Share via


Dsget

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Dsget

Displays the selected properties of a specific object in the directory. The dsget commands include:

  • dsget computer

  • dsget contact

  • dsget group

  • dsget ou

  • dsget server

  • dsget user

  • dsget subnet

  • dsget site

  • dsget quota

  • dsget partition

dsget computer

Displays the properties of a computer in the directory. There are two variations of this command. The first variation allows you to view the properties of multiple computers. The second variation allows you to view the membership information of a single computer.

Syntax

dsget computer ComputerDN ...[-dn] [-samid][-sid][-desc][-loc][-disabled][{-sServer | -dDomain}][-uUserName] [-p {Password | *}] [-c][-q][-l] [{-uc | -uco | -uci}][-partPartitionDN[-qlimit][-qused]]

dsget computer ComputerDN[-memberof [-expand]][{-sServer | -dDomain}][-uUserName] [-p {Password | *}] [-c][-q][-l] [{-uc | -uco | -uci}]

Parameters
  • ComputerDN ...
    Required. Specifies the distinguished names of the computer object list that you want to view. If values are omitted, they are obtained through standard input (stdin) to support piping of output from another command to input of this command. Compare with ComputerDN in the next command variation.
  • -dn
    Displays the distinguished names of the computers.
  • -samid
    Displays the computer SAM account names.
  • -sid
    Displays the computer security IDs (SIDs).
  • -desc
    Displays the descriptions of the computers.
  • -loc
    Displays the computer locations.
  • -disabled
    Displays the status of the computer accounts. A value yes returned establishes that the account is disabled; a value of no establishes that the account is enabled.
  • ComputerDN
    Required. Specifies the distinguished name of the single computer you want to view.
  • -memberof
    Displays the immediate list of groups of which the computer is a member. This takes a single target object only as input parameter.
  • -expand
    Displays the recursively expanded list of groups of which the computer is a member. This option takes the immediate group membership list of the computer and then recursively expands each group in this list to determine its group memberships as well to arrive at a complete closure set of the groups.
  • { -sServer| -dDomain}
    Connects to a specified remote server or domain. By default, the computer is connected to the domain controller in the logon domain.
  • -u UserName
    Specifies the user name with which the user logs on to a remote server. By default, -u uses the user name with which the user logged on. You can use any of the following formats to specify a user name:

    • user name (for example, Linda)

    • domain\user name (for example, widgets\Linda)

    • user principal name (UPN) (for example, Linda@widgets.microsoft.com)

  • -p{ Password | *}
    Specifies to use either a password or a * to log on to a remote server. If you type *, you are prompted for a password.
  • -c
    Reports errors, but continues with the next object in the argument list when multiple target objects are specified (continuous operation mode). Without this option, the command exits on the first error.
  • -q
    Suppresses all output to standard output (quiet mode).
  • -l
    Displays entries in a list format. By default, entries are displayed in a table format.
  • { -uc| -uco| -uci}
    Specifies that output or input data is formatted in Unicode. The following table lists and describes each format.
  • -part PartitionDN
    Connects to the directory partition with the distinguished name of PartitionDN.
  • -qlimit
    Displays the effective quota of the computer within the specified directory partition.
  • -qused
    Displays how much of its quota the computer has used within the specified directory partition.
<table>
<colgroup>
<col style="width: 50%" />
<col style="width: 50%" />
</colgroup>
<thead>
<tr class="header">
<th>Value</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td><p><strong>-uc</strong></p></td>
<td><p>Specifies a Unicode format for input from or output to a pipe (|).</p></td>
</tr>
<tr class="even">
<td><p><strong>-uco</strong></p></td>
<td><p>Specifies a Unicode format for output to a pipe (|) or a file.</p></td>
</tr>
<tr class="odd">
<td><p><strong>-uci</strong></p></td>
<td><p>Specifies a Unicode format for input from a pipe (|) or a file.</p></td>
</tr>
</tbody>
</table>
  • /?
    Displays help at the command prompt.
Remarks
  • If you do not supply a target object at the command prompt, the target object is obtained from standard input (stdin). Stdin data can be accepted from the keyboard, a redirected file, or as piped output from another command. To mark the end of stdin data from the keyboard or in a redirected file, use the end-of-file character (CTRL+Z).

  • Use the dsget command to view properties of a specific object in the directory. For more information about using dsquery * to search for all objects that match a specific criterion, see Related Topics.

  • As a result of dsquery searches, you can pipe returned objects to dsget and obtain object properties. See Examples.

  • If a value that you supply contains spaces, use quotation marks around the text (for example, "CN=DC2,OU=Domain Controllers,DC=Microsoft,DC=Com").

  • If you supply multiple values for a parameter, use spaces to separate the values (for example, a list of distinguished names).

Examples

To display the descriptions of all computers in a given organizational unit whose name starts with "tst", type:

dsquery computer OU=Test,DC=Microsoft,DC=Com -name tst* | dsget computer -desc

To display the list of groups, recursively expanded, to which a given computer "MyDBServer" belongs, type:

dsget computer CN=MyDBServer,CN=computers,DC=Microsoft,DC=Com -memberof -expand

dsget contact

Displays the various properties of a contact in the directory.

