Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
Dsget
Displays the selected properties of a specific object in the directory. The dsget commands include:
- dsget computer
- dsget contact
- dsget group
- dsget ou
- dsget server
- dsget user
- dsget subnet
- dsget site
- dsget quota
- dsget partition
dsget computer
Displays the properties of a computer in the directory. There are two variations of this command. The first variation allows you to view the properties of multiple computers. The second variation allows you to view the membership information of a single computer.
Syntax
dsget computer
ComputerDN ...[-dn] [-samid][-sid][-desc][-loc][-disabled][{-sServer -dDomain}][-uUserName] [-p {Password *}] [-c][-q][-l] [{-uc -uco -uci}][-partPartitionDN[-qlimit][-qused]]
dsget computer
ComputerDN[-memberof [-expand]][{-sServer -dDomain}][-uUserName] [-p {Password *}] [-c][-q][-l] [{-uc -uco -uci}]
Parameters
ComputerDN ...
Required. Specifies the distinguished names of the computer object list that you want to view. If values are omitted, they are obtained through standard input (stdin) to support piping of output from another command to input of this command. Compare with ComputerDN in the next command variation.
-dn
Displays the distinguished names of the computers.
-samid
Displays the computer SAM account names.
-sid
Displays the computer security IDs (SIDs).
-desc
Displays the descriptions of the computers.
-loc
Displays the computer locations.
-disabled
Displays the status of the computer accounts. A value yes returned establishes that the account is disabled; a value of no establishes that the account is enabled.
ComputerDN
Required. Specifies the distinguished name of the single computer you want to view.
-memberof
Displays the immediate list of groups of which the computer is a member. This takes a single target object only as input parameter.
-expand
Displays the recursively expanded list of groups of which the computer is a member. This option takes the immediate group membership list of the computer and then recursively expands each group in this list to determine its group memberships as well to arrive at a complete closure set of the groups.
{ -sServer -dDomain}
Connects to a specified remote server or domain. By default, the computer is connected to the domain controller in the logon domain.
-u UserName
Specifies the user name with which the user logs on to a remote server. By default, -u uses the user name with which the user logged on. You can use any of the following formats to specify a user name:
- user name (for example, Linda)
- domain\user name (for example, widgets\Linda)
- user principal name (UPN) (for example, Linda@widgets.microsoft.com)
-p{ Password *}
Specifies to use either a password or a * to log on to a remote server. If you type *, you are prompted for a password.
-c
Reports errors, but continues with the next object in the argument list when multiple target objects are specified (continuous operation mode). Without this option, the command exits on the first error.
-q
Suppresses all output to standard output (quiet mode).
-l
Displays entries in a list format. By default, entries are displayed in a table format.
{ -uc -uco -uci}
Specifies that output or input data is formatted in Unicode. The following table lists and describes each format.
-part PartitionDN
Connects to the directory partition with the distinguished name of PartitionDN.
-qlimit
Displays the effective quota of the computer within the specified directory partition.
-qused
Displays how much of its quota the computer has used within the specified directory partition.
Value | Description |
-uc | Specifies a Unicode format for input from or output to a pipe (). |
-uco | Specifies a Unicode format for output to a pipe () or a file. |
-uci | Specifies a Unicode format for input from a pipe () or a file. |
/?
Displays help at the command prompt.
Remarks
- If you do not supply a target object at the command prompt, the target object is obtained from standard input (stdin). Stdin data can be accepted from the keyboard, a redirected file, or as piped output from another command. To mark the end of stdin data from the keyboard or in a redirected file, use the end-of-file character (CTRL+Z).
- Use the dsget command to view properties of a specific object in the directory. For more information about using dsquery * to search for all objects that match a specific criterion, see Related Topics.
- As a result of dsquery searches, you can pipe returned objects to dsget and obtain object properties. See Examples.
- If a value that you supply contains spaces, use quotation marks around the text (for example, "CN=DC2,OU=Domain Controllers,DC=Microsoft,DC=Com").
- If you supply multiple values for a parameter, use spaces to separate the values (for example, a list of distinguished names).
Examples
To display the descriptions of all computers in a given organizational unit whose name starts with "tst", type:
dsquery computer OU=Test,DC=Microsoft,DC=Com -name tst* dsget computer -desc
To display the list of groups, recursively expanded, to which a given computer "MyDBServer" belongs, type:
dsget computer CN=MyDBServer,CN=computers,DC=Microsoft,DC=Com -memberof -expand
dsget contact
Displays the various properties of a contact in the directory.
