Partager via


Dsget user

Applies To: Windows Server 2008

Displays the properties of a user in the directory. There are two variations of this command. The first variation displays the properties of multiple users. The second variation displays the group membership information of a single user.

Dsget is a command-line tool that is built into Windows Server 2008. It is available if you have the AD DS server role installed. To use dsget, you must run the dsget command from an elevated command prompt. To open an elevated command prompt, click Start, right-click Command Prompt, and then click Run as administrator.

For examples of how to use this command, see Examples.

Syntax

dsget user <UserDN> [-dn] [-samid] [-sid] [-upn] [-fn] [-mi] [-ln] [-display] [-empid] [-desc] [-office] [-tel] [-email] [-hometel] [-pager] [-mobile] [-fax] [-iptel] [-webpg] [-title] [-dept] [-company] [-mgr] [-hmdir] [-hmdrv] [-profile] [-loscr] [-mustchpwd] [-canchpwd] [-pwdneverexpires] [-disabled] [-acctexpires] [-reversiblepwd] [{-uc | -uco | -uci}] [-part <PartitionDN> [-qlimit] [-qused]]
dsget user <UserDN> [-memberof] [-expand][{-uc | -uco | -uci}]

Parameters

Parameter Description

<UserDN> (first variation)

Required. Displays the distinguished names of the user objects that you want to view. If values are omitted, they are obtained through standard input (stdin) to support piping of output from another command to input of this command. Compare this parameter with UserDN in the second variation.

-dn

Displays the distinguished names of the users.

-samid

Displays the Security Account Manager (SAM) account names of the users.

-sid

Displays the user security identifiers (SIDs).

-upn

Displays the user principal names (UPNs) of the users.

-fn

Displays the first names of the users.

-mi

Displays the middle initials of the users.

-ln

Displays the last names of the users.

-display

Displays the display names of the users.

-empid

Displays the employee IDs of the users.

-desc

Displays the descriptions of the users.

-full

Displays the full names of the users.

-office

Displays the office locations of the users.

-tel

Displays the telephone numbers of the users.

-email

Displays the e-mail addresses of the users.

-hometel

Displays the home telephone numbers of the users.

-pager

Displays the pager numbers of the users.

-mobile

Displays the mobile phone numbers of the users.

-fax

Displays the fax numbers of the users.

-iptel

Displays the user IP phone numbers.

-webpg

Displays the user Web page URLs.

-title

Displays the titles of the users.

-dept

Displays the departments of the users.

-company

Displays the company information of the users.

-mgr

Displays the managers of the users.

-hmdir

Displays the drive letter to which the home directory of the user is mapped to if the home directory path is a UNC path.

-hmdrv

Displays the user's home drive letter if home directory is a UNC path.

-profile

Displays the user profile paths.

-loscr

Displays the user logon script paths.

-mustchpwd

Displays whether users must change their passwords at the time of next logon (yes) or not (no).

-canchpwd

Displays whether users can change their password (yes) or not (no).

-pwdneverexpires

Displays whether the user passwords never expires (yes) or not (no).

-disabled

Displays whether user accounts are disabled for logon (yes) or not (no).

-acctexpires

Displays the dates when user accounts expire. If the accounts never expire, this command returns never.

-reversiblepwd

Displays whether the user passwords are allowed to be stored using reversible encryption (yes) or not (no).

<UserDN> (second variation)

Required. Displays the distinguished name of the user whose group membership you want to view.

-memberof

Displays the immediate list of groups of which the user is a member.

-expand

Displays the recursively expanded list of groups of which the user is a member. This option takes the immediate group membership list of the user, and then recursively expands each group in this list to determine its group memberships as well to arrive at a complete closure set of the groups.

{-uc| -uco| -uci}

Specifies that dsget formats output or input data in Unicode. The following list explains each format.

  • -uc: Specifies a Unicode format for input from or output to a pipe (|).

  • -uco : Specifies a Unicode format for output to a pipe (|) or a file.

  • -uci: Specifies a Unicode format for input from a pipe (|) or a file.

-part <PartitionDN>

Connects a computer to the directory partition with the distinguished name of PartitionDN.

-qlimit

Displays the effective quota of the user within the directory partition that you specify with the -part parameter.

-qused

Displays how much of the quota the user has used within the specified directory partition that you specify with the -part parameter.

/?

Displays help at the command prompt.

Remarks

  • If you do not supply a target object at the command prompt, dsget obtains the target object from standard input (stdin). Dsget can accept stdin from the keyboard, from a redirected file, or as piped output from another command. To mark the end of stdin data from the keyboard or in a redirected file, use the end-of-file character (CTRL+Z).

  • Use dsget to view the properties of a specific object in the directory.

  • As a result of dsquery searches, you can pipe returned objects to dsget and obtain object properties.

  • The -canchpwd parameter estimates whether a user can change his password based on the way that it interprets the access control lists (ACLs) on the user object. To know for certain whether a user can change a password, that user must try to change it. This non-authoritative answer is not specific to dsget user. It is also inherent in the User Properties dialog box in Active Directory Users and Computers in Microsoft Management Console (MMC).

  • If you do not specify property parameters for dsget user, the default user properties that appear are distinguished name, SAM account name, and description.

  • If you specify the -memberof parameter, it overrides all other parameters and only the membership list for the user appears.

  • To find users whose passwords are set to never expire, you can use Windows PowerShell. For more information, see Finding Users Whose Passwords Never Expire (https://go.microsoft.com/fwlink/?LinkID=200044).

Examples

To find all users in an organizational unit (OU) named Test whose name starts with "jon" and to show their descriptions, type:

dsquery user OU=Test,dc=ms,dc=tld -name jon* | dsget user -desc

To show the list of groups, recursively expanded, to which the user Mike Danseglio belongs, type:

dsget user "CN=Mike Danseglio,CN=users,dc=ms,dc=tld" -memberof -expand

Additional references

Command-Line Syntax Key

Dsget

Dsget computer

Dsget contact

Dsget group

Dsget ou

Dsget server

Dsget subnet

Dsget site

Dsget quota

Dsget partition

Change History

Date Revision

August 19, 2010

Added a link to more information about how to use Windows PowerShell to find users who have passwords set to never expire.