Dec 07

Here is the command that will get you a list of which login script your users are using.  Per user

dsquery user -name * -limit 0 | dsget user -display -loscr > c:\final.txt

Final.txt will contain the list you want.

You can run this directly from your active directory server.  Using my example above you can pull any information out of active directory you like.  Here are the parameters for the two command lines used.

dsquery.exe
Here are the parameters for the dsquery user command:
Parameters
{StartNode | forestroot | domainroot}
Specifies the node where the search will start. You can specify the forest root (forestroot), domain root (domainroot), or a node’s distinguished name (StartNode). If forestroot is specified, the search is done using the global catalog. The default value is domainroot.
-o {dn | rdn | upn | samid}
Specifies the format in which the list of entries found by the search will be displayed. A dn value displays the distinguished name of each entry. A rdn value displays the relative distinguished name of each entry. A upn value displays the user principal name of each entry. A samid value displays the SAM account name of each entry. By default, the dn format is used.
-scope {subtree | onelevel | base}
Specifies the scope of the search. A value of subtree indicates that the scope is a subtree rooted at start node. A value of onelevel indicates the immediate children of start node only. A value of base indicates the single object represented by start node. If forestroot is specified as StartNode, subtree is the only valid scope. By default, the subtree search scope is used.
-name Name
Searches for users whose name attributes (value of CN attribute) matches Name. For example, “jon*” or “*ith” or “j*th”.
-desc Description
Searches for users whose description attribute matches Description. For example, “jon*” or “*ith” or “j*th”.
-upn UPN
Searches for users whose UPN attribute matches UPN.
-samid SAMName
Searches for users whose SAM account name matches SAMName.
-inactive NumberOfWeeks
Searches for to find all users that have been inactive (stale) for at least the specified number of weeks.
-stalepwd NumberOfDays
Searches for all users that have not changed their password for at least the specified number of days.
-disabled
Searches for all users whose accounts are disabled.
{-s Server | -d Domain}
Connects to a specified remote server or domain. By default, the computer is connected to the domain controller in the logon domain.
-u UserName
Specifies the user name with which the user logs on to a remote server. By default, -u uses the user name with which the user logged on. You can use any of the following formats to specify a user name:
user name (for example, Linda)
domain\user name (for example, widgets\Linda)
user principal name (UPN) (for example, [email protected])
-p {Password | *}
Specifies to use either a password or a * to log on to a remote server. If you type *, you are prompted for a password.
-q
Suppresses all output to standard output (quiet mode).
-r
Specifies that the search use recursion or follow referrals during search. By default, the search will not follow referrals during search.
-gc
Specifies that the search use the Active Directory global catalog.
-limit NumberOfObjects
Specifies the number of objects that match the given criteria to be returned. If the value of NumberOfObjects is 0, all matching objects are returned. If this parameter is not specified, by default the first 100 results are displayed.
{-uc | -uco | -uci}
Specifies that output or input data is formatted in Unicode. The following table lists and describes each format. Value Description
-uc Specifies a Unicode format for input from or output to a pipe (|).
-uco Specifies a Unicode format for output to a pipe (|) or a file.
-uci Specifies a Unicode format for input from a pipe (|) or a file.

dsget.exe

Here is a list of objects dsget can extract attributes from:
DSGET COMPUTER
DSGET CONTACT
DSGET SUBNET
DSGET GROUP
DSGET OU
DSGET SERVER
DSGET SITE
DSGET USER
DSGET QUOTA
DSGET PARTITION

Here is a list of attributes dsget can return for the USER object:
-dn
Displays the distinguished names of the users.
-samid
Displays the SAM account names of the users.
-sid
Displays the user security IDs (SIDs).
-upn
Displays the user principal names of the users.
-fn
Displays the first names of the users.
-mi
Displays the middle initials of the users.
-ln
Displays the last names of the users.
-display
Displays the display names of the users.
-empid
Displays the employee IDs of the users.
-desc
Displays the descriptions of the users.
-full
Displays the full names of the users.
-office
Displays the office locations of the users.
-tel
Displays the telephone numbers of the users.
-email
Displays the e-mail addresses of the users.
-hometel
Displays the home telephone numbers of the users.
-pager
Displays the pager numbers of the users.
-mobile
Displays the mobile phone numbers of the users.
-fax
Displays the fax numbers of the users.
-iptel
Displays the user IP phone numbers.
-webpg
Displays the user Web page URLs.
-title
Displays the titles of the users.
-dept
Displays the departments of the users.
-company
Displays the company information for the users.
-mgr
Displays the user managers of the users.
-hmdir
Displays the drive letter to which the home directory of the user is mapped to if the home directory path is a UNC path.
-hmdrv
Displays the user’s home drive letter if home directory is a UNC path.
-profile
Displays the user profile paths.
-loscr
Displays the user logon script paths.
-mustchpwd
Displays information about whether users must change their passwords at the time of next logon (yes) or not (no).
-canchpwd
Displays information about whether users can change their password (yes) or not (no).
-pwdneverexpires
Displays information about whether the user passwords never expires (yes) or not (no).
-disabled
Displays information about whether user accounts are disabled for logon (yes) or not (no).
-acctexpires
Displays dates indicating when user accounts expire. If the accounts never expire, never is displayed.
-reversiblepwd
Displays information about whether the user passwords are allowed to be stored using reversible encryption (yes) or not (no).
UserDN
Required. Specifies the distinguished name of the user you want to view.
-memberof
Displays the immediate list of groups of which the user is a member.
-expand
Displays the recursively expanded list of groups of which the user is a member. This option takes the immediate group membership list of the user, and then recursively expands each group in this list to determine its group memberships as well to arrive at a complete closure set of the groups.
{-uc | -uco | -uci}
Specifies that output or input data is formatted in Unicode. The following table lists and describes each format.
-part PartitionDN
Connect to the directory partition with the distinguished name of PartitionDN.
-qlimit
Displays the effective quota of the user within the specified directory partition.
-qused
Displays how much of the quota the user has used within the specified directory partition. Value Description
-uc Specifies a Unicode format for input from or output to a pipe (|).
-uco Specifies a Unicode format for output to a pipe (|) or a file.
-uci Specifies a Unicode format for input from a pipe (|) or a file.

written by admin \\ tags: , , , , , , , , , , , ,


2 Responses to “How to get a list of which login scripts are in use per user. Active Directory”

  1. 1. Free SEO-Friendly Web Directory Says:

    I do believe all of the concepts you’ve introduced for your post. They are really convincing and will certainly work. Still, the posts are too short for novices. May you please extend them a bit from next time? Thanks for the post.

  2. 2. nederland Says:

    Hello there, I discovered your website via Google whilst looking for a related matter, your website came up, it seems to be good. I have added to favourites|added to bookmarks.

Leave a Reply