Syntax
dsget contact
ContactDN ...[-dn][-fn][-mi][-ln][-display][-desc][-office][-tel][-email][-hometel][-pager][-mobile][-fax][-iptel][-title][-dept][-company][{-sServer -dDomain}][-uUserName] [-p {Password *}] [-c][-q][-l] [{-uc -uco -uci}]
Parameters
ContactDN ...
Required. Specifies the distinguished names of the contact objects that you want to view. If this parameter is omitted, its value is taken from standard input (stdin) to support piping of output from another command to input of this command.
-dn
Displays the distinguished names of the contacts.
-fn
Displays the first names of the contacts.
-mi
Displays the middle initials of the contacts.
-ln
Displays the last names of the contacts.
-display
Displays the display names of the contacts.
-desc
Displays the descriptions of the contacts.
-office
Displays the office locations of the contacts.
-tel
Displays the telephone numbers of the contacts.
-email
Displays the e-mail addresses of the contacts.
-hometel
Displays the home telephone numbers of the contacts.
-pager
Displays the pager numbers of the contacts.
-mobile
Displays the mobile phone numbers of the contacts.
-fax
Displays the fax numbers of the contacts.
-iptel
Displays the IP phone number of the contact.
-title
Displays the titles of the contacts.
-dept
Displays the departments of the contacts.
-company
Displays the company information for the contacts.
{ -sServer -dDomain}
Connects to a specified remote server or domain. By default, the computer is connected to the domain controller in the logon domain.
-u UserName
Specifies the user name with which the user logs on to a remote server. By default, -u uses the user name with which the user logged on. You can use any of the following formats to specify a user name:
- user name (for example, Linda)
- domain\user name (for example, widgets\Linda)
- user principal name (UPN) (for example, Linda@widgets.microsoft.com)
-p{ Password *}
Specifies to use either a password or a * to log on to a remote server. If you type *, you are prompted for a password.
-c
Reports errors, but continues with the next object in the argument list when multiple target objects are specified (continuous operation mode). Without this option, the command exits on the first error.
-q
Suppresses all output to standard output (quiet mode).
-l
Displays entries in a list format. By default, entries are displayed in a table format.
{ -uc -uco -uci}
Specifies that output or input data is formatted in Unicode. The following table lists and describes each format.
Value | Description |
-uc | Specifies a Unicode format for input from or output to a pipe (). |
-uco | Specifies a Unicode format for output to a pipe () or a file. |
-uci | Specifies a Unicode format for input from a pipe () or a file. |
/?
Displays help at the command prompt.
Remarks
- If you do not supply a target object at the command prompt, the target object is obtained from standard input (stdin). Stdin data can be accepted from the keyboard, a redirected file, or as piped output from another command. To mark the end of stdin data from the keyboard or in a redirected file, use the end-of-file character (CTRL+Z).
- Use the dsget command to view properties of a specific object in the directory. For more information about using dsquery * to search for all objects that match a specific criterion, see Related topics.
- As a result of dsquery searches, you can pipe returned objects to dsget and obtain object properties.
- If a value that you supply contains spaces, use quotation marks around the text (for example, "CN=Mike Danseglio,OU=Contacts,DC=Microsoft,DC=Com").
- If you supply multiple values for a parameter, use spaces to separate the values (for example, a list of distinguished names).
Examples
To display the description and phone numbers for contacts Mike Danseglio and Don Funk, type:
dsget contact "CN=Mike Danseglio,OU=Contacts,DC=Microsoft,DC=Com" "CN=Don Funk,OU=Contacts,DC=Microsoft,DC=Com" -desc -tel
dsget group
Displays the various properties of a group including the members of a group in the directory. There are two variations of this command. The first variation allows you to view the properties of multiple groups. The second variation allows you to view the group membership information of a single group.
Syntax
dsget group
GroupDN ...[-dn][-samid][-sid][-desc][-secgrp][-scope][{-sServer -dDomain}][-uUserName] [-p {Password *}] [-c][-q][-l][{-uc -uco -uci}][-partPartitionDN[-qlimit][-qused]]
dsget group
GroupDN[{-memberof -members}][-expand][{-sServer -dDomain}][-uUserName][-p {Password *}] [-c][-q][-l] [{-uc -uco -uci}]
Parameters
GroupDN ...
Required. Specifies the distinguished names of the group objects that you want to view. If values are omitted, they are obtained through standard input (stdin) to support piping of output from another command to input of this command. Compare with GroupDN in the next command variation.
-dn
Displays that distinguished names of the groups.
-samid
Displays the SAM account names of the groups.
-sid
Displays the group security IDs (SIDs).
-desc
Displays the descriptions of the groups.
-secgrp
Displays information about whether groups are security groups (yes) or a distribution groups (no).
-scope
Display information about whether group scopes are local, global, or universal.
