Technology → Dsquery 命令详解
十一月 27th, 2009 by admin
精选文章,转载请注明: 转载自太子King’S Blog
本文链接地址: Dsquery 命令详解
| Dsquery computer | Finds computers in the directory that match search criteria that you specify. |
| Dsquery contact | Finds contacts in the directory that match search criteria that you specify. |
| Dsquery group | Finds groups in the directory that match search criteria that you specify. If the predefined search criteria in this command are insufficient, use the general version of the query command, dsquery *. |
| Dsquery ou | Finds organizational units (OUs) in the directory that match search criteria that you specify. If the predefined search criteria in this command are insufficient, use the more general version of the query command, dsquery *. |
| Dsquery site | Finds sites in the directory that match search criteria that you specify. If the predefined search criteria in this command are insufficient, use the more general version of the query command, dsquery *. |
| Dsquery server | Finds domain controllers according to specified search criteria. If the predefined search criteria in this command are insufficient, use the more general version of the query command, dsquery *. |
| Dsquery user | Finds users in the directory that match search criteria that you specify. If the predefined search criteria in this command are insufficient, use the more general version of the query command, dsquery *. |
| Dsquery quota | Finds quota specifications in the directory that match search criteria that you specify. A quota specification determines the maximum number of directory objects a specified security principal can own in a given directory partition. If the predefined search criteria in this command are insufficient, use the more general version of the query command, dsquery *. |
| Dsquery partition | Finds partition objects in the directory that match search criteria that you specify. If the predefined search criteria in this command are insufficient, use the more general version of the query command, dsquery *. |
| Dsquery | Finds any objects in the directory according to criteria using an LDAP query. |
Dsquery Computer:
dsquery computer [{<StartNode> | forestroot | domainroot}] [-o {dn | rdn | samid}] [-scope {subtree | onelevel | base}] [-name <Name>] [-desc <Description>] [-samid <SAMName>] [-inactive <NumberOfWeeks>] [-stalepwd <NumberOfDays>] [-disabled] [{-s <Server> | -d <Domain>}] [-u <UserName>] [-p {<Password> | *}] [-q] [-r] [-gc] [-limit <NumberOfObjects>] [{-uc | -uco | -uci}]
EXP:
dsquery computer domainroot -name ms* -desc desktop*
dsquery computer OU=Sales,DC=Contoso,DC=Com
Dsquery contact:
dsquery contact [{<StartNode> | forestroot | domainroot}] [-o {dn | rdn}] [-scope {subtree | onelevel | base}] [-name <Name>] [-desc <Description>] [{-s <Server> | -d <Domain>}] [-u <UserName>] [-p {<Password> | *}] [-q] [-r] [-gc] [-limit <NumberOfObjects>] [{-uc | -uco | -uci}]
EXP:dsquery contact domainroot -name te* dsquery contact OU=Sales,DC=Contoso,DC=Com
Dsquery group:
dsquery group [{<StartNode> | forestroot | domainroot}] [-o {dn | rdn | samid}] [-scope {subtree | onelevel | base}] [-name <Filter>] [-desc <Filter>] [-samid <Filter>] [{-s <Server> | -d <Domain>}] [-u <UserName>] [-p {<Password> | *}] [-q] [-r] [-gc] [-limit <NumberOfObjects>] [{-uc | -uco | -uci}]
dsquery group domainroot -name ms* -desc admin* dsquery group DC=Contoso,DC=Com
Dsquery ou:
dsquery ou [{<StartNode> | forestroot | domainroot}] [-o {dn | rdn}][-scope {subtree | onelevel | base}][-name <Name] [-desc <Description>] [{-s <Server> | -d <Domain>}] [-u <UserName>] [-p {<Password> | *}] [-q] [-r] [-gc] [-limit <NumberOfObjects>] [{-uc | -uco | -uci}]
