Para realizar consultas no AD você pode utilizar os comandos DSQUERY e DSGET:
Exemplo:
dsquery user -limit 10000 | dsget user -display -title -dept > usuarios.txt
No comando acima você irá gerar um arquivo usuarios.txt com todas as informações de nome, título e departamento no seu AD. O -limit 10000 é a quantidade máxima de linhas.
Abaixo outras combinações para se utilizar com DSGET: – by Microsoft –
| -dn | Displays the distinguished names of the users. |
| -samid | Displays the Security Account Manager (SAM) account names of the users. |
| -sid | Displays the user security identifiers (SIDs). |
| -upn | Displays the user principal names (UPNs) of the users. |
| -fn | Displays the first names of the users. |
| -mi | Displays the middle initials of the users. |
| -ln | Displays the last names of the users. |
| -display | Displays the display names of the users. |
| -empid | Displays the employee IDs of the users. |
| -desc | Displays the descriptions of the users. |
| -full | Displays the full names of the users. |
| -office | Displays the office locations of the users. |
| -tel | Displays the telephone numbers of the users. |
| Displays the e-mail addresses of the users. | |
| -hometel | Displays the home telephone numbers of the users. |
| -pager | Displays the pager numbers of the users. |
| -mobile | Displays the mobile phone numbers of the users. |
| -fax | Displays the fax numbers of the users. |
| -iptel | Displays the user IP phone numbers. |
| -webpg | Displays the user Web page URLs. |
| -title | Displays the titles of the users. |
| -dept | Displays the departments of the users. |
| -company | Displays the company information of the users. |
| -mgr | Displays the managers of the users. |
| -hmdir | Displays the drive letter to which the home directory of the user is mapped to if the home directory path is a UNC path. |
| -hmdrv | Displays the user’s home drive letter if home directory is a UNC path. |
| -profile | Displays the user profile paths. |
| -loscr | Displays the user logon script paths. |
| -mustchpwd | Displays whether users must change their passwords at the time of next logon (yes) or not (no). |
| -canchpwd | Displays whether users can change their password (yes) or not (no). |
| -pwdneverexpires | Displays whether the user passwords never expires (yes) or not (no). |
| -disabled | Displays whether user accounts are disabled for logon (yes) or not (no). |
| -acctexpires | Displays the dates when user accounts expire. If the accounts never expire, this command returns never. |
| -reversiblepwd | Displays whether the user passwords are allowed to be stored using reversible encryption (yes) or not (no). |
| <UserDN> (second variation) | Required. Displays the distinguished name of the user whose group membership you want to view. |
| -memberof | Displays the immediate list of groups of which the user is a member. |
| -expand | Displays the recursively expanded list of groups of which the user is a member. This option takes the immediate group membership list of the user, and then recursively expands each group in this list to determine its group memberships as well to arrive at a complete closure set of the groups. |
Charles Jacobsen 