最後更新: 2019-06-25

目錄

• 本機帳戶
  User Info. (net user)
  net localgroup
• dsquery server
• dsquery user

 

---

本機帳戶

 

User Info. (net user)

NET USER USERNAME

ie.

User name                    tim.lau
Full Name                    tim.lau
Comment
User's comment
Country code                 000 (System Default)
Account active               Yes
Account expires              Never

Password last set            3/31/2015 10:50 AM
Password expires             Never
Password changeable          3/31/2015 10:50 AM
Password required            Yes
User may change password     No

Workstations allowed         All

....

 

net localgroup

查看本機有什麼 Group:

net localgroup

Group 內有什麼人:

net localgroup <GroupName>

 

---

Role

 

#  PDC role holder

dsquery server -hasfsmo PDC

#  Infrastructure Master

dsquery server -hasfsmo INFR

# RID master

dsquery server -hasfsmo RID

# Schema master

dsquery server -forest -hasfsmo Schema

# Domain Naming Master

dsquery server -forest -hasfsmo Name

# Domain Controller is a Global Catalog (GC) or not

dsquery server -name test1 | dsget server -isgc
 

---

User Info

 

dsget user

C:\>dsquery  user -name tim* | dsget user -display

  display
  tim.lau

 

用 Username 找回 DN 先

dsquery user -name tim*

"CN=tim.lau,OU=Testing Users,OU=YOUOU,DC=domain,DC=local"

 

Searches

# 找出某 OU 內的 User

# 可以用 "dsquery user -name USERNAME" 有出 DN 先

dsquery user "OU=Test,DC=Contoso,DC=Com -o upn"

# 找出所有被 disable 了的 user

dsquery user -name * -disabled

-disabled        Searches for users who have disabled accounts.

-o {dn | rdn | upn | samid}

Specifies the format in which the list of entries found by the search will be displayed.

• A dn value displays the distinguished name of each entry. (Default)
• An rdn value displays the relative distinguished name of each entry.
• A upn value displays the user principal name of each entry.
• A samid value displays the SAM account name of each entry.

 

---

dsget group

 

用 desc 找出某 Group:

dsquery group -desc admin*

查詢某 Group 內有什麼人:

dsget group "cn=????,ou=????,dc=???,dc=???" -members

捷徑:

dsquery group | dsget group -members

 

---

Get-AdUser

 

 * S2008 才有 Get-AdUser 這 command

Server 2008 Install Get-AdUser

CP -> "Programs and Features" -> "Turn Windows Features on or off" -> AD DS and AD LDS Tools

Usage

[1]

Get-ADUser -Filter 'enabled -eq $true' |fl name

[2]

$OUpath = 'ou=Managers,dc=enterprise,dc=com'

Get-ADUser -Filter * -SearchBase $OUpath

 

---

Delete User 時出現

 

Active Directory Object Contains Other Objects. 
Are you sure you want to delete object and all of the objects it contains?

To see what the sub objects within "Active directory users and computers"

click on ‘View’ then ‘Users, Contacts, Groups and Computers as containers.’

 

---

Delete OU 時出

 

Delete OU 時出 Error

You do not have sufficient privileges to delete X ...

Fix

1. View > Click Advanced Features

2. Right click OU > Properties > Object  > uncheck “Protect object from accidental deletion”