Finds groups in the directory that match the search criteria that you specify. If the predefined search criteria in this command are insufficient, use the more general version of the query command, dsquery *.

Dsquery is a command-line tool that is built into Windows Server 2008. It is available if you have the Active Directory Domain Services (AD DS) server role installed. To use dsquery, you must run the dsquery command from an elevated command prompt. To open an elevated command prompt, click Start, right-click Command Prompt, and then click Run as administrator.

For examples of how to use this command, see Examples.

Syntax

dsquery group [{<StartNode> | forestroot | domainroot}] [-o {dn | rdn | samid}] [-scope {subtree | onelevel | base}] [-name <Filter>] [-desc <Filter>] [-samid <Filter>] [{-s <Server> | -d <Domain>}] [-u <UserName>] [-p {<Password> | *}] [-q] [-r] [-gc] [-limit <NumberOfObjects>] [{-uc | -uco | -uci}]

Parameters

Parameter Description

[{<StartNode> | forestroot | domainroot}

Specifies the node in the console tree where the search starts. You can specify the forest root (forestroot), domain root (domainroot), or distinguished name of a node as the start node (<StartNode>). If you specify forestroot, dsquery searches by using the global catalog. The default value is domainroot.

-o {dn | rdn | samid}

Specifies the format that dsquery uses to display the search results. A dn value displays the distinguished name of each entry. An rdn value displays the relative distinguished name of each entry. A samid value displays the Security Accounts Manager (SAM) account name of each entry. The default value is dn.

-scope {subtree | onelevel | base}

Specifies the scope of the search. A subtree value specifies a subtree that is rooted at the start node in the console tree. A onelevel value specifies the immediate children of the start node only. A base value specifies the single object that the start node represents. If you specify forestroot as the start node (<StartNode>), subtree is the only valid scope. The default value is subtree.

-name <Name>

Searches for groups whose name attributes (value of CN attribute) matches <Name>. For example, "jon*", "*ith", or "j*th".

-desc <Description>

Searches for groups whose description attributes match <Description>. For example, "jon*", "*ith", or "j*th".

-samid <SAMName>

Searches for groups whose SAM account name matches <SAMName>.

{-s <Server> | -d <Domain>}

Connects a computer to a remote server or domain that you specify. By default, dsquery connects the computer to the domain controller in the logon domain.

-u <UserName>

Specifies the user name with which the user logs on to a remote server. By default, -u uses the user name with which the user logged on. You can use any of the following formats to specify a user name:

  • user name (for example, Linda)

  • domain\user name (for example, widgets\Linda)

  • user principal name (UPN) (for example, Linda@widgets.contoso.com)

-p {<Password> | *}

Specifies to use either a password or an asterisk (*) to log on to a remote server. If you type *, dsquery prompts you for a password.

-q

Suppresses all output to standard output (quiet mode).

-r

Specifies that the search use recursion or follow referrals during search. By default, the search will not follow referrals during search.

-gc

Specifies that the search use the Active Directory global catalog.

-limit <NumberOfObjects>

Specifies the number of objects to return that matches the criteria that you specify. If you specify a value of 0 for <NumberOfObjects>, this parameter returns all matching objects. If you do not specify this parameter, dsquery displays the first 100 results by default.

{-uc | -uco | -uci}

Specifies that dsquery formats output or input data in Unicode. The following table shows each format.

Value Description

-uc

Specifies a Unicode format for input from or output to a pipe (|).

-uco

Specifies a Unicode format for output to a pipe (|) or a file.

-uci

Specifies a Unicode format for input from a pipe (|) or a file.

/?

Displays help at the command prompt.

Remarks

  • The results from a dsquery search can be piped as input to one of the other directory service command-line tools, such as Dsget, Dsmod, Dsmove, or Dsrm.

  • If a value that you supply contains spaces, use quotation marks around the text, for example, "CN=Mike Danseglio,CN=Users,DC=Contoso,DC=Com".

  • If you supply multiple values for a parameter, use spaces to separate the values, for example, a list of distinguished names.

Examples

To find all groups in the current domain whose names start with "ms" and whose descriptions start with "admin", and then display their distinguished names, type:

dsquery group domainroot -name ms* -desc admin* 

To find all groups in the domain DC=Contoso,DC=Com, and then display their distinguished names, type:

dsquery group DC=Contoso,DC=Com