Page 1 of 1

DSQUERY

Posted: Wed May 05, 2010 2:10 am
by pjones
I am trying to automate the cleanout of stale records from AD.

Here is the query set I have so far.

dsquery * -filter "&(objectCategory=group)(!member=*)" -limit 0 > "C:DSQUERYADGROUPSemptygrp.txt"dsquery * domainroot -filter "(&(objectCategory=Person)(objectClass=User)(userAccountControl:1.2.840.113556.1.4.803:=32))" -limit 0 > "C:DSQUERYADUSERSnopwd.txt"dsquery * domainroot -filter "(&(objectCategory=Person)(objectClass=User)(userAccountControl:1.2.840.113556.1.4.803:=65536))" -limit 0 > "C:DSQUERYADUSERSnoexpire.txt"dsquery user domainroot -stalepwd 90 -limit 0 > "C:DSQUERYADUSERSstaleusr.txt"dsquery user domainroot -inactive 13 -limit 0 > "C:DSQUERYADUSERSinacuser.txt"dsquery computer -inactive 13 -limit 0 > "C:DSQUERYADCOMPUTERSinaccomp.txt"dsquery computer -stalepwd 90 -limit 0 > "C:DSQUERYADCOMPUTERSstalcomp.txt"

What I would like to be able to do is omit Disabled objects from the results. Is there any way to do this?

DSQUERY

Posted: Wed May 05, 2010 3:07 am
by jvierra
The following query returns everything that does not have this atribvute set or that does not have this attribute defined.
(&(!userAccountControl:1.2.840.113556.1.4.803:=2))

Code: Select all

	
dsquery * -filter "(&(!userAccountControl:1.2.840.113556.1.4.803:=2))"
	

DSQUERY

Posted: Wed May 05, 2010 3:26 am
by jvierra

Code: Select all

	
dsquery * -filter "(&(&(objectCategory=computer)(!userAccountControl:1.2.840.113556.1.4.803:=2)))" | dsquery computer -inactive 1
	
 
	
dsquery * -filter "(&(&(objectCategory=computer)(!userAccountControl:1.2.840.113556.1.4.803:=2)))" |dsquery computer -stalepwd 90 -limit 0 
	
 
	

The cascade can only be done in this order.


DSQUERY

Posted: Thu May 06, 2010 2:08 am
by jvierra
DisabledStale %date%
with no quotes should work

DSQUERY

Posted: Thu May 06, 2010 3:06 am
by pjones
Nope, dsmod failed: 06/05/2010 is an unknown parameter.