Dsquery and dsget

Dsquery and dsget are a couple command line tools you can utilize to quickly search for specific objects in your domain.

Dsquery as the name implies queries the directory by using search criteria that you specify in the command.

Dsget is used to display the properties of a specific object and it can be useful to pipe the output of dsquery into dsget.


Here are some common ways you might use the commands:


Dsquery user –name “John Doe”

  • This will display the full path of the distinguished name of the user object in active directory


    • Dsquery user –name “John Doe” | dsget –email

  • If we pipe the command to dsget we can then set additional parameters and in this case get the users email address


    • Dsquery user –name “John Doe” | dsget user –disabled

  • This will tell us if the user account is disabled


    • Dsquery user –name “John Doe” | dsget user –memberof

  • This will tell use all the groups the member is a part of.


    • Dsquery computer –name computer01

  • This will show the full path of the distinguished name for the computer object in active directory


    • Dsquery computer “OU=laptops,OU=computers,OU=Edmonton, DC=contoso,DC=com”

  • This will show a list of all computers in the laptops OU


    • Dsget computer “CN=user1-1234,OU=laptops,OU=computers, OU=Edmonton,DC=contoso,DC=com”     -memberof

  • This will show what groups the computer account is a member of


    • Dsquery computer -name user1-1234 | dsget computer -memberof

  • This will do the same as the above command


    • Dsquery computer –name computer01 | dsget computer –samid

  • This will display the samid for the computer account


    • Dsquery computer –name computer01 | dsget computer –sid

  • This will display the SID for the computer account