AdFind command examples

  • Article

AdFind created by Joe Richards . He is great Active Directory MVP and created more Free Tools here .

Here is AdFind Usage and examples.

Query the schema version

AdFind -schema -s base objectVersion

Query wellKnownObjects

AdFind -default -s base wellknownObjects

List deleted objects

AdFind -default -rb "CN=Deleted Objects" -showdel

List conflict objects

AdFind -b -gc -f "(Name=*\0ACNF:*)" -dn

Retrieve all Attributes

AdFind.exe -schema -f “objectClass=attributeSchema” cn lDAPDisplayName -nodn -csv >Attributes.txt

Retrieve all Classes

AdFind.exe -schema -f “objectclass=classSchema” cn lDAPDisplayName -nodn -csv >Classes.txt

Find Domain Functional level (for example Domain=Contoso.com)

AdFind -s Base -b "DC=Contoso,DC=com" msDS-Behavior-Version

List Subnets

AdFind -subnets -f (objectCategory=subnet)

List UPN Suffixes

AdFind -partitions -s base uPNSuffixes

List Password Policy

AdFind -default -s base lockoutduration lockoutthreshold lockoutobservationwindow maxpwdage minpwdage minpwdlength pwdhistorylength pwdproperties

Check Tombstone Lifetime

AdFind -config -f objectclass=ntdsservice tombstoneLifetime

Query AD for all Groups and Users that have adminCount = 1 (adminSDholder)

AdFind -default -f "(&(|(&(objectCategory=person)(objectClass=user))(objectCategory=group))(adminCount=1))" -dn

List all objects in an OU (for example OU=NewYork, Domain=Contoso.com)

AdFind -b "OU=NewYork,DC=Contoso,DC=com" -s one -dn

List all OUs in Domain

AdFind -default -f "objectcategory=organizationalUnit" -dn

Find disabled accounts

AdFind -default -bit -f userAccountControl:AND:=2

OR

AdFind -s subtree -b DC=Contoso,DC=com -f userAccountControl:1.2.840.113556.1.4.803:=2 -dn

List Users with expired password

AdFind -s subtree -b ,DC=Contoso,DC=com -f userAccountControl:1.2.840.113556.1.4.803:=8388608 -dn

List Users Display Name in domain

AdFind -b DC=Contoso,DC=com -f "objectcategory=person" displayName -sl

Find User SID History (for example User=Ed.Price)

AdFind -default -f name=Ed.Price sIDHistory

List Users with Dial-in configuration that have Allow access in OU (for exampleOU=IT, Domain=Contoso.com)

AdFind.exe -b "OU=IT,DC=Contoso,DC=com" -f "(&(objectCategory=person)(objectClass=user)(msNPAllowDialin=TRUE))" distinguishedName sAMAccountName

List Users with Dial-in configuration that have Deny access in OU (for exampleOU=IT, Domain=Contoso.com)

AdFind.exe -b "OU=IT,DC=Contoso,DC=com" -f "(&(objectCategory=person)(objectClass=user)(msNPAllowDialin=FALSE))" distinguishedName sAMAccountName

List Users with Dial-in configuration that have Control access through Remote Access Policy in OU (for exampleOU=IT, Domain=Contoso.com)

AdFind.exe -b "OU=IT,DC=Contoso,DC=com" -f "(&(objectCategory=person)(objectClass=user)(!(msNPAllowDialin=*)))" distinguishedName sAMAccountName

List member of a Group (for example Group=IT_Support)

AdFind -b "CN=IT_Support,CN=Users,DC=Contoso,DC=com" member

Count the number of members of a Group (for example Group=IT_Support)

AdFind -f "sAMAccountName=IT_Support" member -list | AdFind -c

List Nested Group members (for example Group=Support, OU=IT, Domain=Contoso.com)

AdFind -default -bit -f "memberof:1.2.840.113556.1.4.1941:=CN=Support,OU=IT,DC=Contos,DC=com" sAMAccountName -nodn

List all Groups in OU ( for exampleOU=IT, Domain=Contoso.com)

AdFind -b "OU=IT,DC=Contoso,DC=com" -s subtree -f "(objectcategory=group)"

List all Universal Distribution Groups in OU (for exampleOU=IT, Domain=Contoso.com)

AdFind –gc -b "OU=IT,DC=Contoso,DC=com" -s subtree -bit -f "(&(objectcategory=group)(sAMAccountType=268435457)(grouptype:OR:=8))" 1.1

List all Universal Security Groups in OU (for exampleOU=IT, Domain=Contoso.com)

AdFind –gc -b "OU=IT,DC=Contoso,DC=com" -s subtree -bit -f "(&(objectcategory=group)(grouptype:AND:=-2147483640))" 1.1

List all Universal Groups (Distribution & Security) in OU (for exampleOU=IT, Domain=Contoso.com)

AdFind -gc -b "OU=IT,DC=Contoso,DC=com" -s subtree -bit -f "(&(objectcategory=group)(grouptype:OR:=8))" 1.1

List all Global Groups (Distribution & Security) in OU (for exampleOU=IT, Domain=Contoso.com)

AdFind -b "OU=IT,DC=Contoso,DC=com" -s subtree -bit -f "(&(objectcategory=group)(grouptype:OR:=2))" 1.1

List all Global Security Groups in OU (for exampleOU=IT, Domain=Contoso.com)

AdFind -b "OU=IT,DC=Contoso,DC=com" -s subtree -bit -f "(&(objectcategory=group)(grouptype:AND:=-2147483646))" 1.1

List all Global Distribution Groups in OU (for exampleOU=IT, Domain=Contoso.com)

AdFind -b "OU=IT,DC=Contoso,DC=com" -s subtree -bit -f "(&(objectcategory=group)(sAMAccountType=268435457)(grouptype:OR:=2))" 1.1

List all Domain Local Groups (Distribution & Security) in OU (for exampleOU=IT, Domain=Contoso.com)

AdFind -b "OU=IT,DC=Contoso,DC=com" -s subtree -bit -f "(&(objectcategory=group)(grouptype:OR:=4))" 1.1

List all Domain Local Security Groups in OU (for exampleOU=IT, Domain=Contoso.com)

AdFind -b "OU=IT,DC=Contoso,DC=com" -s subtree -f "(&(objectcategory=group)(sAMAccountType=536870912))" 1.1

List all Domain Local Distribution Groups in OU (for exampleOU=IT, Domain=Contoso.com)

AdFind -b "OU=IT,DC=Contoso,DC=com" -s subtree -f "(&(objectcategory=group)(sAMAccountType=536870913))" 1.1

Find all Computer objects in domain and displays cn & createTimeStamp

AdFind -b dc=Contoso,dc=com -f "objectcategory=computer" cn createTimeStamp