GroupDN
Required. Specifies the distinguished name of the computer you want to view.
{ -memberof -members}
Displays the immediate list of groups of which the group is a member (-memberof). Displays the immediate list of members of the group (-members).
-expand
In the case of the -memberof parameter, requests that the recursively expanded list of groups in which the group is a member be returned. This option takes the immediate group membership list of the group, and then recursively expands each group in this list to determine its group memberships as well to arrive at a complete closure set of the groups.
In case of the -members parameter, requests that the recursively expanded list of members of the group be displayed. This parameter takes the immediate list of members of the group and then recursively expands each group in this list to determine its group memberships as well to arrive at a complete closure set of the members.
{ -sServer -dDomain}
Connects to a specified remote server or domain. By default, the computer is connected to the domain controller in the logon domain.
-u UserName
Specifies the user name with which the user logs on to a remote server. By default, the logged on user name is used. You can specify a user name using one of the following formats:
- user name (for example, Linda)
- domain\user name (for example, widgets\Linda)
- user principal name (UPN) (for example, Linda@widgets.microsoft.com)
-p{ Password *}
Specifies to use either a password or a * to log on to a remote server. If you type *, you are prompted for a password.
-c
Reports errors, but continues with the next object in the argument list when multiple target objects are specified (continuous operation mode). Without this option, the command exits on the first error.
-q
Suppresses all output to standard output (quiet mode).
-l
Displays entries in a list format. By default, entries are displayed in a table format.
{ -uc -uco -uci}
Specifies that output or input data is formatted in Unicode. The following table lists and describes each format.
-part PartitionDN
Connects to the directory partition with the distinguished name of PartitionDN.
-qlimit
Displays the effective quota of the group within the specified directory partition.
-qused
Displays how much of its quota the group has used within the specified directory partition.
Value | Description |
-uc | Specifies a Unicode format for input from or output to a pipe (). |
-uco | Specifies a Unicode format for output to a pipe () or a file. |
-uci | Specifies a Unicode format for input from a pipe () or a file. |
/?
Displays help at the command prompt.
Remarks
- If you do not supply a target object at the command prompt, the target object is obtained from standard input (stdin). Stdin data can be accepted from the keyboard, a redirected file, or as piped output from another command. To mark the end of stdin data from the keyboard or in a redirected file, use the end-of-file character (CTRL+Z).
- Use the dsget command to view properties of a specific object in the directory. For more information about using dsquery * to search for all objects that match a specific criterion, see Related Topics.
- As a result of dsquery searches, you can pipe returned objects to dsget and obtain object properties. See Examples.
- If a value that you supply contains spaces, use quotation marks around the text (for example, "CN=USA Sales,OU=Distribution Lists,DC=Microsoft,DC=Com").
- If you supply multiple values for a parameter, use spaces to separate the values (for example, a list of distinguished names).
Examples
To display the descriptions of all groups in a given organizational unit whose names start with "adm," type:
dsquery group OU=Test,DC=Microsoft,DC=Com -name adm* dsget group -desc
To display the list of members, recursively expanded, of the group Backup Operators, type:
dsget group "CN=Backup Operators,OU=Test,DC=Microsoft,DC=Com" -members -expand
dsget ou
Displays the various properties of an organizational unit in the directory.
Syntax
dsget ou
OrganizationalUnitDN ...[-dn] [-desc][{-sServer -dDomain}][-uUserName] [-p {Password *}] [-c][-q][-l] [{-uc -uco -uci}]
Parameters
OrganizationalUnitDN ...
Required. Specifies the distinguished names of the organizational units that you want to view. If values are omitted, they are obtained through standard input (stdin) to support piping of output from another command to input of this command.
-dn
Displays the distinguished names of the organizational units.
-desc
Displays the descriptions of the organizational units.
{ -sServer -dDomain}
Connects to a specified remote server or domain. By default, the computer is connected to the domain controller in the logon domain.
-u UserName
Specifies the user name with which the user logs on to a remote server. By default, the logged on user name is used. You can specify a user name using one of the following formats:
- user name (for example, Linda)
- domain\user name (for example, widgets\Linda)
- user principal name (UPN) (for example, Linda@widgets.microsoft.com)
-p{ Password *}
Specifies to use either a password or a * to log on to a remote server. If you type *, you are prompted for a password.
-c
Reports errors, but continues with the next object in the argument list when multiple target objects are specified (continuous operation mode). Without this option, the command exits on the first error.
-q
Suppresses all output to standard output (quiet mode).
-l
Displays entries in a list format. By default, entries are displayed in a table format.
{ -uc -uco -uci}
Specifies that output or input data is formatted in Unicode. The following table lists and describes each format.
