No announcement yet.

dsquery or adfind (query building)

  • Filter
  • Time
  • Show
Clear All
new posts

  • dsquery or adfind (query building)

    First of all i would like to say that i hope all of you had an awsome holiday! I am new here and hope to keep coming back, used to roam the old sysop forums for a very long time. Anywho!

    I am trying to grab some information from AD using both dsquery and or adfind. We are running windows 2003 in our environment and im a little new to actually having to pull info from it, other than resetting passwords for end users.

    I would like to pull any and all users from AD. I am then going to sift through this list for anything matching a certain keyword and port the results out to a text file.. Some OU's in our structure are named after managers and under each Manager named OU are all the people in thier group. As an example:
    import os
    def main():
        query = os.popen('dsquery user -name a* -limit 10 |dsget user -display -samid -dn')
        x =
        for agent in 'TSE':
            if agent in x:
                print '%s\n' % x
    So what this script will do is based off words in the OU name, either print out the -display and -samid or just ignore(pass) if it doesnt find the keyword in the OU name. Is there a better way of doing this? Im having to put "-dn" in the search for dsquery and this is really messing with output formating.

    Is there possibly a way to pull and and all OU's matching this same keyword type filter? maybe something like this

    the mock OU name is something like: "Im In The TSE Group"

    dsquery -OU "*TSE*" | dsget user -name -display -samid

    That way i can pull all of ad and sift through it and take what i need.

    by the way, the script above is python

    Thanks in advance!
    Last edited by omfg; 2nd January 2011, 21:15.

  • #2
    Re: dsquery or adfind (query building)

    Well, just updating my thoughts on this a little more.

    I can sort or filter by description also, so was hoping:

    dsquery name -desc *TSE* | dsget name -display -samid
    doesnt work, also tried something like :

    dsquery * -filter "(&(objectcategory=person) (objectclass=user) (Description=*TSE*))"
    Still nothing. Can i not call the description tag like this?


    • #3
      Re: dsquery or adfind (query building)

      Resolved it, this line here will pull all of AD and filter by my keywords that we have in the description. Thank you anyway!!

      Posting this resolve incase someone else needs help doing this.

      dsquery * -filter "(&(objectcategory=person) (objectclass=user) (description=*TSE*))" -limit 0 | dsget user -display -samid