« Reading the LastWriteTime of a registry key using Powershell | Main | DNS Benchmark. And the winner is.... »
Friday
Apr162010

Generating a system list from Active Directory

DateFriday, April 16, 2010 at 1:13PM

Having a large number of workstations or servers within an enterprise brings a host of challenges in trying to maintain them. We are constantly having to reach out and perform an action on a set of boxes. Relying on your own or someone else's outdated system list is not an option. A quick and easy fix is to go straight to the source. Dsquery is a command-line too that allows us to query Active Directory based on criteria we feed into it. Today we are going to focus on one common criteria used, dsquery computer, which finds computers in the directory that matches our search patterns. Here's the syntax:

dsquery computer [{<StartNode> | forestroot | domainroot}] [-o {dn | rdn | samid}] [-scope {subtree | onelevel | base}] [-name <Name>] [-desc <Description>] [-samid <SAMName>] [-inactive <NumberOfWeeks>] [-stalepwd <NumberOfDays>] [-disabled] [{-s <Server> | -d <Domain>}] [-u <UserName>] [-p {<Password> | *}] [-q] [-r] [-gc] [-limit <NumberOfObjects>] [{-uc | -uco | -uci}]

So to pull a list of workstations from OU Test we can simply run:

C:\> dsquery computer "OU=Test,DC=testdomain,DC=com" -limit 0 -o rdn

"workstation1"
"workstation2"
"workstation3"

So if we break that command down we see that we are querying the Test OU in our domain for computers, -limit 0 means give me everything found, and in an output specifed as rdn. RDN displays the relative distinguished name of each entry. This will allow us to parse it in a for loop and run commands against it.

So let's say we want to ping those machines to see which ones are up:

C:\> for /f %w in ('dsquery computer "OU=Test,DC=testdomain,DC=com" -limit 0 -o rdn') do (
more? ping -n 1 %w
more? )

Pretty easy right!

So what if you don't know what OU a workstation is in? Well dsquery can find out that too! Lets suppose your workstations are called WORKSTATION1, WORKSTATION2, and so on. We can use a portion of the name to find out where they are:

C:\> dsquery computer -limit 0 | find "WORK"

Here's a quick example of a bat file I threw together taking advantage of dsquery.

@echo off
title Build WKS List
rem --------------------------------------------
rem ScriptName: build_wks_list.bat
rem
rem Usage:
rem    build_wks_list.bat wks_OU output_dir
rem
rem Example:
rem    build_wks_list.bat Test c:\admin
rem
rem Change History:
rem    DATE    DEVELOPER    CHANGE
rem    19MAR10    shaun hess    Initial Creation
rem --------------------------------------------
IF %1.==. GOTO USAGE
IF %2.==. GOTO USAGE

setlocal
set HOSTLIST=%2\%1_wkslist.txt
set HOSTLISTTEMP=%2\%1_wkslist.tmp
rem Modify the variable below to include OU's you
rem want to run against when passing the arg "All"
set SITELIST=Test, Engineering, Production
set OU=%1
set OUTPUT_DIR=%2
set ERRORLOG=%2\build_wks_list_error.log

echo.
if exist %HOSTLISTTEMP% del /f /q %HOSTLISTTEMP%
if exist %HOSTLIST% del /f /q %HOSTLIST%

if /I %1 == all (
   for %%i in (%SITELIST%) do (
   @echo Building workstation list for OU=%%i
   dsquery computer "OU=%%i,DC=testdomain,DC=com" -limit 0 -o ^
      rdn >> %HOSTLISTTEMP% 2> %ERRORLOG%
   for /f "delims=" %%a in (%HOSTLISTTEMP%) do echo %%~a >> %HOSTLIST%
   del /f /q %HOSTLISTTEMP%
   @echo Workstation List: %HOSTLIST%
) else (
   @echo Building workstation list for OU=%1
   dsquery computer "OU=%1,DC=testdomain,DC=com" -limit 0 -o ^
      rdn >> %HOSTLISTTEMP% 2> %ERRORLOG%
   for /f "delims=" %%a in (%HOSTLISTTEMP%) do echo %%~a >> %HOSTLIST%
   del /f /q %HOSTLISTTEMP%
   @echo Workstation List: %HOSTLIST%
)
goto done

:USAGE
echo.
echo Usage:
echo.
echo build_wks_list.bat wks_OU output_dir
echo.
echo Ex: build_wks_list.bat Test c:\admin
echo.
echo You may also pass the argument "All" for
echo the OU field if your sitelist is setup.
echo.

:done
echo.
if not "%ERRORLEVEL%"=="0" (
   echo Please see %ERRORLOG% for details.
   echo.
   echo Script failed with return code %ERRORLEVEL%
   echo.
) else (
   echo Script completed successfully.
)
endlocal

exit /b

Some other useful arguments to dsquery computer are:

-name <Name>

Searches for computers whose name attributes (value of CN attribute) matches <Name>. For example, "jon*" or "*ith" or "j*th".

-desc <Description>

Searches for computers whose description attributes match <Description>. For example, "jon*", "*ith", or "j*th".

-inactive <NumberOfWeeks>

Searches for computers that have been inactive (stale) for the number of weeks thatou specify.

-stalepwd <NumberOfDays>

Searches for computers whose passwords have not changed for the number of days that you specify.

-disabled

Searches for all computers whose accounts are disabled.


If you have other handy ways to build system lists feel free to share in the comments. If not give dsquery a try!

AuthorShaun Hess | CommentPost a Comment | Reference1 Reference |
tagged , , , , , in , , ,

PrintView Printer Friendly Version

EmailEmail Article to Friend

References (1)

References allow you to track sources for this article, as well as articles that were written in response to this article.

Reader Comments

There are no comments for this journal entry. To create a new comment, use the form below.

PostPost a New Comment

Enter your information below to add a new comment.

My response is on my own website »
Author Email (optional):
Author URL (optional):
Post:
 
All HTML will be escaped. Hyperlinks will be created for URLs automatically.

Notify me of follow-up comments via email.