Advertisement
A. The Dsquery command lets you query Active Directory (AD) for most types of objects based on passed attributes. To see the full list of options, type
dsquery user /? The basic command syntax is
dsquery user <distinguished name (DN) of root to search> <parameters to match> For example, to find all users whose name starts with the letter "J" in domain it.uk.savilltech.com, I typed
dsquery user DC=it,DC=uk,DC=savilltech,DC=com -name J* and the system returned
"CN=John,CN=Users,DC=it,DC=uk,DC=savilltech,DC=com"
"CN=James,CN=Users,DC=it,DC=uk,DC=savilltech,DC=com"
"CN=Jim,CN=Users,DC=it,DC=uk,DC=savilltech,DC=com"
"CN=James,CN=Users,DC=it,DC=uk,DC=savilltech,DC=com"
"CN=Jim,CN=Users,DC=it,DC=uk,DC=savilltech,DC=com"
To find all users who hadn't changed their password in more than 10 days, I typed
dsquery user DC=it,DC=uk,DC=savilltech,DC=com -stalepwd 10 To find all users who hadn't logged on using their password in the past week, I typed
dsquery user DC=it,DC=uk,DC=savilltech,DC=com -inactive 1 You can also combine switches, if necessary. For example, to find all users whose name starts with the letter "J" and who hadn't changed their passwords in more than 10 days, I typed
dsquery user DC=it,DC=uk,DC=savilltech,DC=com -name J* -stalepwd 10 