Syntax

dsget contact ContactDN ...[-dn][-fn][-mi][-ln][-display][-desc][-office][-tel][-email][-hometel][-pager][-mobile][-fax][-iptel][-title][-dept][-company][{-sServer | -dDomain}][-uUserName] [-p {Password | *}] [-c][-q][-l] [{-uc | -uco | -uci}]

Parameters
  • ContactDN ...
    Required. Specifies the distinguished names of the contact objects that you want to view. If this parameter is omitted, its value is taken from standard input (stdin) to support piping of output from another command to input of this command.
  • -dn
    Displays the distinguished names of the contacts.
  • -fn
    Displays the first names of the contacts.
  • -mi
    Displays the middle initials of the contacts.
  • -ln
    Displays the last names of the contacts.
  • -display
    Displays the display names of the contacts.
  • -desc
    Displays the descriptions of the contacts.
  • -office
    Displays the office locations of the contacts.
  • -tel
    Displays the telephone numbers of the contacts.
  • -email
    Displays the e-mail addresses of the contacts.
  • -hometel
    Displays the home telephone numbers of the contacts.
  • -pager
    Displays the pager numbers of the contacts.
  • -mobile
    Displays the mobile phone numbers of the contacts.
  • -fax
    Displays the fax numbers of the contacts.
  • -iptel
    Displays the IP phone number of the contact.
  • -title
    Displays the titles of the contacts.
  • -dept
    Displays the departments of the contacts.
  • -company
    Displays the company information for the contacts.
  • { -sServer| -dDomain}
    Connects to a specified remote server or domain. By default, the computer is connected to the domain controller in the logon domain.
  • -u UserName
    Specifies the user name with which the user logs on to a remote server. By default, -u uses the user name with which the user logged on. You can use any of the following formats to specify a user name:

    • user name (for example, Linda)

    • domain\user name (for example, widgets\Linda)

    • user principal name (UPN) (for example, Linda@widgets.microsoft.com)

  • -p{ Password | *}
    Specifies to use either a password or a * to log on to a remote server. If you type *, you are prompted for a password.
  • -c
    Reports errors, but continues with the next object in the argument list when multiple target objects are specified (continuous operation mode). Without this option, the command exits on the first error.
  • -q
    Suppresses all output to standard output (quiet mode).
  • -l
    Displays entries in a list format. By default, entries are displayed in a table format.
  • { -uc| -uco| -uci}
    Specifies that output or input data is formatted in Unicode. The following table lists and describes each format.

    Value Description

    -uc

    Specifies a Unicode format for input from or output to a pipe (|).

    -uco

    Specifies a Unicode format for output to a pipe (|) or a file.

    -uci

    Specifies a Unicode format for input from a pipe (|) or a file.

  • /?
    Displays help at the command prompt.
Remarks
  • If you do not supply a target object at the command prompt, the target object is obtained from standard input (stdin). Stdin data can be accepted from the keyboard, a redirected file, or as piped output from another command. To mark the end of stdin data from the keyboard or in a redirected file, use the end-of-file character (CTRL+Z).

  • Use the dsget command to view properties of a specific object in the directory. For more information about using dsquery * to search for all objects that match a specific criterion, see Related topics.

  • As a result of dsquery searches, you can pipe returned objects to dsget and obtain object properties.

  • If a value that you supply contains spaces, use quotation marks around the text (for example, "CN=Mike Danseglio,OU=Contacts,DC=Microsoft,DC=Com").

  • If you supply multiple values for a parameter, use spaces to separate the values (for example, a list of distinguished names).

Examples

To display the description and phone numbers for contacts Mike Danseglio and Don Funk, type:

dsget contact "CN=Mike Danseglio,OU=Contacts,DC=Microsoft,DC=Com" "CN=Don Funk,OU=Contacts,DC=Microsoft,DC=Com" -desc -tel

dsget group

Displays the various properties of a group including the members of a group in the directory. There are two variations of this command. The first variation allows you to view the properties of multiple groups. The second variation allows you to view the group membership information of a single group.

Syntax

dsget group GroupDN ...[-dn][-samid][-sid][-desc][-secgrp][-scope][{-sServer | -dDomain}][-uUserName] [-p {Password | *}] [-c][-q][-l][{-uc | -uco | -uci}][-partPartitionDN[-qlimit][-qused]]

dsget group GroupDN[{-memberof | -members}][-expand][{-sServer | -dDomain}][-uUserName][-p {Password | *}] [-c][-q][-l] [{-uc | -uco | -uci}]

