shaunhess · October 20, 2013 19:27
diff --git a/Generating a system list from Active Directory b/Generating a system list from Active Directory
 Having a large number of workstations or servers within an enterprise brings a host of challenges in trying to maintain them. We are constantly having to reach out and perform an action on a set of boxes. Relying on your own or someone else's outdated system list is not an option. A quick and easy fix is to go straight to the source. Dsquery is a command-line too that allows us to query Active Directory based on criteria we feed into it. Today we are going to focus on one common criteria used, dsquery computer, which finds computers in the directory that matches our search patterns. Here's the syntax:

 dsquery computer [{<StartNode> | forestroot | domainroot}] [-o {dn | rdn | samid}] [-scope {subtree | onelevel | base}] [-name <Name>] [-desc <Description>] [-samid <SAMName>] [-inactive <NumberOfWeeks>] [-stalepwd <NumberOfDays>] [-disabled] [{-s <Server> | -d <Domain>}] [-u <UserName>] [-p {<Password> | *}] [-q] [-r] [-gc] [-limit <NumberOfObjects>] [{-uc | -uco | -uci}]


 So to pull a list of workstations from OU Test we can simply run:

 C:\> dsquery computer "OU=Test,DC=testdomain,DC=com" -limit 0 -o rdn

 "workstation1"
 "workstation2"
 "workstation3"
 So if we break that command down we see that we are querying the Test OU in our domain for computers, -limit 0 means give me everything found, and in an output specifed as rdn. RDN displays the relative distinguished name of each entry. This will allow us to parse it in a for loop and run commands against it.

 So let's say we want to ping those machines to see which ones are up:

 C:\> for /f %w in ('dsquery computer "OU=Test,DC=testdomain,DC=com" -limit 0 -o rdn') do (
 more? ping -n 1 %w
 more? )
 Pretty easy right!

 So what if you don't know what OU a workstation is in? Well dsquery can find out that too! Lets suppose your workstations are called WORKSTATION1, WORKSTATION2, and so on. We can use a portion of the name to find out where they are:

 C:\> dsquery computer -limit 0 | find "WORK"

 Here's a quick example of a bat file I threw together taking advantage of dsquery.

 @echo off
 title Build WKS List
 rem --------------------------------------------
 rem ScriptName: build_wks_list.bat
 rem
 rem Usage:
 rem    build_wks_list.bat wks_OU output_dir
 rem
 rem Example:
 rem    build_wks_list.bat Test c:\admin
 rem
 rem Change History:
 rem    DATE    DEVELOPER    CHANGE
 rem    19MAR10    shaun hess    Initial Creation
 rem --------------------------------------------
 IF %1.==. GOTO USAGE
 IF %2.==. GOTO USAGE

 setlocal
 set HOSTLIST=%2\%1_wkslist.txt
 set HOSTLISTTEMP=%2\%1_wkslist.tmp
 rem Modify the variable below to include OU's you
 rem want to run against when passing the arg "All"
 set SITELIST=Test, Engineering, Production
 set OU=%1
 set OUTPUT_DIR=%2
 set ERRORLOG=%2\build_wks_list_error.log

 echo.
 if exist %HOSTLISTTEMP% del /f /q %HOSTLISTTEMP%
 if exist %HOSTLIST% del /f /q %HOSTLIST%

 if /I %1 == all (
   for %%i in (%SITELIST%) do (
   @echo Building workstation list for OU=%%i
   dsquery computer "OU=%%i,DC=testdomain,DC=com" -limit 0 -o ^
      rdn >> %HOSTLISTTEMP% 2> %ERRORLOG%
   for /f "delims=" %%a in (%HOSTLISTTEMP%) do echo %%~a >> %HOSTLIST%
   del /f /q %HOSTLISTTEMP%
   @echo Workstation List: %HOSTLIST%
 ) else (
   @echo Building workstation list for OU=%1
   dsquery computer "OU=%1,DC=testdomain,DC=com" -limit 0 -o ^
      rdn >> %HOSTLISTTEMP% 2> %ERRORLOG%
   for /f "delims=" %%a in (%HOSTLISTTEMP%) do echo %%~a >> %HOSTLIST%
   del /f /q %HOSTLISTTEMP%
   @echo Workstation List: %HOSTLIST%
 )
 goto done

 :USAGE
 echo.
 echo Usage:
 echo.
 echo build_wks_list.bat wks_OU output_dir
 echo.
 echo Ex: build_wks_list.bat Test c:\admin
 echo.
 echo You may also pass the argument "All" for
 echo the OU field if your sitelist is setup.
 echo.

 :done
 echo.
 if not "%ERRORLEVEL%"=="0" (
   echo Please see %ERRORLOG% for details.
   echo.
   echo Script failed with return code %ERRORLEVEL%
   echo.
 ) else (
   echo Script completed successfully.
 )
 endlocal

 exit /b
 Some other useful arguments to dsquery computer are:

 -name <Name>

 Searches for computers whose name attributes (value of CN attribute) matches <Name>. For example, "jon*" or "*ith" or "j*th".

 -desc <Description>

 Searches for computers whose description attributes match <Description>. For example, "jon*", "*ith", or "j*th".

 -inactive <NumberOfWeeks>

 Searches for computers that have been inactive (stale) for the number of weeks thatou specify.

 -stalepwd <NumberOfDays>

 Searches for computers whose passwords have not changed for the number of days that you specify.

 -disabled

 Searches for all computers whose accounts are disabled.



