Finds domain controllers that match search criteria that you specify. If the predefined search criteria in this command are insufficient, use the more general version of the query command, dsquery *.

Dsquery is a command-line tool that is built into Windows Server 2008. It is available if you have the Active Directory Domain Services (AD DS) server role installed. To use dsquery, you must run the dsquery command from an elevated command prompt. To open an elevated command prompt, click Start, right-click Command Prompt, and then click Run as administrator.

For examples of how to use this command, see Examples.

Syntax

dsquery server [-o {dn | rdn}] [-forest] [-domain <DomainName>] [-site <SiteName>] [-name <Name>] [-desc <Description>] [-hasfsmo {schema | name | infr | pdc | rid}] [-isgc] [{-s <Server> | -d <Domain>}] [-u <UserName>] [-p {<Password> | *}] [-q] [-r] [-gc] [-limit <NumberOfObjects>] [{-uc | -uco | -uci}]

Parameters

Parameter Description

-o {dn | rdn}

Specifies the format that dsquery uses to display the search results. A dn value displays the distinguished name of each entry. An rdn value displays the relative distinguished name of each entry. The default value is dn.

-forest

Searches for all domain controllers (server objects) that are part of the current forest.

-domain <DomainName>

Searches for all domain controllers (server objects) that are part of the domain whose Domain Name System (DNS) names you specify in <DomainName>. Search displays all domain controllers in the current domain by default.

-site <SiteName>

Searches for all domain controllers (server objects) that are part of the <SiteName> site.

-name <Name>

Searches for server objects whose name attributes (value of CN attribute) match <Name>. For example, "jon*", "*ith", or "j*th".

-desc <Description>

Searches for server objects whose description attributes match <Description>. For example, "jon*", "*ith", or "j*th".

[-hasfsmo {schema | name | infr | pdc | rid}

Searches for the domain controller (server object) that holds the operations master role that you specify.

The following table shows the possible values for this parameter.

Value Description

schema

Specifies the schema master of the forest.

name

Specifies the domain naming master of the forest.

infr

Specifies the infrastructure master of the domain that you specify in the -domain parameter or the current domain if you do not specify the -domain parameter.

pdc

Specifies the primary domain controller (PDC) role owner of the domain that you specify in the -domain parameter or the current domain if you do not specify the -domain parameter.

rid

Specifies the relative identifier master (RID master) of the domain that you specify in the -domain parameter or the current domain if you do not specify the -domain parameter.

If you do not specify a rid value in the -domain parameter, rid uses the current domain.

-isgc

Searches for all domain controllers (server objects) that are global catalog servers in the scope specified by any of the -forest, -domain, or -site scope parameters. If you specify none of those scope parameters, this parameter finds all global catalogs that are in the current domain.

{-s <Server> | -d <Domain>}

Connects a computer to a remote server or domain that you specify. By default, dsquery connects the computer to the domain controller in the logon domain.

-u <UserName>

Specifies the user name with which the user logs on to a remote server. By default, -u uses the user name with which the user logged on. You can use any of the following formats to specify a user name:

  • user name (for example, Linda)

  • domain\user name (for example, widgets\Linda)

  • user principal name (UPN) (for example, Linda@widgets.contoso.com)

-p {<Password> | *}

Specifies to use either a password or an asterisk (*) to log on to a remote server. If you type *, dsquery prompts you for a password.

-q

Suppresses all output to standard output (quiet mode).

-r

Specifies that the search use recursion or follow referrals during search. By default, the search will not follow referrals during search.

-gc

Specifies that the search use the Active Directory global catalog.

-limit <NumberOfObjects>

Specifies the number of objects to return that matches the criteria that you specify. If you specify a value of 0 for <NumberOfObjects>, this parameter returns all matching objects. If you do not specify this parameter, dsquery displays the first 100 results by default.

{-uc | -uco | -uci}

Specifies that dsquery formats output or input data in Unicode. The following table shows each format.

Value Description

-uc

Specifies a Unicode format for input from or output to a pipe (|).

-uco

Specifies a Unicode format for output to a pipe (|) or a file.

-uci

Specifies a Unicode format for input from a pipe (|) or a file.

/?

Displays help at the command prompt.

Remarks

  • The results from a dsquery search can be piped as input to one of the other directory service command-line tools, such as Dsget, Dsmod, Dsmove, or Dsrm.

  • If a value that you supply contains spaces, use quotation marks around the text, for example, "CN=Mike Danseglio,CN=Users,DC=Contoso,DC=Com".

  • If you supply multiple values for a parameter, use spaces to separate the values, for example, a list of distinguished names.

Examples

To find all domain controllers in the current domain, type:

dsquery server 

To find all domain controllers in the forest, and then display their relative distinguished names, type:

dsquery server -o rdn -forest 

To find all domain controllers in the site whose names are United States, and then display their relative distinguished names, type:

dsquery server -o rdn -site United States 

To find the domain controller in the forest that holds the schema operations master role, type:

dsquery server –forest –hasfsmo schema 

To find all domain controllers in the domain widgets.contoso.com that are global catalog servers, type:

dsquery server –domain widgets.contoso.com -isgc