Read AD Users
String strAdGroup = "ADGroup1"
try {
//Read AD users by group name
StringBuffer sADAllUsers = new StringBuffer();
sADAllUsers.append("cmd /c dsget group \"CN="+strADGroup+",OU=Resource Access,OU=Groups,OU=Enterprise,DC=google,DC=co,DC=uk\" -members | dsget user -dn");
Process procReadADUsers=Runtime.getRuntime().exec(sADAllUsers.toString());
BufferedReader brInputReadADUsers = new BufferedReader(new InputStreamReader(procReadADUsers.getInputStream()));
BufferedReader brErrorReadADUsers = new BufferedReader(new InputStreamReader(procReadADUsers.getErrorStream()));
String sReadADUserErrors = null;
String sReadADUser = brInputReadADUsers.readLine();
String unprocessedUserDN = brInputReadADUsers.readLine();
while (unprocessedUserDN!= null) {
if((! unprocessedUserDN.equals("dsget succeeded"))) {
sReadADUser =(unprocessedUserDN.substring((int)unprocessedUserDN.indexOf('=')+1,(int)unprocessedUserDN.indexOf(','))).trim().toLowerCase();
printOut("AD Group:"+strAdGroup+", User:"+sReadADUser;
}
unprocessedUserDN = brInputReadADUsers.readLine();
}
while ((sReadADUserErrors = brErrorReadADUsers.readLine()) != null) {
printOut("Error reading members of AD group "+strAdGroup+": "+sReadADUserErrors);
}
int exitValue = procReadADUsers.waitFor();
printOut("Exit Status: "+exitValue);
sADAllUsers.delete(0,sADAllUsers.length());
}
catch (Exception e) {
printErr("Error reading properties file: " + e.getLocalizedMessage());
}
DSGET Command
Display user(s) from active directory.
(installable option either via AD DS or adminpack.msi)
Syntax
DSGET user UserDN [-dn] [-samid] [-sid] [-upn] [-fn] [-mi] [-ln]
[-display] [-empid] [-desc] [-office] [-tel] [-email] [-hometel] [-pager] [-mobile]
[-fax] [-iptel] [-webpg] [-title] [-dept] [-company] [-mgr] [-hmdir] [-hmdrv] [-profile]
[-loscr] [-mustchpwd] [-canchpwd] [-pwdneverexpires] [-disabled] [-acctexpires] [-reversiblepwd]
[{-uc | -uco | -uci}] [-part PartitionDN [-qlimit] [-qused]]
DSGET user UserDN [-memberof] [-expand][{-uc | -uco | -uci}]
Key
UserDN Distinguished Name of the user to view.
-dn Display the distinguished names
-samid Display the Security Account Manager (SAM) account names
-sid Display the user security identifiers (SIDs).
-upn Display the user principal names (UPNs)
-fn Display the first names
-mi Display the middle initials
-ln Display the last names
-display Display the display names
-empid Display the employee IDs
-desc Display the descriptions
-full Display the full names
-office Display the office locations
-tel Display the telephone numbers
-email Display the email addresses
-hometel Display the home telephone numbers
-pager Display the pager numbers
-mobile Display the mobile phone numbers
-fax Display the fax numbers
-iptel Display the user IP phone numbers.
-webpg Display the user Web page URLs.
-title Display the titles
-dept Display the departments
-company Display the company information
-mgr Display the managers
-hmdir Display the users home directory
-hmdrv Display the user's home drive letter
-profile Display the user profile paths
-loscr Display the user logon script paths
-mustchpwd Display whether users must change their passwords at next logon (yes/no).
-canchpwd Display whether users can change their password (yes/no).
-pwdneverexpires Display whether passwords never expire (yes/no).
-disabled Display whether user accounts are disabled (yes/no).
-acctexpires Display the dates when user accounts expire. (date/never)
-reversiblepwd Display whether user passwords will be stored with reversible encryption (yes/no).
-memberof Display the immediate list of groups of which the user is a member.
-expand Display the recursively expanded list of groups of which the user is a member.
-uc Unicode format
-uco Unicode format for output only
-uci Unicode format for input only
-part Connect to the directory partition PartitionDN
-qlimit Display the effective quota of the user within PartitionDN
-qused Display how much quota the user has used within PartitionDN
Examples
Find the list of groups, recursively expanded, to which the user Fred belongs:
C:\> dsget user "cn=fred,ou=Users,ou=AcmeCo,dc=ss64,dc=com" -memberof -expand
Display the distinguished name and description of domain controller Dom1:
C:\> dsget server CN=Dom1,CN=Servers,CN=AcmeCo,DC=ss64,DC=Com -dn -desc