS) server role installed. To use dsquery, you must run the dsquery command from an elevated command prompt. To open an elevated command prompt, click Start, right-click Command Prompt, and then click Run as administrator.
For examples of how to use this command, see Examples.
Syntax
dsquery * [{<StartNode> | forestroot | domainroot}] [-scope {subtree | onelevel | base}] [-filter <LDAPFilter>] [-attr {<AttributeList> | *}] [-attrsonly] [-l][{-s <Server> | -d <Domain>}] [-u <UserName>] [-p {<Password> | *}] [-q] [-r] [-gc] [-limit <NumberOfObjects>] [{-uc | -uco | -uci}]
Parameters
Parameter |
Definition |
---|---|
{<StartNode> | forestroot | domainroot} |
Specifies the node in the console tree where the search starts. You can specify the forest root (forestroot), domain root (domainroot), or distinguished name of a node as the start node <StartNode>. If you specify forestroot, AD DS searches by using the global catalog. The default value is domainroot. |
-scope {subtree | onelevel | base} |
Specifies the scope of the search. A subtree value specifies that the scope is a subtree that is rooted at the start node. A onelevel value specifies the immediate children of the start node only. A base value specifies the single object that the start node represents. If you specify forestroot as the start node <StartNode>, subtree is the only valid scope. The default value is subtree. |
-filter <LDAPFilter> |
Specifies to use an explicit search filter, <LDAPFilter>, in the LDAP search filter format. For example, a valid search filter is (&(objectCategory=Person)(sn=smith*)). The default value for <LDAPFilter> is (objectClass=*). |
-attr {<AttributeList> | *} |
Specifies that the semicolon separated LDAP display names included in <AttributeList> for each entry in the result set. If you specify the value of this parameter as a wildcard character (*), this parameter displays all attributes that are present on the object in the result set. In addition, if you specify a *, this parameter uses the default output format (a list), regardless of whether you specify the -l parameter. The default <AttributeList> is a distinguished name. |
-attrsonly |
Specifies to display only the attribute types that are present on the entries in the result set, not their values. The default is to display both the attribute type and the value. |
-l |
Displays entries in a list. By default, dsquery displays entries in a table. |
{-s <Server> | -d <Domain>} |
Connects a computer to a remote server or domain that you specify. By default, dsquery connects the computer to the domain controller in the logon domain. |
-u <UserName> |
Specifies the user name with which user will log on to the remote server. By default, -u uses the user name with which the user logged on. You can use any of the following formats to specify a user name:
|
-p {<Password> | *} |
Specifies to use either a password or an asterisk (*) to log on to a remote server. If you type *, dsquery prompts you for a password. |
-q |
Suppresses all output to standard output (quiet mode). |
-r |
Specifies that the search use recursion or follow referrals. By default, the search does not follow referrals during search. |
-gc |
Specifies that the search use the Active Directory global catalog. |
-limit <NumberOfObjects> |
Specifies the number of objects to return that matches the criteria that you specify. If you specify a value of 0 for <NumberOfObjects>, this parameter returns all matching objects. If you do not specify this parameter, dsquery displays the first 100 results by default. |
{-uc | -uco | -uci} |
Specifies that dsquery formats output or input data in Unicode. The following list explains each format.
|
/? |
Displays help at the command prompt. |
Remarks
The results from a dsquery search can be piped as input to one of the other directory service command-line tools, such as Dsget, Dsmod, Dsmove, or Dsrm.
If a value that you supply contains spaces, use quotation marks around the text, for example, "CN=Mike Danseglio,CN=Users,DC=Contoso,DC=Com".
If you supply multiple values for a parameter, use spaces to separate the values, for example, a list of distinguished names.
Examples
To display, in table format, the Security Accounts Manager (SAM) account names, user principal names, and departments of all users in the current domain whose SAM account names begin with "Jon", type:
dsquery * domainroot -filter "((objectCategory=Person)(objectClass=User)(sAMAccountName=Jon*)) -attr sAMAccountName userPrincipalName department
To read the SAM account names, user principal names (UPNs), and department attributes of the object whose distinguished name is OU=Test,DC=Contoso,DC=Com, type:
dsquery * OU=Test,DC=Contoso,DC=Com -scope base -attr sAMAccountName userPrincipalName department
To read all attributes of the object whose distinguished name is OU=Test,DC=Contoso,DC=Com, type:
dsquery * OU=Test,DC=Contoso,DC=Com -scope base -attr *