JSI Tip 7992. How do I know what attribute names to use when performing a 'DSQUERY *'?

In an earlier tip, I introduced DSQUERY, an Active Directory command-line tool.

In Tip 7714, What attribute names can I use with the user filtered dsquery command, I introduced the DSQUERY * form of the query, which has the following syntax:

Syntax:     dsquery * [{ | forestroot | domainroot}]            [-scope {subtree | onelevel | base}] [-filter ]            [-attr { | *}] [-attrsonly] [-l]            [{-s  | -d }] [-u ]            [-p { | *}] [-q] [-r] [-gc]            [{-uc | -uco | -uci}]

The following table shows the DSQUERY * equivalent for the standard DSQUERY Types:

The names in and that you can use vary by DSQUERY Type.

I have scripted DSQuery_Attributes.bat, to display the unique attributes that YOU have maintained in the Active Directory for a specified DSQUERY Type, and the  ObjectClass data values for that DSQUERY Type.

NOTE: Prior to running DSQuery_Attributes.bat, you might want to use the appropriate MMC Snap-in to create a dummy object, and use the GUI to set data into every possible field.

The syntax for using DSQuery_Attributes.bat is:

DSQuery_Attributes [computer|contact|subnet|group|ou|site|server|user|quota|partition] [computer|contact|subnet|group|ou|site|server|user|quota|partition]

Example

To generate a DSQuery_computer.txt file, a DSQuery_server.txt file,  and a DSQuery_ou.txt file in the current directory, run:

DSQuery_Attributes computer server ou

Using the information from the DSQuery_computer.txt file, you could create a filtered query  that returns only those computers that have a description, showing their distinguishedName, dNSHostName, description, and whenCreated:

dsquery * domainroot -filter "(&(objectClass=Computer)(description=*))" -attr distinguishedname dNSHostName description whenCreated -limit 0

Using information from a DSQuery_group.txt file, you could create an unfiltered query to show all groups, using their sAMAccountName and description:

dsquery * domainroot -filter "(&(objectClass=group))" -attr sAMAccountName description -limit 0

DSQuery_Attributes.bat contains:

@echo offIf {%1}{} @echo Syntax: DSQuery_Attributes [computer^|contact^|subnet^|group^|ou^|site^|server^|user^|quota^|partition]&exit /b 0setlocal:loopif {%1}{} goto finishset param=%1shiftif exist DSQuery_%param%.txt del /q DSQuery_%param%.txtif exist "%TEMP%dsquery_%param%.tm1" del /q "%TEMP%dsquery_%param%.tm1"for /f "Tokens=*" %%a in ('dsquery %param%') do ( for /f "Tokens=1* Delims=:" %%b in ('dsquery * forestroot -filter "(&(distinguishedName="%%a"))" -attr * -limit 0') do (  call :Object %%b "%%c" ))if not exist "%TEMP%dsquery_%param%.tm1" @echo NONE>"%TEMP%dsquery_%param%.tm1"sort "%TEMP%dsquery_%param%.tm1" /o "%TEMP%dsquery_%param%.tm2"for /f "Tokens=*" %%d in ('type "%TEMP%dsquery_%param%.tm2"') do ( call :dups %%d)if exist "%TEMP%dsquery_%param%.tm1" del /q "%TEMP%dsquery_%param%.tm1"if exist "%TEMP%dsquery_%param%.tm2" del /q "%TEMP%dsquery_%param%.tm2"goto loop:finishendlocalexit /b 0:dupsif "%prev%" EQU "%1" goto :EOF@echo %1>>DSQuery_%param%.txtset prev=%1goto :EOF:Objectif /i "%1" EQU "ObjectClass" goto Objects@echo %1>>"%TEMP%dsquery_%param%.tm1"goto :EOF:Objectsset objectdata=%2set objectdata=%objectdata:" =%set objectdata=%objectdata:"=%if /i "%objectdata%" EQU "top" goto :EOF@echo %1:%objectdata%>>"%TEMP%dsquery_%param%.tm1"