Para realizar consultas no AD você pode utilizar os comandos DSQUERY e DSGET:
Exemplo:
dsquery user -limit 10000 | dsget user -display -title -dept > usuarios.txt
No comando acima você irá gerar um arquivo usuarios.txt com todas as informações de nome, título e departamento no seu AD. O -limit 10000 é a quantidade máxima de linhas.
Abaixo outras combinações para se utilizar com DSGET: – by Microsoft –
-dn | Displays the distinguished names of the users. |
-samid | Displays the Security Account Manager (SAM) account names of the users. |
-sid | Displays the user security identifiers (SIDs). |
-upn | Displays the user principal names (UPNs) of the users. |
-fn | Displays the first names of the users. |
-mi | Displays the middle initials of the users. |
-ln | Displays the last names of the users. |
-display | Displays the display names of the users. |
-empid | Displays the employee IDs of the users. |
-desc | Displays the descriptions of the users. |
-full | Displays the full names of the users. |
-office | Displays the office locations of the users. |
-tel | Displays the telephone numbers of the users. |
Displays the e-mail addresses of the users. | |
-hometel | Displays the home telephone numbers of the users. |
-pager | Displays the pager numbers of the users. |
-mobile | Displays the mobile phone numbers of the users. |
-fax | Displays the fax numbers of the users. |
-iptel | Displays the user IP phone numbers. |
-webpg | Displays the user Web page URLs. |
-title | Displays the titles of the users. |
-dept | Displays the departments of the users. |
-company | Displays the company information of the users. |
-mgr | Displays the managers of the users. |
-hmdir | Displays the drive letter to which the home directory of the user is mapped to if the home directory path is a UNC path. |
-hmdrv | Displays the user’s home drive letter if home directory is a UNC path. |
-profile | Displays the user profile paths. |
-loscr | Displays the user logon script paths. |
-mustchpwd | Displays whether users must change their passwords at the time of next logon (yes) or not (no). |
-canchpwd | Displays whether users can change their password (yes) or not (no). |
-pwdneverexpires | Displays whether the user passwords never expires (yes) or not (no). |
-disabled | Displays whether user accounts are disabled for logon (yes) or not (no). |
-acctexpires | Displays the dates when user accounts expire. If the accounts never expire, this command returns never. |
-reversiblepwd | Displays whether the user passwords are allowed to be stored using reversible encryption (yes) or not (no). |
<UserDN> (second variation) | Required. Displays the distinguished name of the user whose group membership you want to view. |
-memberof | Displays the immediate list of groups of which the user is a member. |
-expand | Displays the recursively expanded list of groups of which the user is a member. This option takes the immediate group membership list of the user, and then recursively expands each group in this list to determine its group memberships as well to arrive at a complete closure set of the groups. |