Value | Description |
-uc | Specifies a Unicode format for input from or output to a pipe (). |
-uco | Specifies a Unicode format for output to a pipe () or a file. |
-uci | Specifies a Unicode format for input from a pipe () or a file. |
/?
Displays help at the command prompt.
Remarks
- If you do not supply a target object at the command prompt, the target object is obtained from standard input (stdin). Stdin data can be accepted from the keyboard, a redirected file, or as piped output from another command. To mark the end of stdin data from the keyboard or in a redirected file, use the end-of-file character (CTRL+Z).
- Use the dsget command to view properties of a specific object in the directory. For more information about using dsquery * to search for all objects that match a specific criterion, see Related Topics.
- As a result of dsquery searches, you can pipe returned objects to dsget and obtain object properties. See Examples.
- If a value that you supply contains spaces, use quotation marks around the text (for example, "OU=Domain Controllers,DC=Microsoft,DC=Com").
- If you supply multiple values for a parameter, use spaces to separate the values (for example, a list of distinguished names).
Examples
To display the descriptions of all organizational units in the current domain, type:
dsquery ou domainroot dsget ou -desc
dsget server
This command displays the various properties of a domain controller defined in the directory. There are three variations of this command. The first variation displays the general properties of a specified domain controller. The second variation displays a list of the security principals who own the largest number of directory objects on the specified domain controller. The third variation displays the distinguished names of the directory partitions on the specified server.
Syntax
dsget server
ServerDN ...[-dn] [-desc] [-dnsname] [-site] [-isgc][{-sServer -dDomain}][-uUserName] [-p {Password *}] [-c][-q][-l] [{-uc -uco -uci}]
dsget server
ServerDN[{-sServer -dDomain}][-uUserName] [-p {Password *}] [-c][-q][-l] [{-uc -uco -uci}][-topobjownerDisplay]
dsget server
ServerDN[{-sServer -dDomain}][-uUserName] [-p {Password *}] [-c][-q][-l] [{-uc -uco -uci}][-partPartitionDN]
Parameters
ServerDN ...
Required. Specifies the list of server object distinguished names to view. If values are omitted, they are obtained through standard input (stdin) to support piping of output from another command to input of this command.
-dn
Displays the distinguished names of the servers.
-desc
Displays the descriptions of the servers.
-dnsname
Displays the DNS host names of the servers.
-site
Displays the site names to which the servers belongs.
-isgc
Displays information about whether the server is a global catalog (yes) or not (no).
{ -sServer -dDomain}
Connects to a specified remote server or domain. By default, the computer is connected to the domain controller in the logon domain.
-u UserName
Specifies the user name with which the user logs on to a remote server. By default, the logged on user name is used. You can specify a user name using one of the following formats:
- user name (for example, Linda)
- domain\user name (for example, widgets\Linda)
- user principal name (UPN) (for example, Linda@widgets.microsoft.com)
-p{ Password *}
Specifies to use either a password or a * to log on to a remote server. If you type *, you are prompted for a password.
-c
Reports errors, but continues with the next object in the argument list when multiple target objects are specified (continuous operation mode). Without this option, the command exits on the first error.
-q
Suppresses all output to standard output (quiet mode).
-l
Displays entries in a list format. By default, entries are displayed in a table format.
{ -uc -uco -uci}
Specifies that output or input data is formatted in Unicode. The following table lists and describes each format.
-part PartitionDN
Connects to the directory partition with the distinguished name of PartitionDN.
-topobjowner Display
Displays a sorted list of the security principals (users, computers, security groups, and inetOrgPersons) that own the largest number of directory objects across all directory partitions on the server and the number of directory objects that they own. The number of accounts to display in the list is specified by Display.To display all object owners, type 0. If you do not specify Display, the number of principals listed defaults to 10.
Value | Description |
-uc | Specifies a Unicode format for input from or output to a pipe (). |
-uco | Specifies a Unicode format for output to a pipe () or a file. |
-uci | Specifies a Unicode format for input from a pipe () or a file. |
/?
Displays help at the command prompt.
Remarks
- If you do not supply a target object at the command prompt, the target object is obtained from standard input (stdin). Stdin data can be accepted from the keyboard, a redirected file, or as piped output from another command. To mark the end of stdin data from the keyboard or in a redirected file, use the end-of-file character (CTRL+Z).
- Use the dsget command to view properties of a specific object in the directory. For more information about using dsquery * to search for all objects that match a specific criterion, see Related Topics.
- As a result of dsquery searches, you can pipe returned objects to dsget and obtain object properties. See Examples.
- If a value that you supply contains spaces, use quotation marks around the text (for example, "CN=My Server,CN=Servers,CN=Site10,CN=Sites,CN=Configuration,DC=Microsoft,DC=Com").
