The dsget user command displays the properties of the user in the active directory. It can also get membership information for a single user.
Dsget is a command-line tool available if you have Active Directory Domain Services (AD DS) server role installed. Dsget displays the selected properties of the specific object in the active directory.
To run the dsget user command, open the command prompt with Run as Administrator.
In this article, we will discuss using the dsget user, finding the users in OU, list all the groups for a user.
Dsget User
Display the attributes of users in the active directory.
Syntax
dsget user <UserDN> [-dn] [-samid] [-sid] [-upn] [-fn] [-mi] [-ln] [-display] [-empid] [-desc] [-office] [-tel] [-email] [-hometel] [-pager] [-mobile] [-fax] [-iptel] [-webpg] [-title] [-dept] [-company] [-mgr] [-hmdir] [-hmdrv] [-profile] [-loscr] [-mustchpwd] [-canchpwd] [-pwdneverexpires] [-disabled] [-acctexpires] [-reversiblepwd] [{-uc | -uco | -uci}] [-part <PartitionDN> [-qlimit] [-qused]] dsget user <UserDN> [-memberof] [-expand][{-uc | -uco | -uci}]
Parameters
Parameter | Description |
---|---|
<UserDN> (first variation) | Required. it displays the distinguished names of the user objects. |
-dn | It displays the distinguished names of the users. |
-samid | It displays the sam account names of the users. |
-sid | It displays the user security identifiers (SIDs). |
-upn | It displays the user principal names (UPNs) of the users. |
-fn | it displays the first names of the users. |
-mi | It displays the middle initial of the users. |
-ln | It displays the last names of the users. |
-display | it displays the display names of the users. |
-empid | It displays the employee IDs of the users. |
-desc | It displays the descriptions of the users. |
-full | It displays the full names of the users. |
-office | It displays the office locations of the users. |
-tel | It displays the telephone numbers of the users. |
It displays the e-mail addresses of the users. | |
-hometel | It displays the home telephone numbers of the users. |
-pager | It displays the pager numbers of the users. |
-mobile | It displays the mobile phone numbers of the users. |
-title | It displays the titles of the users. |
-dept | It displays the departments of the users. |
-company | It displays the company information of the users. |
-mgr | It displays the managers of the users. |
-hmdir | It displays the drive letter to which the home directory of the user |
-profile | It displays the user profile paths. |
-pwdneverexpires | It displays whether the user passwords never expires (yes) or not (no). |
-disabled | It displays whether user accounts are disabled for logon (yes) or not (no). |
-acctexpires | It displays the dates when user accounts expire. |
-memberof | It displays the immediate list of groups of which the user is a member. |
-expand | It displays the recursively expanded list of groups of which the user is a member. |
/? | Displays help at the command prompt |
Dsget User – Find All Users in OU
To list all the users in Organizational Unit (OU), use the dsquery user command to specify the OU name and pipe its output to the dsget user to display the user names.
dsquery user "OU=SALES,DC=SHELLPRO,DC=LOCAL" | dsget user -fn -samid -upn
In the above dsquery command, the dsquery user command uses the OU path to find all users in OU and pipe them to the dsget user command to display user’s first name, samid, and upn.
The output of the command to find all users in OU is:
To export active directory OU users to CSV file, pipe the output of dsget user to CSV file.
dsquery user "OU=SALES,DC=SHELLPRO,DC=LOCAL" | dsget user -fn -samid -upn > C:\PowerShell\adusers.csv
In the above command, the dsget user command gets the user attributes and pipes it to path C:\PowerShell\adusers.csv to export all the user’s information.
Dsget User SamId – Find samid for single user
To get user samid, use the dsquery user command to find user object information and pipe it to the dsget user command to find samid for a user.
dsquery user -name Chris* | dsget user -samid
In the above command, the dsquery user command uses the name parameter to search for the user whose name starts with Chris* and returns the aduser object. It pipes the user object to the dsget user to get the user samid.
The output of the above command to find samid for a user is:
C:\>dsquery user -name Chris* | dsget user -samid
samid
chrisd
dsget succeeded
C:\>
Dsget User – Get all the groups user members of
To get all the groups for the user member of, use the dsget user command to recursively search for the group.
dsget user "CN=Chris Dore,OU=SALES,DC=SHELLPRO,DC=LOCAL" -memberof -expand
In the above command, the dsget user command uses the user distinguished name (DN) to get all the groups the user belongs to.
The output of the above command to list all the groups for a user is:
C:\>dsget user "CN=Chris Dore,OU=SALES,DC=SHELLPRO,DC=LOCAL" -memberof -expand
"CN=EU-SALES,OU=SALES,DC=SHELLPRO,DC=LOCAL"
"CN=SALESLeader,OU=SALES,DC=SHELLPRO,DC=LOCAL"
"CN=Domain Users,CN=Users,DC=SHELLPRO,DC=LOCAL"
"CN=Users,CN=Builtin,DC=SHELLPRO,DC=LOCAL"
C:\>
Conclusion
I hope the above article on how to use the dsget user command to display the properties of the user in the active directory is helpful to you.
You can find more topics about PowerShell Active Directory commands and PowerShell basics on the ShellGeek home page.