Displays the properties of a group in the directory, including its members. There are two variations of this command. The first variation allows you to view the properties of multiple groups. The second variation displays the group membership information of a single group.
Dsget is a command-line tool that is built into Windows Server 2008. It is available if you have the AD DS server role installed. To use dsget, you must run the dsget command from an elevated command prompt. To open an elevated command prompt, click Start, right-click Command Prompt, and then click Run as administrator.
For examples of how to use this command, see Examples.
Syntax
dsget group <GroupDN> [-dn] [-samid] [-sid] [-desc] [-secgrp] [-scope] [{-s <Server> | -d <Domain>}] [-u <UserName>] [-p {<Password> | *}] [-c] [-q] [-l] [{-uc | -uco | -uci}] [-part <PartitionDN> [-qlimit] [-qused]] dsget group <GroupDN> [{-memberof | -members}] [-expand] [{-s <Server> | -d <Domain>}] [-u <UserName>] [-p {<Password> | *}] [-c] [-q] [-l] [{-uc | -uco | -uci}]
Parameters
Parameter | Description | ||||||||
---|---|---|---|---|---|---|---|---|---|
<GroupDN> (first variation) |
Required. Specifies the distinguished names of the group objects that you want to view. If values are omitted, they are obtained through standard input (stdin) to support piping of output from another command to input of this command. Compare this parameter with GroupDN in the second variation. |
||||||||
-dn |
Displays that distinguished names of the groups. |
||||||||
-samid |
Displays the Security Account Manager (SAM) account names of the groups. |
||||||||
-sid |
Displays the group security IDs (SIDs). |
||||||||
-desc |
Displays the descriptions of the groups. |
||||||||
-secgrp |
Displays whether groups are security groups (yes) or distribution groups (no). |
||||||||
-scope |
Displays information about whether group scopes are local, global, or universal. |
||||||||
<GroupDN> (second variation) |
Required. Specifies the distinguished name of the group that you want to view. |
||||||||
{-memberof | -members} |
Displays the immediate list of groups of which the group is a member (-memberof) or displays the immediate list of members of the group (-members). |
||||||||
-expand |
For the -memberof parameter, displays the recursively expanded list of groups in which the group is a member. This option takes the immediate membership list of the group, and then also recursively expands each group in this list to determine its group memberships to arrive at a complete closure set of the groups. For the -members parameter, displays the recursively expanded list of members of the group. This parameter takes the immediate list of members of the group and then also recursively expands each group in this list to determine its group memberships to arrive at a complete closure set of the members. |
||||||||
{-s <Server>| -d <Domain>} |
Connects to a remote server or domain that you specify. By default, dsget connects the computer to the domain controller in the logon domain. |
||||||||
-u <UserName> |
Specifies the user name with which the user logs on to a remote server. By default, -u uses the user name with which the user logged on. You can use any of the following formats to specify a user name:
|
||||||||
-p {<Password> | *} |
Specifies to use either a password or an asterisk (*) to log on to a remote server. If you type *, dsget prompts you for a password. |
||||||||
-c |
Reports errors, but continues with the next object in the argument list when you specify multiple target objects (continuous operation mode). If you do not supply this parameter, dsget group exits when the first error occurs. |
||||||||
-q |
Suppresses all output to standard output (quiet mode). |
||||||||
-l |
Displays entries in a list. By default, dsget display entries in a table. |
||||||||
{-uc| -uco| -uci} |
Specifies that dsget formats output or input data in Unicode. The following table shows each format.
|
||||||||
-part <PartitionDN> |
Connects a computer to the directory partition with the distinguished name of PartitionDN. |
||||||||
-qlimit |
Displays the effective quota of the group within the directory partition that you specify for the -part parameter. |
||||||||
-qused |
Displays how much of its quota a group has used in the directory partition that you specify for the -part parameter. |
||||||||
/? |
Displays help at the command prompt. |
Remarks
- If you do not supply a target object at the command prompt,
dsget obtains the target object from standard input (stdin).
Dsget can accept stdin from the keyboard, from a redirected
file, or as piped output from another command. To mark the end of
stdin data from the keyboard or in a redirected file, use the
end-of-file character (CTRL+Z)..
- Use dsget to view the properties of a specific object in
the directory.
- As a result of dsquery searches, you can pipe returned
objects to dsget and obtain object properties.
- If a value that you supply contains spaces, use quotation marks
around the text, for example,
"CN=USA Sales,OU=Distribution Lists,DC=Contoso,DC=Com".
- If you supply multiple values for a parameter, use spaces to
separate the values, for example, a list of distinguished
names.
Examples
To display the descriptions of all groups in an organizational unit (OU) named Test whose names start with "adm," type:
dsquery group OU=Test,DC=Contoso,DC=Com -name adm* | dsget group -desc
To display the list of members, recursively expanded, of the Backup Operators group, type:
dsget group "CN=Backup Operators,OU=Test,DC=Contoso,DC=Com" -members -expand