- If you supply multiple values for a parameter, use spaces to separate the values (for example, a list of distinguished names).
- The properties requested by this command may reside either in the Server object for the domain controller or in the NTDSDSA object corresponding to the server.
Examples
To find all domain controllers for domain widgets.microsoft.com and display their DNS host name and site name, type:
dsquery server -domain widgets.microsoft.com dsget server -dnsname -site
To show if a domain controller with the name DC1 is also a global catalog server, type:
dsget server CN=DC1,CN=Servers,CN=Site10,CN=Sites,CN=Configuration,DC=Microsoft,DC=Com -isgc
To display a sorted list of security principals who own the largest number of objects on the domain controller server1.widgets.microsoft.com, type:
dsget server CN=server1,CN=widgets,DC=Microsoft,DC=com -topobjowner
dsget user
Display the various properties of a user in the directory. There are two variations of this command. The first variation allows you to view the properties of multiple users. The second variation allows you to view the group membership information of a single user.
Syntax
dsget user
UserDN ...[-dn][-samid] [-sid][-upn] [-fn] [-mi] [-ln] [-display] [-empid][-desc][-office] [-tel] [-email] [-hometel] [-pager] [-mobile][-fax] [-iptel][-webpg][-title][-dept][-company][-mgr][-hmdir][-hmdrv][-profile][-loscr][-mustchpwd][-canchpwd][-pwdneverexpires][-disabled][-acctexpires][-reversiblepwd][{-uc -uco -uci}][-partPartitionDN[-qlimit][-qused]]
dsget user
UserDN[-memberof] [-expand][{-uc -uco -uci}]
Parameters
UserDN ...
Required. Specifies the distinguished names of the user objects that you want to view. If values are omitted, they are obtained through standard input (stdin) to support piping of output from another command to input of this command. Compare with UserDN in the next command variation.
-dn
Displays the distinguished names of the users.
-samid
Displays the SAM account names of the users.
-sid
Displays the user security IDs (SIDs).
-upn
Displays the user principal names of the users.
-fn
Displays the first names of the users.
-mi
Displays the middle initials of the users.
-ln
Displays the last names of the users.
-display
Displays the display names of the users.
-empid
Displays the employee IDs of the users.
-desc
Displays the descriptions of the users.
-full
Displays the full names of the users.
-office
Displays the office locations of the users.
-tel
Displays the telephone numbers of the users.
-email
Displays the e-mail addresses of the users.
-hometel
Displays the home telephone numbers of the users.
-pager
Displays the pager numbers of the users.
-mobile
Displays the mobile phone numbers of the users.
-fax
Displays the fax numbers of the users.
-iptel
Displays the user IP phone numbers.
-webpg
Displays the user Web page URLs.
-title
Displays the titles of the users.
-dept
Displays the departments of the users.
-company
Displays the company information for the users.
-mgr
Displays the user managers of the users.
-hmdir
Displays the drive letter to which the home directory of the user is mapped to if the home directory path is a UNC path.
-hmdrv
Displays the user's home drive letter if home directory is a UNC path.
-profile
Displays the user profile paths.
-loscr
Displays the user logon script paths.
-mustchpwd
Displays information about whether users must change their passwords at the time of next logon (yes) or not (no).
-canchpwd
Displays information about whether users can change their password (yes) or not (no).
-pwdneverexpires
Displays information about whether the user passwords never expires (yes) or not (no).
-disabled
Displays information about whether user accounts are disabled for logon (yes) or not (no).
-acctexpires
Displays dates indicating when user accounts expire. If the accounts never expire, never is displayed.
-reversiblepwd
Displays information about whether the user passwords are allowed to be stored using reversible encryption (yes) or not (no).
UserDN
Required. Specifies the distinguished name of the user you want to view.
-memberof
Displays the immediate list of groups of which the user is a member.
-expand
Displays the recursively expanded list of groups of which the user is a member. This option takes the immediate group membership list of the user, and then recursively expands each group in this list to determine its group memberships as well to arrive at a complete closure set of the groups.
{ -uc -uco -uci}
Specifies that output or input data is formatted in Unicode. The following table lists and describes each format.
-part PartitionDN
Connect to the directory partition with the distinguished name of PartitionDN.
-qlimit
Displays the effective quota of the user within the specified directory partition.
-qused
Displays how much of the quota the user has used within the specified directory partition.
Value | Description |
-uc | Specifies a Unicode format for input from or output to a pipe (). |
-uco | Specifies a Unicode format for output to a pipe () or a file. |
-uci | Specifies a Unicode format for input from a pipe () or a file. |
/?