Parameters
  • GroupDN ...
    Required. Specifies the distinguished names of the group objects that you want to view. If values are omitted, they are obtained through standard input (stdin) to support piping of output from another command to input of this command. Compare with GroupDN in the next command variation.
  • -dn
    Displays that distinguished names of the groups.
  • -samid
    Displays the SAM account names of the groups.
  • -sid
    Displays the group security IDs (SIDs).
  • -desc
    Displays the descriptions of the groups.
  • -secgrp
    Displays information about whether groups are security groups (yes) or a distribution groups (no).
  • -scope
    Display information about whether group scopes are local, global, or universal.
  • GroupDN
    Required. Specifies the distinguished name of the computer you want to view.
  • { -memberof| -members}
    Displays the immediate list of groups of which the group is a member (-memberof). Displays the immediate list of members of the group (-members).
  • -expand
    In the case of the -memberof parameter, requests that the recursively expanded list of groups in which the group is a member be returned. This option takes the immediate group membership list of the group, and then recursively expands each group in this list to determine its group memberships as well to arrive at a complete closure set of the groups.
In case of the **-members** parameter, requests that the recursively expanded list of members of the group be displayed. This parameter takes the immediate list of members of the group and then recursively expands each group in this list to determine its group memberships as well to arrive at a complete closure set of the members.
  • { -sServer| -dDomain}
    Connects to a specified remote server or domain. By default, the computer is connected to the domain controller in the logon domain.
  • -u UserName
    Specifies the user name with which the user logs on to a remote server. By default, the logged on user name is used. You can specify a user name using one of the following formats:

    • user name (for example, Linda)

    • domain\user name (for example, widgets\Linda)

    • user principal name (UPN) (for example, Linda@widgets.microsoft.com)

  • -p{ Password | *}
    Specifies to use either a password or a * to log on to a remote server. If you type *, you are prompted for a password.
  • -c
    Reports errors, but continues with the next object in the argument list when multiple target objects are specified (continuous operation mode). Without this option, the command exits on the first error.
  • -q
    Suppresses all output to standard output (quiet mode).
  • -l
    Displays entries in a list format. By default, entries are displayed in a table format.
  • { -uc| -uco| -uci}
    Specifies that output or input data is formatted in Unicode. The following table lists and describes each format.
  • -part PartitionDN
    Connects to the directory partition with the distinguished name of PartitionDN.
  • -qlimit
    Displays the effective quota of the group within the specified directory partition.
  • -qused
    Displays how much of its quota the group has used within the specified directory partition.
<table>
<colgroup>
<col style="width: 50%" />
<col style="width: 50%" />
</colgroup>
<thead>
<tr class="header">
<th>Value</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td><p><strong>-uc</strong></p></td>
<td><p>Specifies a Unicode format for input from or output to a pipe (|).</p></td>
</tr>
<tr class="even">
<td><p><strong>-uco</strong></p></td>
<td><p>Specifies a Unicode format for output to a pipe (|) or a file.</p></td>
</tr>
<tr class="odd">
<td><p><strong>-uci</strong></p></td>
<td><p>Specifies a Unicode format for input from a pipe (|) or a file.</p></td>
</tr>
</tbody>
</table>
  • /?
    Displays help at the command prompt.
Remarks
  • If you do not supply a target object at the command prompt, the target object is obtained from standard input (stdin). Stdin data can be accepted from the keyboard, a redirected file, or as piped output from another command. To mark the end of stdin data from the keyboard or in a redirected file, use the end-of-file character (CTRL+Z).

  • Use the dsget command to view properties of a specific object in the directory. For more information about using dsquery * to search for all objects that match a specific criterion, see Related Topics.

  • As a result of dsquery searches, you can pipe returned objects to dsget and obtain object properties. See Examples.

  • If a value that you supply contains spaces, use quotation marks around the text (for example, "CN=USA Sales,OU=Distribution Lists,DC=Microsoft,DC=Com").

  • If you supply multiple values for a parameter, use spaces to separate the values (for example, a list of distinguished names).

Examples

To display the descriptions of all groups in a given organizational unit whose names start with "adm," type:

dsquery group OU=Test,DC=Microsoft,DC=Com -name adm* | dsget group -desc

To display the list of members, recursively expanded, of the group Backup Operators, type:

dsget group "CN=Backup Operators,OU=Test,DC=Microsoft,DC=Com" -members -expand

dsget ou

Displays the various properties of an organizational unit in the directory.

Syntax

dsget ou OrganizationalUnitDN ...[-dn] [-desc][{-sServer | -dDomain}][-uUserName] [-p {Password | *}] [-c][-q][-l] [{-uc | -uco | -uci}]

Parameters
  • OrganizationalUnitDN ...
    Required. Specifies the distinguished names of the organizational units that you want to view. If values are omitted, they are obtained through standard input (stdin) to support piping of output from another command to input of this command.
  • -dn
    Displays the distinguished names of the organizational units.
  • -desc
    Displays the descriptions of the organizational units.
  • { -sServer| -dDomain}
    Connects to a specified remote server or domain. By default, the computer is connected to the domain controller in the logon domain.
  • -u UserName
    Specifies the user name with which the user logs on to a remote server. By default, the logged on user name is used. You can specify a user name using one of the following formats:

    • user name (for example, Linda)

    • domain\user name (for example, widgets\Linda)

    • user principal name (UPN) (for example, Linda@widgets.microsoft.com)

  • -p{ Password | *}
    Specifies to use either a password or a * to log on to a remote server. If you type *, you are prompted for a password.
  • -c
    Reports errors, but continues with the next object in the argument list when multiple target objects are specified (continuous operation mode). Without this option, the command exits on the first error.
  • -q
    Suppresses all output to standard output (quiet mode).
  • -l
    Displays entries in a list format. By default, entries are displayed in a table format.
  • { -uc| -uco| -uci}
    Specifies that output or input data is formatted in Unicode. The following table lists and describes each format.

