A. The Dsquery command lets you query Active Directory (AD) for most types of objects based on passed attributes. To see the full list of options, type

dsquery user /?

The basic command syntax is

dsquery user <distinguished name (DN) of root to search> <parameters to match>

For example, to find all users whose name starts with the letter "J" in domain it.uk.savilltech.com, I typed

dsquery user DC=it,DC=uk,DC=savilltech,DC=com -name J*

and the system returned

"CN=John,CN=Users,DC=it,DC=uk,DC=savilltech,DC=com"
"CN=James,CN=Users,DC=it,DC=uk,DC=savilltech,DC=com"
"CN=Jim,CN=Users,DC=it,DC=uk,DC=savilltech,DC=com"

To find all users who hadn't changed their password in more than 10 days, I typed

dsquery user DC=it,DC=uk,DC=savilltech,DC=com -stalepwd 10

To find all users who hadn't logged on using their password in the past week, I typed

dsquery user DC=it,DC=uk,DC=savilltech,DC=com -inactive 1

You can also combine switches, if necessary. For example, to find all users whose name starts with the letter "J" and who hadn't changed their passwords in more than 10 days, I typed

dsquery user DC=it,DC=uk,DC=savilltech,DC=com -name J* -stalepwd 10