Home » Dsquery » Dsget User – Display Properties of the User

Dsget User – Display Properties of the User

The dsget user command displays the properties of the user in the active directory. It can also get membership information for a single user.

Dsget is a command-line tool available if you have Active Directory Domain Services (AD DS) server role installed. Dsget displays the selected properties of the specific object in the active directory.

To run the dsget user command, open the command prompt with Run as Administrator.

In this article, we will discuss using the dsget user, finding the users in OU, list all the groups for a user.

Dsget User

Display the attributes of users in the active directory.

Syntax

dsget user <UserDN> [-dn] [-samid] [-sid] [-upn] [-fn] [-mi] [-ln] [-display] [-empid] [-desc] [-office] [-tel] [-email] [-hometel] [-pager] [-mobile] [-fax] [-iptel] [-webpg] [-title] [-dept] [-company] [-mgr] [-hmdir] [-hmdrv] [-profile] [-loscr] [-mustchpwd] [-canchpwd] [-pwdneverexpires] [-disabled] [-acctexpires] [-reversiblepwd] [{-uc | -uco | -uci}] [-part <PartitionDN> [-qlimit] [-qused]]

dsget user <UserDN> [-memberof] [-expand][{-uc | -uco | -uci}]

Parameters

ParameterDescription
<UserDN> (first variation)Required. it displays the distinguished names of the user objects.
-dnIt displays the distinguished names of the users.
-samidIt displays the sam account names of the users.
-sidIt displays the user security identifiers (SIDs).
-upnIt displays the user principal names (UPNs) of the users.
-fnit displays the first names of the users.
-miIt displays the middle initial of the users.
-lnIt displays the last names of the users.
-displayit displays the display names of the users.
-empidIt displays the employee IDs of the users.
-descIt displays the descriptions of the users.
-fullIt displays the full names of the users.
-officeIt displays the office locations of the users.
-telIt displays the telephone numbers of the users.
-emailIt displays the e-mail addresses of the users.
-hometelIt displays the home telephone numbers of the users.
-pagerIt displays the pager numbers of the users.
-mobileIt displays the mobile phone numbers of the users.
-titleIt displays the titles of the users.
-deptIt displays the departments of the users.
-companyIt displays the company information of the users.
-mgrIt displays the managers of the users.
-hmdirIt displays the drive letter to which the home directory of the user
-profileIt displays the user profile paths.
-pwdneverexpiresIt displays whether the user passwords never expires (yes) or not (no).
-disabledIt displays whether user accounts are disabled for logon (yes) or not (no).
-acctexpiresIt displays the dates when user accounts expire.
-memberofIt displays the immediate list of groups of which the user is a member.
-expandIt displays the recursively expanded list of groups of which the user is a member.
/?Displays help at the command prompt
Dsget User Parameters

Dsget User – Find All Users in OU

To list all the users in Organizational Unit (OU), use the dsquery user command to specify the OU name and pipe its output to the dsget user to display the user names.

dsquery user "OU=SALES,DC=SHELLPRO,DC=LOCAL" | dsget user -fn -samid -upn

In the above dsquery command, the dsquery user command uses the OU path to find all users in OU and pipe them to the dsget user command to display user’s first name, samid, and upn.

The output of the command to find all users in OU is:

Dsget User to find users in OU
Dsget User to find users in OU

To export active directory OU users to CSV file, pipe the output of dsget user to CSV file.

dsquery user "OU=SALES,DC=SHELLPRO,DC=LOCAL" | dsget user -fn -samid -upn > C:\PowerShell\adusers.csv

In the above command, the dsget user command gets the user attributes and pipes it to path C:\PowerShell\adusers.csv to export all the user’s information.

Dsget User SamId – Find samid for single user

To get user samid, use the dsquery user command to find user object information and pipe it to the dsget user command to find samid for a user.

dsquery user -name Chris* | dsget user -samid

In the above command, the dsquery user command uses the name parameter to search for the user whose name starts with Chris* and returns the aduser object. It pipes the user object to the dsget user to get the user samid.

The output of the above command to find samid for a user is:

C:\>dsquery user -name Chris* | dsget user -samid
  samid
  chrisd
dsget succeeded

C:\>

Dsget User – Get all the groups user members of

To get all the groups for the user member of, use the dsget user command to recursively search for the group.

dsget user "CN=Chris Dore,OU=SALES,DC=SHELLPRO,DC=LOCAL" -memberof -expand

In the above command, the dsget user command uses the user distinguished name (DN) to get all the groups the user belongs to.

The output of the above command to list all the groups for a user is:

C:\>dsget user "CN=Chris Dore,OU=SALES,DC=SHELLPRO,DC=LOCAL" -memberof -expand
"CN=EU-SALES,OU=SALES,DC=SHELLPRO,DC=LOCAL"
"CN=SALESLeader,OU=SALES,DC=SHELLPRO,DC=LOCAL"
"CN=Domain Users,CN=Users,DC=SHELLPRO,DC=LOCAL"
"CN=Users,CN=Builtin,DC=SHELLPRO,DC=LOCAL"


C:\>

Conclusion

I hope the above article on how to use the dsget user command to display the properties of the user in the active directory is helpful to you.

You can find more topics about PowerShell Active Directory commands and PowerShell basics on the ShellGeek home page.