Displays help at the command prompt.
Remarks
- If you do not supply a target object at the command prompt, the target object is obtained from standard input (stdin). Stdin data can be accepted from the keyboard, a redirected file, or as piped output from another command. To mark the end of stdin data from the keyboard or in a redirected file, use the end-of-file character (CTRL+Z).
- Use the dsget command to view properties of a specific object in the directory. For more information about using dsquery * to search for all objects that match a specific criterion, see Related Topics.
- As a result of dsquery searches, you can pipe returned objects to dsget and obtain object properties. See Examples.
- The -canchpwd is an estimate on whether the user is allowed to change his password. This estimate has to do with the way the access control lists (ACLs) on the object are interpreted in order to arrive at the yes or no answer. The precise certainty regarding a user's ability to change a password can only be known by trying to change the password. This non-authoritative answer is not specific to this command-line tool, but is also inherent in the User Properties dialog box in Active Directory Users and Computers in Microsoft Management Console (MMC).
- When none of the specific property parameters are specified for the dsget user command, the default set of user properties to display include the following: distinguished name, SAM account name, and description.
- When the -memberof parameter is specified, it overrides all other parameters and only the membership list for the user is displayed.
Examples
To find all users in a given organizational unit whose name starts with "jon" and show their descriptions, type:
dsquery user OU=Test,dc=ms,dc=tld -name jon* dsget user -desc
To show the list of groups, recursively expanded, to which a given user "Mike Danseglio" belongs, type:
dsget user "CN=Mike Danseglio,CN=users,dc=ms,dc=tld" -memberof -expand
dsget subnet
Displays properties of a subnet defined in the directory.
Syntax
dsget subnet
SubnetDN ...[-dn][-desc] [-loc] [-site][{-sServer -dDomain}][-uUserName] [-p {Password *}][-c][-q][-l] [{-uc -uco -uci}]
Parameters
SubnetDN ...
Required. Specifies the common names of one or more subnets that you want to view.
-dn
Displays the distinguished names of the subnets. If values are omitted, they are obtained through standard input (stdin) to support piping of output from another command to input of this command.
-desc
Displays the descriptions of the subnets.
-loc
Displays the subnet locations.
-site
Displays the site names associated with the subnets.
{ -sServer -dDomain}
Connects to a specified remote server or domain. By default, the computer is connected to the domain controller in the logon domain.
-u UserName
Specifies the user name with which the user logs on to a remote server. By default, the logged on user name is used. You can specify a user name using one of the following formats:
- user name (for example, Linda)
- domain\user name (for example, widgets\Linda)
- user principal name (UPN) (for example, Linda@widgets.microsoft.com)
-p{ Password *}
Specifies to use either a password or a * to log on to a remote server. If you type *, you are prompted for a password.
-c
Reports errors, but continues with the next object in the argument list when multiple target objects are specified (continuous operation mode). Without this option, the command exits on the first error.
-q
Suppresses all output to standard output (quiet mode).
-l
Displays entries in a list format. By default, entries are displayed in a table format.
{ -uc -uco -uci}
Specifies that output or input data is formatted in Unicode. The following table lists and describes each format.
Value | Description |
-uc | Specifies a Unicode format for input from or output to a pipe (). |
-uco | Specifies a Unicode format for output to a pipe () or a file. |
-uci | Specifies a Unicode format for input from a pipe () or a file. |
/?
Displays help at the command prompt.
Remarks
- If you do not supply a target object at the command prompt, the target object is obtained from standard input (stdin). Stdin data can be accepted from the keyboard, a redirected file, or as piped output from another command. To mark the end of stdin data from the keyboard or in a redirected file, use the end-of-file character (CTRL+Z).
- Use the dsget command to view properties of a specific object in the directory. For more information about using dsquery * to search for all objects that match a specific criterion, see Related Topics.
- As a result of dsquery searches, you can pipe returned objects to dsget and obtain object properties.
- If a value that you supply contains spaces, use quotation marks around the text.
- If you supply multiple values for a parameter, use spaces to separate the values (for example, a list of subnet common names).
Examples
To display all relevant properties for the subnets 206.73.118.0/24 and 207.209.68.0/24, type:
dsget subnet "206.73.118.0/24" "207.209.68.0/24"
dsget site
Displays the various properties of a site defined in the directory.
Syntax
dsget site
SiteCN ...[-dn] [-desc] [-autotopology] [-cachegroups] [-prefGCsite][{-sServer -dDomain}][-uUserName] [-p {Password *}] [-c][-q][-l] [{-uc -uco -uci}]
Parameters
SiteCN ...
Required. Specifies the common name of one or more sites that you want to view. If values are omitted, they are obtained through standard input (stdin) to support piping of output from another command to input of this command.
