Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
AdFind created by Joe Richards 
. He is great Active Directory MVP and created more Free Tools here .
Here is AdFind Usage and examples.
Query the schema version
AdFind -schema -s base objectVersion
Query wellKnownObjects
AdFind -default -s base wellknownObjects
List deleted objects
AdFind -default -rb "CN=Deleted Objects" -showdel
List conflict objects
AdFind -b -gc -f "(Name=*\0ACNF:*)" -dn
Retrieve all Attributes
AdFind.exe -schema -f “objectClass=attributeSchema” cn lDAPDisplayName -nodn -csv >Attributes.txt
Retrieve all Classes
AdFind.exe -schema -f “objectclass=classSchema” cn lDAPDisplayName -nodn -csv >Classes.txt
Find Domain Functional level (for example Domain=Contoso.com)
AdFind -s Base -b "DC=Contoso,DC=com" msDS-Behavior-Version
List Subnets
AdFind -subnets -f (objectCategory=subnet)
List UPN Suffixes
AdFind -partitions -s base uPNSuffixes
List Password Policy
AdFind -default -s base lockoutduration lockoutthreshold lockoutobservationwindow maxpwdage minpwdage minpwdlength pwdhistorylength pwdproperties
Check Tombstone Lifetime
AdFind -config -f objectclass=ntdsservice tombstoneLifetime
Query AD for all Groups and Users that have adminCount = 1 (adminSDholder)
AdFind -default -f "(&(|(&(objectCategory=person)(objectClass=user))(objectCategory=group))(adminCount=1))" -dn
List all objects in an OU (for example OU=NewYork, Domain=Contoso.com)
AdFind -b "OU=NewYork,DC=Contoso,DC=com" -s one -dn
List all OUs in Domain
AdFind -default -f "objectcategory=organizationalUnit" -dn
Find disabled accounts
AdFind -default -bit -f userAccountControl:AND:=2
OR
AdFind -s subtree -b DC=Contoso,DC=com -f userAccountControl:1.2.840.113556.1.4.803:=2 -dn
List Users with expired password
AdFind -s subtree -b ,DC=Contoso,DC=com -f userAccountControl:1.2.840.113556.1.4.803:=8388608 -dn
List Users Display Name in domain
AdFind -b DC=Contoso,DC=com -f "objectcategory=person" displayName -sl
Find User SID History (for example User=Ed.Price)
AdFind -default -f name=Ed.Price sIDHistory
List Users with Dial-in configuration that have Allow access in OU (for exampleOU=IT, Domain=Contoso.com)
AdFind.exe -b "OU=IT,DC=Contoso,DC=com" -f "(&(objectCategory=person)(objectClass=user)(msNPAllowDialin=TRUE))" distinguishedName sAMAccountName
List Users with Dial-in configuration that have Deny access in OU (for exampleOU=IT, Domain=Contoso.com)
AdFind.exe -b "OU=IT,DC=Contoso,DC=com" -f "(&(objectCategory=person)(objectClass=user)(msNPAllowDialin=FALSE))" distinguishedName sAMAccountName
List Users with Dial-in configuration that have Control access through Remote Access Policy in OU (for exampleOU=IT, Domain=Contoso.com)
AdFind.exe -b "OU=IT,DC=Contoso,DC=com" -f "(&(objectCategory=person)(objectClass=user)(!(msNPAllowDialin=*)))" distinguishedName sAMAccountName
List member of a Group (for example Group=IT_Support)
AdFind -b "CN=IT_Support,CN=Users,DC=Contoso,DC=com" member
Count the number of members of a Group (for example Group=IT_Support)
AdFind -f "sAMAccountName=IT_Support" member -list | AdFind -c
List Nested Group members (for example Group=Support, OU=IT, Domain=Contoso.com)
AdFind -default -bit -f "memberof:1.2.840.113556.1.4.1941:=CN=Support,OU=IT,DC=Contos,DC=com" sAMAccountName -nodn
List all Groups in OU ( for exampleOU=IT, Domain=Contoso.com)
AdFind -b "OU=IT,DC=Contoso,DC=com" -s subtree -f "(objectcategory=group)"
List all Universal Distribution Groups in OU (for exampleOU=IT, Domain=Contoso.com)
AdFind –gc -b "OU=IT,DC=Contoso,DC=com" -s subtree -bit -f "(&(objectcategory=group)(sAMAccountType=268435457)(grouptype:OR:=8))" 1.1
List all Universal Security Groups in OU (for exampleOU=IT, Domain=Contoso.com)
AdFind –gc -b "OU=IT,DC=Contoso,DC=com" -s subtree -bit -f "(&(objectcategory=group)(grouptype:AND:=-2147483640))" 1.1
List all Universal Groups (Distribution & Security) in OU (for exampleOU=IT, Domain=Contoso.com)
AdFind -gc -b "OU=IT,DC=Contoso,DC=com" -s subtree -bit -f "(&(objectcategory=group)(grouptype:OR:=8))" 1.1
List all Global Groups (Distribution & Security) in OU (for exampleOU=IT, Domain=Contoso.com)
AdFind -b "OU=IT,DC=Contoso,DC=com" -s subtree -bit -f "(&(objectcategory=group)(grouptype:OR:=2))" 1.1
List all Global Security Groups in OU (for exampleOU=IT, Domain=Contoso.com)
AdFind -b "OU=IT,DC=Contoso,DC=com" -s subtree -bit -f "(&(objectcategory=group)(grouptype:AND:=-2147483646))" 1.1
List all Global Distribution Groups in OU (for exampleOU=IT, Domain=Contoso.com)
AdFind -b "OU=IT,DC=Contoso,DC=com" -s subtree -bit -f "(&(objectcategory=group)(sAMAccountType=268435457)(grouptype:OR:=2))" 1.1
List all Domain Local Groups (Distribution & Security) in OU (for exampleOU=IT, Domain=Contoso.com)
AdFind -b "OU=IT,DC=Contoso,DC=com" -s subtree -bit -f "(&(objectcategory=group)(grouptype:OR:=4))" 1.1
List all Domain Local Security Groups in OU (for exampleOU=IT, Domain=Contoso.com)
AdFind -b "OU=IT,DC=Contoso,DC=com" -s subtree -f "(&(objectcategory=group)(sAMAccountType=536870912))" 1.1
List all Domain Local Distribution Groups in OU (for exampleOU=IT, Domain=Contoso.com)
AdFind -b "OU=IT,DC=Contoso,DC=com" -s subtree -f "(&(objectcategory=group)(sAMAccountType=536870913))" 1.1
Find all Computer objects in domain and displays cn & createTimeStamp
AdFind -b dc=Contoso,dc=com -f "objectcategory=computer" cn createTimeStamp