 If you have other handy ways to build system lists feel free to share in the comments. If not give dsquery a try!
	Having a large number of workstations or servers within an enterprise brings a host of challenges in trying to maintain them. We are constantly having to reach out and perform an action on a set of boxes. Relying on your own or someone else's outdated system list is not an option. A quick and easy fix is to go straight to the source. Dsquery is a command-line too that allows us to query Active Directory based on criteria we feed into it. Today we are going to focus on one common criteria used, dsquery computer, which finds computers in the directory that matches our search patterns. Here's the syntax:

	dsquery computer [{<StartNode> \| forestroot \| domainroot}] [-o {dn \| rdn \| samid}] [-scope {subtree \| onelevel \| base}] [-name <Name>] [-desc <Description>] [-samid <SAMName>] [-inactive <NumberOfWeeks>] [-stalepwd <NumberOfDays>] [-disabled] [{-s <Server> \| -d <Domain>}] [-u <UserName>] [-p {<Password> \| *}] [-q] [-r] [-gc] [-limit <NumberOfObjects>] [{-uc \| -uco \| -uci}]


	So to pull a list of workstations from OU Test we can simply run:

	C:\> dsquery computer "OU=Test,DC=testdomain,DC=com" -limit 0 -o rdn

	"workstation1"
	"workstation2"
	"workstation3"
	So if we break that command down we see that we are querying the Test OU in our domain for computers, -limit 0 means give me everything found, and in an output specifed as rdn. RDN displays the relative distinguished name of each entry. This will allow us to parse it in a for loop and run commands against it.

	So let's say we want to ping those machines to see which ones are up:

	C:\> for /f %w in ('dsquery computer "OU=Test,DC=testdomain,DC=com" -limit 0 -o rdn') do (
	more? ping -n 1 %w
	more? )
	Pretty easy right!

	So what if you don't know what OU a workstation is in? Well dsquery can find out that too! Lets suppose your workstations are called WORKSTATION1, WORKSTATION2, and so on. We can use a portion of the name to find out where they are:

	C:\> dsquery computer -limit 0 \| find "WORK"

	Here's a quick example of a bat file I threw together taking advantage of dsquery.

	@echo off
	title Build WKS List
	rem --------------------------------------------
	rem ScriptName: build_wks_list.bat
	rem
	rem Usage:
	rem build_wks_list.bat wks_OU output_dir
	rem
	rem Example:
	rem build_wks_list.bat Test c:\admin
	rem
	rem Change History:
	rem DATE DEVELOPER CHANGE
	rem 19MAR10 shaun hess Initial Creation
	rem --------------------------------------------
	IF %1.==. GOTO USAGE
	IF %2.==. GOTO USAGE

	setlocal
	set HOSTLIST=%2\%1_wkslist.txt
	set HOSTLISTTEMP=%2\%1_wkslist.tmp
	rem Modify the variable below to include OU's you
	rem want to run against when passing the arg "All"
	set SITELIST=Test, Engineering, Production
	set OU=%1
	set OUTPUT_DIR=%2
	set ERRORLOG=%2\build_wks_list_error.log

	echo.
	if exist %HOSTLISTTEMP% del /f /q %HOSTLISTTEMP%
	if exist %HOSTLIST% del /f /q %HOSTLIST%

	if /I %1 == all (
	for %%i in (%SITELIST%) do (
	@echo Building workstation list for OU=%%i
	dsquery computer "OU=%%i,DC=testdomain,DC=com" -limit 0 -o ^
	rdn >> %HOSTLISTTEMP% 2> %ERRORLOG%
	for /f "delims=" %%a in (%HOSTLISTTEMP%) do echo %%~a >> %HOSTLIST%
	del /f /q %HOSTLISTTEMP%
	@echo Workstation List: %HOSTLIST%
	) else (
	@echo Building workstation list for OU=%1
	dsquery computer "OU=%1,DC=testdomain,DC=com" -limit 0 -o ^
	rdn >> %HOSTLISTTEMP% 2> %ERRORLOG%
	for /f "delims=" %%a in (%HOSTLISTTEMP%) do echo %%~a >> %HOSTLIST%
	del /f /q %HOSTLISTTEMP%
	@echo Workstation List: %HOSTLIST%
	)
	goto done

	:USAGE
	echo.
	echo Usage:
	echo.
	echo build_wks_list.bat wks_OU output_dir
	echo.
	echo Ex: build_wks_list.bat Test c:\admin
	echo.
	echo You may also pass the argument "All" for
	echo the OU field if your sitelist is setup.
	echo.

	:done
	echo.
	if not "%ERRORLEVEL%"=="0" (
	echo Please see %ERRORLOG% for details.
	echo.
	echo Script failed with return code %ERRORLEVEL%
	echo.
	) else (
	echo Script completed successfully.
	)
	endlocal

	exit /b
	Some other useful arguments to dsquery computer are:

	-name <Name>

	Searches for computers whose name attributes (value of CN attribute) matches <Name>. For example, "jon" or "ith" or "j*th".

	-desc <Description>

	Searches for computers whose description attributes match <Description>. For example, "jon", "ith", or "j*th".

	-inactive <NumberOfWeeks>

	Searches for computers that have been inactive (stale) for the number of weeks thatou specify.

	-stalepwd <NumberOfDays>

	Searches for computers whose passwords have not changed for the number of days that you specify.

	-disabled

	Searches for all computers whose accounts are disabled.



	If you have other handy ways to build system lists feel free to share in the comments. If not give dsquery a try!
No results found