dsquery ou domainroot -name ms* -desc sales* dsquery ou DC=Contoso,DC=Com
Dsquery site:
dsquery site [-o {dn | rdn}] [-name <Name>] [-desc <Description>] [{-s <Server> | -d <Domain>}] [-u <UserName>] [-p {<Password> | *}] [-q] [-r] [-gc] [-limit <NumberOfObjects>] [{-uc | -uco | -uci}]
dsquery site -name north* dsquery site -o rdn
Dsquery server:dsquery server [-o {dn | rdn}] [-forest] [-domain <DomainName>] [-site <SiteName>] [-name <Name>] [-desc <Description>] [-hasfsmo {schema | name | infr | pdc | rid}] [-isgc] [{-s <Server> | -d <Domain>}] [-u <UserName>] [-p {<Password> | *}] [-q] [-r] [-gc] [-limit <NumberOfObjects>] [{-uc | -uco | -uci}]
dsquery server dsquery server -o rdn -forest dsquery server -o rdn -site United States dsquery server –forest –hasfsmo schema dsquery server –domain widgets.contoso.com -isgc
Dsquery user:dsquery user [{<StartNode> | forestroot | domainroot}] [-o {dn | rdn | upn | samid}] [-scope {subtree | onelevel | base}] [-name <Name>] [-desc <Description>] [-upn <UPN>] [-samid <SAMName>] [-inactive <NumberOfWeeks>] [-stalepwd <NumberOfDays>] [-disabled] [{-s <Server> | -d <Domain>}] [-u <UserName>] [-p {<Password> | *}] [-q] [-r] [-gc] [-limit <NumberOfObjects>] [{-uc | -uco | -uci}]
dsquery user OU=Test,DC=Contoso,DC=Com -o upn -name jon* -disabled dsquery user domainroot -name *smith -inactive 3 dsquery user OU=Sales,DC=Contoso,DC=Com -o upn
Dsquery quota:dsquery quota {domainroot | <ObjectDN>} [-o {dn | rdn}] [-acct <Name>] [-qlimit <Filter>] [-desc <Description>] [{-s <Server> | -d <Domain>}] [-u <UserName>] [-p {<Password> | *}] [-q] [-r] [-gc] [-limit <NumberOfObjects>] [{-uc | -uco | -uci}]
dsquery quota domainrootdsquery user -name jon* | dsquery quota domainroot -acct
Dsquery partition:dsquery partition [-o {dn | rdn}] [-part <Filter>] [{-s <Server> | -d <Domain>}][-u <UserName>] [-p {<Password> | *}] [-q] [-r] [-gc] [-limit <NumberOfObjects>] [{-uc | -uco |
-uci}]
dsquery partitiondsquery -part SQL*
Dsquery *:dsquery * [{<StartNode> | forestroot | domainroot}] [-scope {subtree | onelevel | base}] [-filter <LDAPFilter>] [-attr {<AttributeList> | *}] [-attrsonly] [-l][{-s <Server> | -d <Domain>}] [-u <UserName>] [-p {<Password> | *}] [-q] [-r] [-gc] [-limit <NumberOfObjects>] [{-uc | -uco | -uci}]
dsquery * domainroot -filter "((objectCategory=Person)(objectClass=User)(sAMAccountName=Jon*)) -attr sAMAccountName userPrincipalName departmentdsquery * OU=Test,DC=Contoso,DC=Com -scope base -attr sAMAccountName userPrincipalName department dsquery * OU=Test,DC=Contoso,DC=Com -scope base -attr *
dsquery :
参数:computerdsquery computer -inactive 4 |dsrm删除四周内不活动的pc. inactive默认的参数为周dsquery computer -stalepwd 10查询出10天以上没有修改 密码的PC。默认的是天-------可以用命令dsquery user -inactive 12 -limit 0查询出ad中12周处于非活动状态的用户列表。可以用dsquery user -inactive 12 -limit 0 | dsrm清楚他们。建议先仔细查看非活动用户列表,确认没有特殊用户因为特殊原因没有处于活动状态后使用。此工具在Windows Server 2003 Support Tools package (Adminpak.msi)中可以找到
计算机账号可以用oldcmp来查询和disable
3、OldCmp = 使用OldCmp命令可以搜索、禁用或删除非活动计算机帐号。一个计算机对象的pwdLastSet属性存储着该计算机密码的老化日期,然后,pwdLastSet属性是一个大整数类型值,需要特别的计算才能得到正确的值。
OldCmp默认认为密码存在超过90天,就认为该计算机处于非活动状态,可以使用-age选项指定老化日期。 当使用OldCmp来执行一个搜索的时候,必须指定以下三种可能选项中的至少一种: q -report,生成一张列有非活动计算机帐号的HTML报告列表; q -delete,删除非活动计算机帐号; q -disable,禁用非活动帐号。 OldCmp生成的HTML文件会被放到该工具的运行目录下,除非使用-file选项指定了一个替换位置;如果指定-sh选项,OldCmp会在生成HTML文件后自动打开它。
-safety选项用来限制所能删除或禁用的帐户数量,-forreal用来真正删除或者禁用帐户。 Oldcmp -report -file c:\inactive.html'oldcmp -delete -onlydisabled -safety 100 -forreal -append -file c:\deleted_comps.html0FaHQVoldcmp -disable -age 180 -safety 100 -forreal -append -file c:\disabled_comps.html