    Value Description

    -uc

    Specifies a Unicode format for input from or output to a pipe (|).

    -uco

    Specifies a Unicode format for output to a pipe (|) or a file.

    -uci

    Specifies a Unicode format for input from a pipe (|) or a file.

  • /?
    Displays help at the command prompt.
Remarks
  • If you do not supply a target object at the command prompt, the target object is obtained from standard input (stdin). Stdin data can be accepted from the keyboard, a redirected file, or as piped output from another command. To mark the end of stdin data from the keyboard or in a redirected file, use the end-of-file character (CTRL+Z).

  • Use the dsget command to view properties of a specific object in the directory. For more information about using dsquery * to search for all objects that match a specific criterion, see Related Topics.

  • As a result of dsquery searches, you can pipe returned objects to dsget and obtain object properties. See Examples.

  • If a value that you supply contains spaces, use quotation marks around the text (for example, "OU=Domain Controllers,DC=Microsoft,DC=Com").

  • If you supply multiple values for a parameter, use spaces to separate the values (for example, a list of distinguished names).

Examples

To display the descriptions of all organizational units in the current domain, type:

dsquery ou domainroot | dsget ou -desc

dsget server

This command displays the various properties of a domain controller defined in the directory. There are three variations of this command. The first variation displays the general properties of a specified domain controller. The second variation displays a list of the security principals who own the largest number of directory objects on the specified domain controller. The third variation displays the distinguished names of the directory partitions on the specified server.

Syntax

dsget server ServerDN ...[-dn] [-desc] [-dnsname] [-site] [-isgc][{-sServer | -dDomain}][-uUserName] [-p {Password | *}] [-c][-q][-l] [{-uc | -uco | -uci}]

dsget server ServerDN[{-sServer | -dDomain}][-uUserName] [-p {Password | *}] [-c][-q][-l] [{-uc | -uco | -uci}][-topobjownerDisplay]

dsget server ServerDN[{-sServer | -dDomain}][-uUserName] [-p {Password | *}] [-c][-q][-l] [{-uc | -uco | -uci}][-partPartitionDN]

Parameters
  • ServerDN ...
    Required. Specifies the list of server object distinguished names to view. If values are omitted, they are obtained through standard input (stdin) to support piping of output from another command to input of this command.
  • -dn
    Displays the distinguished names of the servers.
  • -desc
    Displays the descriptions of the servers.
  • -dnsname
    Displays the DNS host names of the servers.
  • -site
    Displays the site names to which the servers belongs.
  • -isgc
    Displays information about whether the server is a global catalog (yes) or not (no).
  • { -sServer| -dDomain}
    Connects to a specified remote server or domain. By default, the computer is connected to the domain controller in the logon domain.
  • -u UserName
    Specifies the user name with which the user logs on to a remote server. By default, the logged on user name is used. You can specify a user name using one of the following formats:

    • user name (for example, Linda)

    • domain\user name (for example, widgets\Linda)

    • user principal name (UPN) (for example, Linda@widgets.microsoft.com)

  • -p{ Password | *}
    Specifies to use either a password or a * to log on to a remote server. If you type *, you are prompted for a password.
  • -c
    Reports errors, but continues with the next object in the argument list when multiple target objects are specified (continuous operation mode). Without this option, the command exits on the first error.
  • -q
    Suppresses all output to standard output (quiet mode).
  • -l
    Displays entries in a list format. By default, entries are displayed in a table format.
  • { -uc| -uco| -uci}
    Specifies that output or input data is formatted in Unicode. The following table lists and describes each format.
  • -part PartitionDN
    Connects to the directory partition with the distinguished name of PartitionDN.
  • -topobjowner Display
    Displays a sorted list of the security principals (users, computers, security groups, and inetOrgPersons) that own the largest number of directory objects across all directory partitions on the server and the number of directory objects that they own. The number of accounts to display in the list is specified by Display.To display all object owners, type 0. If you do not specify Display, the number of principals listed defaults to 10.
<table>
<colgroup>
<col style="width: 50%" />
<col style="width: 50%" />
</colgroup>
<thead>
<tr class="header">
<th>Value</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td><p><strong>-uc</strong></p></td>
<td><p>Specifies a Unicode format for input from or output to a pipe (|).</p></td>
</tr>
<tr class="even">
<td><p><strong>-uco</strong></p></td>
<td><p>Specifies a Unicode format for output to a pipe (|) or a file.</p></td>
</tr>
<tr class="odd">
<td><p><strong>-uci</strong></p></td>
<td><p>Specifies a Unicode format for input from a pipe (|) or a file.</p></td>
</tr>
</tbody>
</table>
  • /?
    Displays help at the command prompt.
Remarks
  • If you do not supply a target object at the command prompt, the target object is obtained from standard input (stdin). Stdin data can be accepted from the keyboard, a redirected file, or as piped output from another command. To mark the end of stdin data from the keyboard or in a redirected file, use the end-of-file character (CTRL+Z).

  • Use the dsget command to view properties of a specific object in the directory. For more information about using dsquery * to search for all objects that match a specific criterion, see Related Topics.