-dn
Displays the distinguished names of the sites.
-desc
Displays the descriptions of the sites.
-autotopology
Displays information about whether automatic intersite topology generation is enabled (yes) or disabled (no) for specified sites.
-cachegroups
Displays information about whether caching of universal group memberships for this site is enabled (yes) or disabled (no) to support logons that do not check the global catalog.
-prefGCsite
Displays the name of the preferred global catalog site used to refresh universal group membership caching for this site's domain controllers, if universal group membership caching has been enabled.
{ -sServer -dDomain}
Connects to a specified remote server or domain. By default, the computer is connected to the domain controller in the logon domain.
-u UserName
Specifies the user name with which the user logs on to a remote server. By default, the logged on user name is used. You can specify a user name using one of the following formats:
- user name (for example, Linda)
- domain\user name (for example, widgets\Linda)
- user principal name (UPN) (for example, Linda@widgets.microsoft.com)
-p{ Password *}
Specifies to use either a password or a * to log on to a remote server. If you type *, you are prompted for a password.
-c
Reports errors, but continues with the next object in the argument list when multiple target objects are specified (continuous operation mode). Without this option, the command exits on the first error.
-q
Suppresses all output to standard output (quiet mode).
-l
Displays entries in a list format. By default, entries are displayed in a table format.
{ -uc -uco -uci}
Specifies that output or input data is formatted in Unicode. The following table lists and describes each format.
Value | Description |
-uc | Specifies a Unicode format for input from or output to a pipe (). |
-uco | Specifies a Unicode format for output to a pipe () or a file. |
-uci | Specifies a Unicode format for input from a pipe () or a file. |
/?
Displays help at the command prompt.
Remarks
- If you do not supply a target object at the command prompt, the target object is obtained from standard input (stdin). Stdin data can be accepted from the keyboard, a redirected file, or as piped output from another command. To mark the end of stdin data from the keyboard or in a redirected file, use the end-of-file character (CTRL+Z).
- Use the dsget command to view properties of a specific object in the directory. For more information about using dsquery * to search for all objects that match a specific criterion, see Related Topics.
- As a result of dsquery searches, you can pipe returned objects to dsget and obtain object properties. See Examples.
- If a value that you supply contains spaces, use quotation marks around the text (for example, "CN=Mike Danseglio,CN=Users,DC=Microsoft,DC=Com").
- If you supply multiple values for a parameter, use spaces to separate the values (for example, a list of distinguished names).
Examples
To find all sites in the forest and display their descriptions, type:
dsquery site dsget site -dn -desc
dsget quota
Displays the properties of a quota specification defined in the directory. A quota specification determines the maximum number of directory objects a given security principal can own in a specific directory partition.
Syntax
dsget quota
ObjectDN ... [-dn] [-acct] [-qlimit] [{-sServer -dDomain}][-uUserName] [-p {Password *}] [-c][-q][-l] [{-uc -uco -uci}]
Parameters
ObjectDN...
Required. Specifies the distinguished names of the quota objects to view. If values are omitted, they are obtained through standard input (stdin) to support piping of output from another command to input of this command.
-dn
Displays the distinguished names of the quota objects.
-acct
Displays the distinguished names of the accounts to which the quotas are assigned.
-qlimit
Displays the quota limits for the specified quotas. An unlimited quota displays as "-1".
{ -sServer -dDomain}
Connects to a specified remote server or domain. By default, the computer is connected to the domain controller in the logon domain.
-u UserName
Specifies the user name with which the user logs on to a remote server. By default, the logged on user name is used. You can specify a user name using one of the following formats:
- user name (for example, Linda)
- domain\user name (for example, widgets\Linda)
- user principal name (UPN) (for example, Linda@widgets.microsoft.com)
-p{ Password *}
Specifies to use either a password or a * to log on to a remote server. If you type *, you are prompted for a password.
-c
Reports errors, but continues with the next object in the argument list when multiple target objects are specified (continuous operation mode). Without this option, the command exits on the first error.
-q
Suppresses all output to standard output (quiet mode).
-l
Displays entries in a list format. By default, entries are displayed in a table format.
{ -uc -uco -uci}
Specifies that output or input data is formatted in Unicode. The following table lists and describes each format.
Value | Description |
-uc | Specifies a Unicode format for input from or output to a pipe (). |
-uco | Specifies a Unicode format for output to a pipe () or a file. |
-uci | Specifies a Unicode format for input from a pipe () or a file. |
/?
Displays help at the command prompt.
Remarks
- If you do not specify a target object at the command prompt, the target object is obtained from standard input (stdin). Stdin data can be accepted from the keyboard, a redirected file, or as piped output from another command. To mark the end of stdin data from the keyboard or in a redirected file, use CTRL+Z for End of File (EOF).
