Search for computers in active directory.
Syntax
DSQuery Computer [{StartNode | forestroot | domainroot}]
[-o {dn | rdn | samid}] [-scope {subtree | onelevel | base}]
[-name Name] [-desc Description] [-samid SAMName] [-inactive NumberOfWeeks]
[-stalepwd NumberOfDays] [-disabled]
[{-s Server | -d Domain}] [-u UserName] [-p {Password | *}]
[-q] [-r] [-gc] [-limit NumberOfObjects] [{-uc | -uco | -uci}]
Key
StartNode | forestroot | domainroot The node in the console tree where the search starts.
forestroot = search using the global catalog.
-o The format used to display the search results.
dn = distinguished name.
rdn = relative distinguished name.
samid = Security Accounts Manager (SAM) account name.
-scope The scope of the search:
subtree = subtree that is rooted at the start node in the console tree.
onelevel = immediate children of the start node only.
base = single object that the start node represents.
If forestroot is the StartNode, then subtree is the only valid scope.
-name Search for computer(s) whose name attribute(CN) matches Name.
For example, "br*"
-desc Search for computer(s) whose description matches. For example, "dell*"
-samid Search for computer(s) whose SAM account names match SAMName
-inactive Search for computer(s) that have been inactive for N number of weeks
-stalepwd Search for computer(s) whose passwords have not changed for n number of days.
-disabled Search for computer(s) whose accounts are disabled.
-s Server to connect to (Default=the domain controller in the logon domain.)
-d Domain to connect to.
-u Username with which the user logs on to a remote server.
-p Password (UserName or Domain\UserName or Username@domain.com)
-q Quiet, suppress all output
-r Recursive search (follow referrals)
-gc Use the AD global catalog during the search.
-limit The maximum number of objects to return, default=100.
-uc Unicode format
-uco Unicode format for output only
-uci Unicode format for input only
Examples
Find all computers on the current domain with a name that starts with "wks" :
C:\> dsquery computer -name wks* -desc desktop*
Find all computers in the Aberdeen OU:
C:\> dsquery computer ou=Aberdeen,ou=Workstations,dc=ss64,dc=com
List the first 500 inactive computer accounts (more than 52 weeks inactive):
C:\> dsquery computer -inactive 52 -limit 500
Disable all inactive computer accounts (more than 52 weeks inactive):
C:\> dsquery computer -inactive 52 | dsmod computer -disabled yes
Delete all inactive computer accounts (more than 52 weeks inactive):
C:\> dsquery computer -inactive 52 | dsrm -noprompt
“The best weapon against an enemy is another enemy" ~ Friedrich Nietzsche
Related:
DSQuery Server - Search for server.
DSAdd - Add object.
DSMod - Modify object.
DSGet - Display object.
DSMove - Move object.
DSQuery - Search for objects.
DSRM - Delete object.
PowerShell: Get-adComputer - Get one or more AD computers.