  • As a result of dsquery searches, you can pipe returned objects to dsget and obtain object properties. See Examples.

  • If a value that you supply contains spaces, use quotation marks around the text (for example, "CN=My Server,CN=Servers,CN=Site10,CN=Sites,CN=Configuration,DC=Microsoft,DC=Com").

  • If you supply multiple values for a parameter, use spaces to separate the values (for example, a list of distinguished names).

  • The properties requested by this command may reside either in the Server object for the domain controller or in the NTDSDSA object corresponding to the server.

Examples

To find all domain controllers for domain widgets.microsoft.com and display their DNS host name and site name, type:

dsquery server -domain widgets.microsoft.com | dsget server -dnsname -site

To show if a domain controller with the name DC1 is also a global catalog server, type:

dsget server CN=DC1,CN=Servers,CN=Site10,CN=Sites,CN=Configuration,DC=Microsoft,DC=Com -isgc

To display a sorted list of security principals who own the largest number of objects on the domain controller server1.widgets.microsoft.com, type:

dsget server CN=server1,CN=widgets,DC=Microsoft,DC=com -topobjowner

dsget user

Display the various properties of a user in the directory. There are two variations of this command. The first variation allows you to view the properties of multiple users. The second variation allows you to view the group membership information of a single user.

Syntax

dsget user UserDN ...[-dn][-samid] [-sid][-upn] [-fn] [-mi] [-ln] [-display] [-empid][-desc][-office] [-tel] [-email] [-hometel] [-pager] [-mobile][-fax] [-iptel][-webpg][-title][-dept][-company][-mgr][-hmdir][-hmdrv][-profile][-loscr][-mustchpwd][-canchpwd][-pwdneverexpires][-disabled][-acctexpires][-reversiblepwd][{-uc | -uco | -uci}][-partPartitionDN[-qlimit][-qused]]

dsget user UserDN[-memberof] [-expand][{-uc | -uco | -uci}]

Parameters
  • UserDN ...
    Required. Specifies the distinguished names of the user objects that you want to view. If values are omitted, they are obtained through standard input (stdin) to support piping of output from another command to input of this command. Compare with UserDN in the next command variation.
  • -dn
    Displays the distinguished names of the users.
  • -samid
    Displays the SAM account names of the users.
  • -sid
    Displays the user security IDs (SIDs).
  • -upn
    Displays the user principal names of the users.
  • -fn
    Displays the first names of the users.
  • -mi
    Displays the middle initials of the users.
  • -ln
    Displays the last names of the users.
  • -display
    Displays the display names of the users.
  • -empid
    Displays the employee IDs of the users.
  • -desc
    Displays the descriptions of the users.
  • -full
    Displays the full names of the users.
  • -office
    Displays the office locations of the users.
  • -tel
    Displays the telephone numbers of the users.
  • -email
    Displays the e-mail addresses of the users.
  • -hometel
    Displays the home telephone numbers of the users.
  • -pager
    Displays the pager numbers of the users.
  • -mobile
    Displays the mobile phone numbers of the users.
  • -fax
    Displays the fax numbers of the users.
  • -iptel
    Displays the user IP phone numbers.
  • -webpg
    Displays the user Web page URLs.
  • -title
    Displays the titles of the users.
  • -dept
    Displays the departments of the users.
  • -company
    Displays the company information for the users.
  • -mgr
    Displays the user managers of the users.
  • -hmdir
    Displays the drive letter to which the home directory of the user is mapped to if the home directory path is a UNC path.
  • -hmdrv
    Displays the user's home drive letter if home directory is a UNC path.
  • -profile
    Displays the user profile paths.
  • -loscr
    Displays the user logon script paths.
  • -mustchpwd
    Displays information about whether users must change their passwords at the time of next logon (yes) or not (no).
  • -canchpwd
    Displays information about whether users can change their password (yes) or not (no).
  • -pwdneverexpires
    Displays information about whether the user passwords never expires (yes) or not (no).
  • -disabled
    Displays information about whether user accounts are disabled for logon (yes) or not (no).
  • -acctexpires
    Displays dates indicating when user accounts expire. If the accounts never expire, never is displayed.
  • -reversiblepwd
    Displays information about whether the user passwords are allowed to be stored using reversible encryption (yes) or not (no).
  • UserDN
    Required. Specifies the distinguished name of the user you want to view.
  • -memberof
    Displays the immediate list of groups of which the user is a member.
  • -expand
    Displays the recursively expanded list of groups of which the user is a member. This option takes the immediate group membership list of the user, and then recursively expands each group in this list to determine its group memberships as well to arrive at a complete closure set of the groups.
  • { -uc| -uco| -uci}
    Specifies that output or input data is formatted in Unicode. The following table lists and describes each format.
  • -part PartitionDN
    Connect to the directory partition with the distinguished name of PartitionDN.
  • -qlimit
    Displays the effective quota of the user within the specified directory partition.
  • -qused
    Displays how much of the quota the user has used within the specified directory partition.
<table>
<colgroup>
<col style="width: 50%" />
<col style="width: 50%" />
</colgroup>
<thead>
<tr class="header">
<th>Value</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td><p><strong>-uc</strong></p></td>
<td><p>Specifies a Unicode format for input from or output to a pipe (|).</p></td>
</tr>
<tr class="even">
<td><p><strong>-uco</strong></p></td>
<td><p>Specifies a Unicode format for output to a pipe (|) or a file.</p></td>
</tr>
<tr class="odd">
<td><p><strong>-uci</strong></p></td>
<td><p>Specifies a Unicode format for input from a pipe (|) or a file.</p></td>
</tr>
</tbody>
</table>
  • /?
    Displays help at the command prompt.
Remarks
  • If you do not supply a target object at the command prompt, the target object is obtained from standard input (stdin). Stdin data can be accepted from the keyboard, a redirected file, or as piped output from another command. To mark the end of stdin data from the keyboard or in a redirected file, use the end-of-file character (CTRL+Z).

  • Use the dsget command to view properties of a specific object in the directory. For more information about using dsquery * to search for all objects that match a specific criterion, see Related Topics.

  • As a result of dsquery searches, you can pipe returned objects to dsget and obtain object properties. See Examples.

  • The -canchpwd is an estimate on whether the user is allowed to change his password. This estimate has to do with the way the access control lists (ACLs) on the object are interpreted in order to arrive at the yes or no answer. The precise certainty regarding a user's ability to change a password can only be known by trying to change the password. This non-authoritative answer is not specific to this command-line tool, but is also inherent in the User Properties dialog box in Active Directory Users and Computers in Microsoft Management Console (MMC).

  • When none of the specific property parameters are specified for the dsget user command, the default set of user properties to display include the following: distinguished name, SAM account name, and description.

  • When the -memberof parameter is specified, it overrides all other parameters and only the membership list for the user is displayed.

Examples

To find all users in a given organizational unit whose name starts with "jon" and show their descriptions, type:

dsquery user OU=Test,dc=ms,dc=tld -name jon* | dsget user -desc

To show the list of groups, recursively expanded, to which a given user "Mike Danseglio" belongs, type:

dsget user "CN=Mike Danseglio,CN=users,dc=ms,dc=tld" -memberof -expand

dsget subnet

Displays properties of a subnet defined in the directory.

Syntax

dsget subnet SubnetDN ...[-dn][-desc] [-loc] [-site][{-sServer | -dDomain}][-uUserName] [-p {Password | *}][-c][-q][-l] [{-uc | -uco | -uci}]

Parameters
  • SubnetDN ...
    Required. Specifies the common names of one or more subnets that you want to view.
  • -dn
    Displays the distinguished names of the subnets. If values are omitted, they are obtained through standard input (stdin) to support piping of output from another command to input of this command.
  • -desc
    Displays the descriptions of the subnets.
  • -loc
    Displays the subnet locations.
  • -site
    Displays the site names associated with the subnets.
  • { -sServer| -dDomain}
    Connects to a specified remote server or domain. By default, the computer is connected to the domain controller in the logon domain.
  • -u UserName
    Specifies the user name with which the user logs on to a remote server. By default, the logged on user name is used. You can specify a user name using one of the following formats:

    • user name (for example, Linda)

    • domain\user name (for example, widgets\Linda)

    • user principal name (UPN) (for example, Linda@widgets.microsoft.com)

  • -p{ Password | *}
    Specifies to use either a password or a * to log on to a remote server. If you type *, you are prompted for a password.
  • -c
    Reports errors, but continues with the next object in the argument list when multiple target objects are specified (continuous operation mode). Without this option, the command exits on the first error.
  • -q
    Suppresses all output to standard output (quiet mode).
  • -l
    Displays entries in a list format. By default, entries are displayed in a table format.
  • { -uc| -uco| -uci}
    Specifies that output or input data is formatted in Unicode. The following table lists and describes each format.

    Value Description

    -uc

    Specifies a Unicode format for input from or output to a pipe (|).

    -uco

    Specifies a Unicode format for output to a pipe (|) or a file.

    -uci

    Specifies a Unicode format for input from a pipe (|) or a file.

  • /?
    Displays help at the command prompt.
Remarks
  • If you do not supply a target object at the command prompt, the target object is obtained from standard input (stdin). Stdin data can be accepted from the keyboard, a redirected file, or as piped output from another command. To mark the end of stdin data from the keyboard or in a redirected file, use the end-of-file character (CTRL+Z).

  • Use the dsget command to view properties of a specific object in the directory. For more information about using dsquery * to search for all objects that match a specific criterion, see Related Topics.

  • As a result of dsquery searches, you can pipe returned objects to dsget and obtain object properties.

  • If a value that you supply contains spaces, use quotation marks around the text.

  • If you supply multiple values for a parameter, use spaces to separate the values (for example, a list of subnet common names).

Examples

To display all relevant properties for the subnets 206.73.118.0/24 and 207.209.68.0/24, type:

dsget subnet "206.73.118.0/24" "207.209.68.0/24"

dsget site

Displays the various properties of a site defined in the directory.