- If you do not specify any of the optional parameters, the distinguished names of the quota specifications, the accounts to which the quotas are assigned, and the quota limits are all displayed.
- Use the dsget command to view properties of a specific object in the directory. For more information about using dsquery * to search for all objects that match a specific criterion, see Related Topics.
- As a result of dsquery searches, you can pipe returned objects to dsget and obtain object properties. For more information, see the Examples section of this topic.
- If a value that you use contains spaces, use quotation marks around the text (for example, "CN=Mike Danseglio,CN=Users,DC=Microsoft,DC=Com").
- If you use multiple values for a parameter, use spaces to separate the values (for example, a list of distinguished names).
Examples
To display the account to which the quota is assigned, and the quota limit for the quota specification "CN=quota1,dc=marketing,dc=northwindtraders,dc=com", type:
dsget quota CN=quota1,dc=marketing,dc=northwindtraders,dc=com -acct -qlimit
dsget partition
Displays the properties of a directory partition.
Syntax
dsget partition
ObjectDN ... [-dn] [-qdefault] [-qtmbstnwt] [-topobjownerDisplay] [{-sServer -dDomain}][-uUserName] [-p {Password *}] [-c][-q][-l] [{-uc -uco -uci}]
Parameters
ObjectDN...
Required. Specifies the distinguished names (also known as DN) of the partition objects to view. If values are omitted, they are obtained through standard input (stdin) to support piping of output from another command to input of this command.
-dn
Displays the distinguished names of the directory partition objects.
-qdefault
Displays the default quota that applies to any security principal (for example, user, group, computer, or iNetOrg person) creating an object in the directory partition, if no specific quota specification governs that security principal. An unlimited quota displays as "-1".
-qtmbstnwt
Displays the percent by which the tombstone object count should be reduced when calculating quota usage.
-topobjowner Display
Displays a sorted list of the security principals (users, computers, security groups, and inetOrgPersons) that own the largest number of objects in the specified directory partition and the number of directory objects that they own. The number of accounts to display in the list is specified by Display. To display all object owners, type 0. If you do not specify Display, the number of principals listed defaults to 10.
{ -sServer -dDomain}
Connects to a specified remote server or domain. By default, the computer is connected to the domain controller in the logon domain.
-u UserName
Specifies the user name with which the user logs on to a remote server. By default, the logged on user name is used. You can specify a user name using one of the following formats:
- user name (for example, Linda)
- domain\user name (for example, widgets\Linda)
- user principal name (UPN) (for example, Linda@widgets.microsoft.com)
-p{ Password *}
Specifies to use either a password or a * to log on to a remote server. If you type *, you are prompted for a password.
-c
Reports errors, but continues with the next object in the argument list when multiple target objects are specified (continuous operation mode). Without this option, the command exits on the first error.
-q
Suppresses all output to standard output (quiet mode).
-l
Displays entries in a list format. By default, entries are displayed in a table format.
{ -uc -uco -uci}
Specifies that output or input data is formatted in Unicode. The following table lists and describes each format.
Value | Description |
-uc | Specifies a Unicode format for input from or output to a pipe (). |
-uco | Specifies a Unicode format for output to a pipe () or a file. |
-uci | Specifies a Unicode format for input from a pipe () or a file. |
/?
Displays help at the command prompt.
Remarks
- If you do not specify a target object at the command prompt, the target object is obtained from standard input (stdin). Stdin data can be accepted from the keyboard, a redirected file, or as piped output from another command. To mark the end of stdin data from the keyboard or in a redirected file, use CTRL+Z for End of File (EOF).
- When none of the optional parameters is specified, the distinguished name of the directory partition object is displayed.
- When -topobjowner is specified, it overrides any other specified parameters, so that only the results of -topobjowner are displayed.
- Use the dsget command to view properties of a specific object in the directory. For more information about using dsquery * to search for all objects that match a specific criterion, see Related Topics.
- As a result of dsquery searches, you can pipe returned objects to dsget and obtain object properties. For more information, see the Examples section of this topic.
- If a value that you use contains spaces, use quotation marks around the text (for example, "CN=Mike Danseglio,CN=Users,DC=Microsoft,DC=Com").
- If you use multiple values for a parameter, use spaces to separate the values (for example, a list of distinguished names).
Examples
To display all directory partitions in the forest northwindtraders.com that begin with "application" along with the top three object owners from each partition, type: "CN=quota1,dc=marketing,dc=northwindtraders,dc=com", type:
dsquery server -forest -part application* dsget server -part dsget partition -topjobowner 3