To export a list of all computers and non domain controller servers in an Active Directory OU, use dsquery.exe. For example, to export all computers in mydomain.com’s servers OU to machines.txt :
DSQUERY COMPUTER "OU=servers,DC=mydomain,DC=com" -o rdn -limit 1000 > c:\machines.txt
Use -limit when you want to return more than the default 100 results. Note that –rdn will produce the relative distinguished name (which means no OU=,DC= in the name).
Full dsquery syntax:
Syntax: dsquery computer [{<StartNode> | forestroot | domainroot}] [-o {dn | rdn | samid}] [-scope {subtree | onelevel | base}] [-name <Name>] [-desc <Description>] [-samid SAMName>] [-inactive <NumWeeks>] [-stalepwd <NumDays>] [-disabled] [{-s <Server> | -d <Domain>}] [-u <UserName>] [-p {<Password> | *}] [-q] [-r] [-gc] [-limit <NumObjects>] {-uc | -uco | -uci}]
Parameters:
{<StartNode> | forestroot | domainroot} – The node where the search will start: forest root, domain root, or a node whose DN is <StartNode>. Can be “forestroot”, “domainroot” or an object DN.
If “forestroot” is specified, the search is done via the global catalog. Default: domainroot.
-o {dn | rdn | samid} – Specifies the output format. Default: distinguished name (DN).
-scope {subtree | onelevel | base} – Specifies the scope of the search: subtree rooted at start node (subtree); immediate children of start node only (onelevel); the base object represented by start node (base).
Note that subtree and domain scope are essentially the same for any start node unless the start node represents a domain root. If forestroot is specified as <StartNode>, subtree is the only valid scope. Default: subtree.
-name <Name> – Finds computers whose name matches the value given by <Name>, e.g., “jon*” or “*ith” or “j*th”.
-desc <Description> – Finds computers whose description matches the value given by <Description>, e.g., “jon*” or “*ith” or “j*th”.
-samid <SAMName> – Finds computers whose SAM account name matches the filter given by <SAMName>.
-inactive <NumWeeks> – Finds computers that have been inactive (stale) for at least <NumWeeks> number of weeks.
-stalepwd <NumDays> – Finds computers that have not changed their password for at least <NumDays> number of days.
-disabled – Finds computers with disabled accounts.
{-s <Server> | -d <Domain>}
-s <Server> connects to the domain controller (DC) with name <Server>.
-d <Domain> connects to a DC in domain <Domain>. Default: a DC in the logon domain.
-u <UserName> – Connect as <UserName>. Default: the logged in user. User name can be: user name, domain\user name, or user principal name (UPN).
-p <Password> – Password for the user <UserName>. If * then prompt for password.
-q – Quiet mode: suppress all output to standard output.
-r – Recurse or follow referrals during search. Default: do not chase referrals during search.
-gc – Search in the Active Directory global catalog.
-limit <NumObjects> – Specifies the number of objects matching the given criteria to be returned, where <NumObjects> is the number of objects to be returned. If the value of <NumObjects> is 0, all matching objects are returned. If this parameter is not specified, by default the first 100 results are displayed.
{-uc | -uco | -uci}
-uc – Specifies that input from or output to pipe is formatted in Unicode.
-uco – Specifies that output to pipe or file is formatted in Unicode.
-uci – Specifies that input from pipe or file is formatted in Unicode.
Remarks:
The dsquery commands help you find objects in the directory that match a specified search criterion: the input to dsquery is a search criteria and the output is a list of objects matching the search. To get the properties of a specific object, use the dsget commands (dsget /?).
If a value that you supply contains spaces, use quotation marks around the text (for example, “CN=John Smith,CN=Users,DC=microsoft,DC=com”). If you enter multiple values, the values must be separated by spaces (for example, a list of distinguished names).
Examples:
To find all computers in the current domain whose name starts with “ms” and whose description starts with “desktop”, and display their DNs:
dsquery computer domainroot -name ms* -desc desktop*
To find all computers in the organizational unit (OU) given by ou=sales,dc=micrsoft,dc=com and display their DNs:
dsquery computer ou=sales,dc=microsoft,dc=com
See also:
dsquery computer /? – help for finding computers in the directory.
dsquery contact /? – help for finding contacts in the directory.
dsquery subnet /? – help for finding subnets in the directory.
dsquery group /? – help for finding groups in the directory.
dsquery ou /? – help for finding organizational units in the directory.
dsquery site /? – help for finding sites in the directory.
dsquery server /? – help for finding servers in the directory.
dsquery user /? – help for finding users in the directory.
dsquery quota /? – help for finding quotas in the directory.
dsquery partition /? – help for finding partitions in the directory.
dsquery * /? – help for finding any object in the directory by using a
generic LDAP query.
Directory Service command-line tools help:
dsadd /? – help for adding objects.
dsget /? – help for displaying objects.
dsmod /? – help for modifying objects.
dsmove /? – help for moving objects.
dsquery /? – help for finding objects matching search criteria.
dsrm /? – help for deleting objects.
