DSQuery Question

Stiltz79 · August 2011

I am trying to use DSQuery to pull some information out of AD for a project I am working on at work. I am trying to pull a list of users that belong to a certain AD Group. In that list I need their names and Mobile Phone Numbers. How can I accomplish this?

Zaits · August 2011

Stiltz79 wrote: »

I am trying to use DSQuery to pull some information out of AD for a project I am working on at work. I am trying to pull a list of users that belong to a certain AD Group. In that list I need their names and Mobile Phone Numbers. How can I accomplish this?

Hello Stiltz79,

I don't have the exact syntax on hand, but you are going to need to combine a DSQuery with a DSGet. It will look something like this...

c:\dsquery group | dsget group -memberof

dsquery group link = Dsquery group
dsget group link = Dsget

I hope this helps.

undomiel · August 2011

You would also need to pipe it through dsget user to get the info he's looking for i.e. dsquery -name "Domain Admins" | dsget group -members | dsget user -display -mobile

Claymoore · August 2011

Stop using old tools and use powershell. Go grab the Quest ADCmdlets:
PowerShell Commands (CMDLETs) for Active Directory by Quest Software

This command should get you the information and output it to a usable list. I don't have a way to test it right now, but make sure the commands are all on one line. You will also need to make sure the directories exist before you export the file.

get-QADgroupmember "Domain Admins" | get-QADUser | select-object DisplayName,MobileNumber | export-csv c:\scripts\output\MobileNumbers.csv

Stiltz79 · August 2011

Claymoore wrote: »
Stop using old tools and use powershell. Go grab the Quest ADCmdlets:
PowerShell Commands (CMDLETs) for Active Directory by Quest Software

This command should get you the information and output it to a usable list. I don't have a way to test it right now, but make sure the commands are all on one line. You will also need to make sure the directories exist before you export the file.
get-QADgroupmember "Domain Admins" | get-QADUser | select-object DisplayName,MobileNumber | export-csv c:\scripts\output\MobileNumbers.csv

That worked awesome! I like tools like this but I have a hard time figuring out tools and things like Powershell. I have a hard time interpreting syntax and learning it. Thank you for laying the basic command syntax out for me!

Now I have another task that I'm having a difficult time with.

I have a the list of users from the above group and I have their according BlackBerry PIN Numbers. I need to input their BB PIN #'s into their AD Accounts in the Pager Field. I'm trying to play with syntax and figure this out but I am extremely stuck.

atorven · August 2011

Assuming that you are using the quest AD cmdlets it should be something like;
get-QADUser –“distinguished name to your OU '' | set-QADUser –pager “your BB pin numbers”

Stiltz79 · August 2011

Actually I figured this out after a lot of research. I got it to read a CSV file and match email addresses then put the BB PIN# in the Pager field. Code writing is difficult, as to why I'm not a programmer.

Claymoore · August 2011

Stiltz79 wrote: »

Code writing is difficult, as to why I'm not a programmer.

I wouldn't equate scripting to code writing, that might offend some of the actual developers on the board...

It gets easier once you write a few more scripts, because you both gain experience and develop a code library from which you can borrow later. I have lots of scripts that are just slight variances of earlier work. Unless you want to spend your IT career just doing whatever the current trouble ticket tells you to do, you need to learn scripting. If you hadn't googled around to learn the import-csv cmdlet and how to build a ForEach loop, you would have had to enter all those BlackBerry PINs manually.

Need to mail-enable 6000 user accounts so mail can route correctly while you migrate from a 3rd party mail system to Exchange? Powershell script. 8000 contacts with spaces in the alias attribute that prevent them from being compiled into the offline address book, thus preventing you from using Outlook in cached mode? A PoSH script can rewrite all those aliases. The more you use a scripting language, the more uses you will find for it. Then you can really dive into regular expressions and do all kinds of cool things, like write Exchange trasport rules that look for credit card number strings or SSNs so you can reroute mail to a compliance officer and prevent lawsuits.

Once you get comfortable with PoSH, you can go buy this shirt.

Devilsbane · August 2011

undomiel wrote: »

You would also need to pipe it through dsget user to get the info he's looking for i.e. dsquery -name "Domain Admins" | dsget group -members | dsget user -display -mobile

Correct except for one small omission.

dsquery group -name "Domain Admins" | dsget group -members | dsget user -display -mobile

I have 3 additional recommendations...

You may also want to include the -expand switch to the dsgroup command. This will expand the results to include users who are a member of that group via a nested group.

There may also be a need to add the -c switch to the dsget user command. If you have nested groups, a group name will be passed from the dsget group -members command to the dsget -user command. For obvious reasons, you can't run a dsget user command against a group distinguished name, so this will result in an error and stop. The -s command will still result in these errors but will continue executing the commands.

Depending how large this group is, you can redirect the output of the dsget -group command to a text file by adding "> file.txt" to the end of that statement.

I know this covered a lot of ground, let me know if you have any questions!

EDIT: My comand would be something like this.

dsquery [B]group[/B] -name "Domain Admins" | dsget group -members -expand | dsget user -c -display -mobile > file.txt

DSQuery Question

Comments