I am trying to automate the cleanout of stale records from AD.
Here is the query set I have so far.
dsquery * -filter "&(objectCategory=group)(!member=*)" -limit 0 > "C:DSQUERYADGROUPSemptygrp.txt"dsquery * domainroot -filter "(&(objectCategory=Person)(objectClass=User)(userAccountControl:1.2.840.113556.1.4.803:=32))" -limit 0 > "C:DSQUERYADUSERSnopwd.txt"dsquery * domainroot -filter "(&(objectCategory=Person)(objectClass=User)(userAccountControl:1.2.840.113556.1.4.803:=65536))" -limit 0 > "C:DSQUERYADUSERSnoexpire.txt"dsquery user domainroot -stalepwd 90 -limit 0 > "C:DSQUERYADUSERSstaleusr.txt"dsquery user domainroot -inactive 13 -limit 0 > "C:DSQUERYADUSERSinacuser.txt"dsquery computer -inactive 13 -limit 0 > "C:DSQUERYADCOMPUTERSinaccomp.txt"dsquery computer -stalepwd 90 -limit 0 > "C:DSQUERYADCOMPUTERSstalcomp.txt"
What I would like to be able to do is omit Disabled objects from the results. Is there any way to do this?
DSQUERY
Forum rules
Do not post any licensing information in this forum.
Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
Do not post any licensing information in this forum.
Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
DSQUERY
The following query returns everything that does not have this atribvute set or that does not have this attribute defined.
(&(!userAccountControl:1.2.840.113556.1.4.803:=2))
(&(!userAccountControl:1.2.840.113556.1.4.803:=2))
Code: Select all
dsquery * -filter "(&(!userAccountControl:1.2.840.113556.1.4.803:=2))"
DSQUERY
Code: Select all
dsquery * -filter "(&(&(objectCategory=computer)(!userAccountControl:1.2.840.113556.1.4.803:=2)))" | dsquery computer -inactive 1
dsquery * -filter "(&(&(objectCategory=computer)(!userAccountControl:1.2.840.113556.1.4.803:=2)))" |dsquery computer -stalepwd 90 -limit 0
The cascade can only be done in this order.