Syntax

dsget site SiteCN ...[-dn] [-desc] [-autotopology] [-cachegroups] [-prefGCsite][{-sServer | -dDomain}][-uUserName] [-p {Password | *}] [-c][-q][-l] [{-uc | -uco | -uci}]

Parameters
  • SiteCN ...
    Required. Specifies the common name of one or more sites that you want to view. If values are omitted, they are obtained through standard input (stdin) to support piping of output from another command to input of this command.
  • -dn
    Displays the distinguished names of the sites.
  • -desc
    Displays the descriptions of the sites.
  • -autotopology
    Displays information about whether automatic intersite topology generation is enabled (yes) or disabled (no) for specified sites.
  • -cachegroups
    Displays information about whether caching of universal group memberships for this site is enabled (yes) or disabled (no) to support logons that do not check the global catalog.
  • -prefGCsite
    Displays the name of the preferred global catalog site used to refresh universal group membership caching for this site’s domain controllers, if universal group membership caching has been enabled.
  • { -sServer| -dDomain}
    Connects to a specified remote server or domain. By default, the computer is connected to the domain controller in the logon domain.
  • -u UserName
    Specifies the user name with which the user logs on to a remote server. By default, the logged on user name is used. You can specify a user name using one of the following formats:

    • user name (for example, Linda)

    • domain\user name (for example, widgets\Linda)

    • user principal name (UPN) (for example, Linda@widgets.microsoft.com)

  • -p{ Password | *}
    Specifies to use either a password or a * to log on to a remote server. If you type *, you are prompted for a password.
  • -c
    Reports errors, but continues with the next object in the argument list when multiple target objects are specified (continuous operation mode). Without this option, the command exits on the first error.
  • -q
    Suppresses all output to standard output (quiet mode).
  • -l
    Displays entries in a list format. By default, entries are displayed in a table format.
  • { -uc| -uco| -uci}
    Specifies that output or input data is formatted in Unicode. The following table lists and describes each format.

    Value Description

    -uc

    Specifies a Unicode format for input from or output to a pipe (|).

    -uco

    Specifies a Unicode format for output to a pipe (|) or a file.

    -uci

    Specifies a Unicode format for input from a pipe (|) or a file.

  • /?
    Displays help at the command prompt.
Remarks
  • If you do not supply a target object at the command prompt, the target object is obtained from standard input (stdin). Stdin data can be accepted from the keyboard, a redirected file, or as piped output from another command. To mark the end of stdin data from the keyboard or in a redirected file, use the end-of-file character (CTRL+Z).

  • Use the dsget command to view properties of a specific object in the directory. For more information about using dsquery * to search for all objects that match a specific criterion, see Related Topics.

  • As a result of dsquery searches, you can pipe returned objects to dsget and obtain object properties. See Examples.

  • If a value that you supply contains spaces, use quotation marks around the text (for example, "CN=Mike Danseglio,CN=Users,DC=Microsoft,DC=Com").

  • If you supply multiple values for a parameter, use spaces to separate the values (for example, a list of distinguished names).

Examples

To find all sites in the forest and display their descriptions, type:

dsquery site | dsget site -dn -desc

dsget quota

Displays the properties of a quota specification defined in the directory. A quota specification determines the maximum number of directory objects a given security principal can own in a specific directory partition.

Syntax

dsget quota ObjectDN ... [-dn] [-acct] [-qlimit] [{-sServer | -dDomain}][-uUserName] [-p {Password | *}] [-c][-q][-l] [{-uc | -uco | -uci}]

Parameters
  • ObjectDN...
    Required. Specifies the distinguished names of the quota objects to view. If values are omitted, they are obtained through standard input (stdin) to support piping of output from another command to input of this command.
  • -dn
    Displays the distinguished names of the quota objects.
  • -acct
    Displays the distinguished names of the accounts to which the quotas are assigned.
  • -qlimit
    Displays the quota limits for the specified quotas. An unlimited quota displays as "-1".
  • { -sServer| -dDomain}
    Connects to a specified remote server or domain. By default, the computer is connected to the domain controller in the logon domain.
  • -u UserName
    Specifies the user name with which the user logs on to a remote server. By default, the logged on user name is used. You can specify a user name using one of the following formats:

    • user name (for example, Linda)

    • domain\user name (for example, widgets\Linda)

    • user principal name (UPN) (for example, Linda@widgets.microsoft.com)

  • -p{ Password | *}
    Specifies to use either a password or a * to log on to a remote server. If you type *, you are prompted for a password.
  • -c
    Reports errors, but continues with the next object in the argument list when multiple target objects are specified (continuous operation mode). Without this option, the command exits on the first error.
  • -q
    Suppresses all output to standard output (quiet mode).
  • -l
    Displays entries in a list format. By default, entries are displayed in a table format.
  • { -uc| -uco| -uci}
    Specifies that output or input data is formatted in Unicode. The following table lists and describes each format.

    Value Description

    -uc

    Specifies a Unicode format for input from or output to a pipe (|).

    -uco

    Specifies a Unicode format for output to a pipe (|) or a file.

    -uci

    Specifies a Unicode format for input from a pipe (|) or a file.

  • /?
    Displays help at the command prompt.
Remarks
  • If you do not specify a target object at the command prompt, the target object is obtained from standard input (stdin). Stdin data can be accepted from the keyboard, a redirected file, or as piped output from another command. To mark the end of stdin data from the keyboard or in a redirected file, use CTRL+Z for End of File (EOF).

  • If you do not specify any of the optional parameters, the distinguished names of the quota specifications, the accounts to which the quotas are assigned, and the quota limits are all displayed.

  • Use the dsget command to view properties of a specific object in the directory. For more information about using dsquery * to search for all objects that match a specific criterion, see Related Topics.

  • As a result of dsquery searches, you can pipe returned objects to dsget and obtain object properties. For more information, see the Examples section of this topic.

  • If a value that you use contains spaces, use quotation marks around the text (for example, "CN=Mike Danseglio,CN=Users,DC=Microsoft,DC=Com").

  • If you use multiple values for a parameter, use spaces to separate the values (for example, a list of distinguished names).

Examples

To display the account to which the quota is assigned, and the quota limit for the quota specification "CN=quota1,dc=marketing,dc=northwindtraders,dc=com", type:

dsget quota CN=quota1,dc=marketing,dc=northwindtraders,dc=com -acct -qlimit

dsget partition

Displays the properties of a directory partition.

Syntax

dsget partition ObjectDN ... [-dn] [-qdefault] [-qtmbstnwt] [-topobjownerDisplay] [{-sServer | -dDomain}][-uUserName] [-p {Password | *}] [-c][-q][-l] [{-uc | -uco | -uci}]

Parameters
  • ObjectDN...
    Required. Specifies the distinguished names (also known as DN) of the partition objects to view. If values are omitted, they are obtained through standard input (stdin) to support piping of output from another command to input of this command.
  • -dn
    Displays the distinguished names of the directory partition objects.
  • -qdefault
    Displays the default quota that applies to any security principal (for example, user, group, computer, or iNetOrg person) creating an object in the directory partition, if no specific quota specification governs that security principal. An unlimited quota displays as "-1".
  • -qtmbstnwt
    Displays the percent by which the tombstone object count should be reduced when calculating quota usage.
  • -topobjowner Display
    Displays a sorted list of the security principals (users, computers, security groups, and inetOrgPersons) that own the largest number of objects in the specified directory partition and the number of directory objects that they own. The number of accounts to display in the list is specified by Display. To display all object owners, type 0. If you do not specify Display, the number of principals listed defaults to 10.
  • { -sServer| -dDomain}
    Connects to a specified remote server or domain. By default, the computer is connected to the domain controller in the logon domain.
  • -u UserName
    Specifies the user name with which the user logs on to a remote server. By default, the logged on user name is used. You can specify a user name using one of the following formats:

    • user name (for example, Linda)

    • domain\user name (for example, widgets\Linda)

    • user principal name (UPN) (for example, Linda@widgets.microsoft.com)

  • -p{ Password | *}
    Specifies to use either a password or a * to log on to a remote server. If you type *, you are prompted for a password.
  • -c
    Reports errors, but continues with the next object in the argument list when multiple target objects are specified (continuous operation mode). Without this option, the command exits on the first error.
  • -q
    Suppresses all output to standard output (quiet mode).
  • -l
    Displays entries in a list format. By default, entries are displayed in a table format.
  • { -uc| -uco| -uci}
    Specifies that output or input data is formatted in Unicode. The following table lists and describes each format.

    Value Description

    -uc

    Specifies a Unicode format for input from or output to a pipe (|).

    -uco

    Specifies a Unicode format for output to a pipe (|) or a file.

    -uci

    Specifies a Unicode format for input from a pipe (|) or a file.

  • /?
    Displays help at the command prompt.
Remarks
  • If you do not specify a target object at the command prompt, the target object is obtained from standard input (stdin). Stdin data can be accepted from the keyboard, a redirected file, or as piped output from another command. To mark the end of stdin data from the keyboard or in a redirected file, use CTRL+Z for End of File (EOF).

  • When none of the optional parameters is specified, the distinguished name of the directory partition object is displayed.

  • When -topobjowner is specified, it overrides any other specified parameters, so that only the results of -topobjowner are displayed.

  • Use the dsget command to view properties of a specific object in the directory. For more information about using dsquery * to search for all objects that match a specific criterion, see Related Topics.

  • As a result of dsquery searches, you can pipe returned objects to dsget and obtain object properties. For more information, see the Examples section of this topic.

  • If a value that you use contains spaces, use quotation marks around the text (for example, "CN=Mike Danseglio,CN=Users,DC=Microsoft,DC=Com").

  • If you use multiple values for a parameter, use spaces to separate the values (for example, a list of distinguished names).

Examples

To display all directory partitions in the forest northwindtraders.com that begin with "application" along with the top three object owners from each partition, type: "CN=quota1,dc=marketing,dc=northwindtraders,dc=com", type:

dsquery server -forest -part application* | dsget server -part | dsget partition -topjobowner 3

Formatting legend

Format Meaning

Italic

Information that the user must supply

Bold

Elements that the user must type exactly as shown

Ellipsis (...)

Parameter that can be repeated several times in a command line

Between brackets ([])

Optional items

Between braces ({}); choices separated by pipe (|). Example: {even|odd}

Set of choices from which the user must choose only one

Courier font

Code or program output

See Also

Concepts

Directory service command-line tools
Dsquery
Command-line reference A-Z
Command shell overview