There are some interesting ways to combine output from some of the active directory command line tools such on Windows 2003 servers such as dsquery and dsget. These commands lend themselves well to piping output from one to another. For example, a list of users from DSQUERY can be piped to DSGET to display the username, group membership, or any number of user attributes. You can even combine more than one pipe. For example, suppose you wanted to find the display name and home directory for all of the members of a set of groups, Marketing Managers, Marketing Users, Marketing HR, Marketing Executives, and any other groups that start with the word "Marketing."
dsquery group -name "Marketing *" dsget group -members dsget user -display -hmdir
This command will take the output from the first dsquery command which will be something like this: "CN=Marketing Managers, OU=Marketing,DC=Contoso,DC=com"
"CN=Marketing Users, OU=Marketing,DC=Contoso,DC=com"
..etc..
This output is piped as input to the next query, which will execute as:
dsget group -members "CN=Marketing Managers, OU=Marketing,DC=Contoso,DC=com
dsget group -members "CN=Marketing Users, OU=Marketing,DC=Contoso,DC=com"
..etc..
Finally, the list of usernames will be piped to the dsget query as something like this:
dsget user "CN=mjones,OU=Marketing,DC=Contoso,DC=com" -display -hmdir
...etc..
There are lots of different ways this type of piping between Active Directory commands can be used in creative ways. Sometimes a script is a better choice depending on what type of query is needed, but if you want to grab some information from active directory quickly, just using these commands and piping between them can be a good alternative. For more information on the DSQUERY, DSGET and other active directory command line tools, check out Technet:
Directory service command-line tools
http://technet2.microsoft.com/WindowsServer/en/library/46ba1426-43fd-4985-b429-cd53d3046f011033.mspx?mfr=true
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment