É muito comum, Windows Administrator’s precisarem de informações de certos campos do AD.
Quando estas informações envolvem muitos usuários, se torna complicado fazer algo manual – até por questão de tempo!
Os comandos DSQUERY e DSGET realizam esta tarefa de forma rápida, prática e objetiva. Vejamos…
Exemplo de Sintaxe:
dsquery user domainroot |dsget user -display -office -loscr > C:\usuarios.txt
No comando acima, foi coletado o nome dos usuários + o campo “Script de Logon” da aba profile dos usuários.
domainroot – procura na raiz do domínio
-display – Display name dos usuários (facilitar a identificação)
-office – Exibe a localidade
-loscr – exibe o que consta neste campo, scripts que o usuário recebe
C:\usuarios.txt – salva o resultado em arquivo .txt no caminho específicado
* Caso as linhas do arquivo não sejam suficientes, utilize a sintaxe -limit 2000 (por exemplo: dsquery user -limit 2000 | dsget user….)
Esta demanda surgiu de um usuário no TechNet – ele precisava saber quais usuários recebiam quais scripts – pode servir para diversos casos / demandas / situações :)
Abaixo segue tabela contendo os atributos que pode ser incrementado:
| -dn | Displays the distinguished names of the users. |
| -samid | Displays the Security Account Manager (SAM) account names of the users. |
| -sid | Displays the user security identifiers (SIDs). |
| -upn | Displays the user principal names (UPNs) of the users. |
| -fn | Displays the first names of the users. |
| -mi | Displays the middle initials of the users. |
| -ln | Displays the last names of the users. |
| -display | Displays the display names of the users. |
| -empid | Displays the employee IDs of the users. |
| -desc | Displays the descriptions of the users. |
| -full | Displays the full names of the users. |
| -office | Displays the office locations of the users. |
| -tel | Displays the telephone numbers of the users. |
| Displays the e-mail addresses of the users. | |
| -hometel | Displays the home telephone numbers of the users. |
| -pager | Displays the pager numbers of the users. |
| -mobile | Displays the mobile phone numbers of the users. |
| -fax | Displays the fax numbers of the users. |
| -iptel | Displays the user IP phone numbers. |
| -webpg | Displays the user Web page URLs. |
| -title | Displays the titles of the users. |
| -dept | Displays the departments of the users. |
| -company | Displays the company information of the users. |
| -mgr | Displays the managers of the users. |
| -hmdir | Displays the drive letter to which the home directory of the user is mapped to if the home directory path is a UNC path. |
| -hmdrv | Displays the user’s home drive letter if home directory is a UNC path. |
| -profile | Displays the user profile paths. |
| -loscr | Displays the user logon script paths. |
| -mustchpwd | Displays whether users must change their passwords at the time of next logon (yes) or not (no). |
| -canchpwd | Displays whether users can change their password (yes) or not (no). |
| -pwdneverexpires | Displays whether the user passwords never expires (yes) or not (no). |
| -disabled | Displays whether user accounts are disabled for logon (yes) or not (no). |
| -acctexpires | Displays the dates when user accounts expire. If the accounts never expire, this command returns never. |
| -reversiblepwd | Displays whether the user passwords are allowed to be stored using reversible encryption (yes) or not (no). |
| <UserDN> (second variation) | Required. Displays the distinguished name of the user whose group membership you want to view. |
| -memberof | Displays the immediate list of groups of which the user is a member. |
| -expand | Displays the recursively expanded list of groups of which the user is a member. This option takes the immediate group membership list of the user, and then recursively expands each group in this list to determine its group memberships as well to arrive at a complete closure set of the groups. |
Gustavo Valle 
Pingback: Usar a ferramenta de administração ADSI Edit (Consultas no AD) | Ana Paula de Almeida
eu uso o comando dsquery user domainroot -limit 7000 |dsget user -display -office -loscr > C:\usuarios.txt
porem retorna o tempo todo a mensagem: failed:directory object not found
conseguem me ajudar?