Skip to main content
PDQ.com mobilePDQ.com desktop
Support
Try Now

What Is the PowerShell Equivalent of dsquery

Brock BinghamBrock Bingham
·

Some Command Prompt commands have a direct PowerShell equivalent that is easy to identify. For example, the PowerShell equivalent of NSLookup is Resolve-DnsName, and the PowerShell equivalent of Taskkill is Stop-Process. Others are a little more complicated. For example, if you've seen our article covering the PowerShell equivalent of DSAdd, you'll know that we covered several different commands because DSAdd uses switches to provide more specific functionality. Similarly, dsquery uses switches to alter the results of the command, so to make things clear as mud, we'll be covering several PowerShell cmdlets that replicate the functionality of dsquery and its switches.

What is dsquery

Before we talk about the PowerShell equivalent of dsquery, it's important to understand what dsquery does. Simply put, dsquery returns objects from Active Directory. These objects include users, computers, groups, organizational units, and more. Here's an example:

dsquery user -name "username"

Notice that we include the user switch to specify the type of object that we want to return. If, instead, we wanted to return a computer object with the name odin, we would need to include the computer switch.

dsquery computer -name "computer name"

Yes, I'm aware I have a user and a computer, both named Odin. Yes, it's weird. Moving on.

Now that we know what dsquery is and how it works, let's look at its PowerShell equivalents.

The PowerShell Equivalents of dsquery

The most accurate PowerShell equivalent of dsquery is Get-ADObject. But as I mentioned, it's more complicated than that. So instead of flapping my digital lips for several paragraphs describing the intricacies of these commands, it'll be easier to lay everything out in an informational table. Besides, who doesn't enjoy a good table?

CMD Prompt CommandPowerShell EquivalentDescription
dsquery *Get-ADObjectReturns AD objects such as users, computers, groups, etc.
dsquery computerGet-ADComputerReturn AD computer objects.
dsquery groupGet-ADGroupReturns AD group objects.
dsquery ouGet-ADOrganizationalUnitReturns AD organizational unit objects.
dsquery userGet-ADUserReturns AD user objects.

As you can see from this table, while dsquery adds a class specification switch, such as user or computer, to designate the type of object to query, PowerShell instead uses specific cmdlets to designate the type of object to query. The exception to this rule is Get-ADObject which is object class agnostic, meaning this cmdlet can return any type of object from AD.

Get-ADObject Help File

As always, if you're new to a command and trying to figure out exactly what it does and how to use it, a good place to start is to review the help documentation. To do so, use the Get-Help command followed by the command in question. Here's the help file for Get-ADObject.

Get-Help Get-ADObject

NAME
    Get-ADObject

SYNOPSIS
    Gets one or more Active Directory objects.


SYNTAX
    Get-ADObject [-AuthType {Negotiate | Basic}] [-Credential <PSCredential>] [-IncludeDeletedObjects] [-Properties
    <String[]>] [-ResultPageSize <Int32>] [-ResultSetSize <Int32>] [-SearchBase <String>] [-SearchScope {Base |
    OneLevel | Subtree}] [-Server <String>] -Filter <String> [<CommonParameters>]

    Get-ADObject [-Identity] <ADObject> [-AuthType {Negotiate | Basic}] [-Credential <PSCredential>]
    [-IncludeDeletedObjects] [-Partition <String>] [-Properties <String[]>] [-Server <String>] [<CommonParameters>]

    Get-ADObject [-AuthType {Negotiate | Basic}] [-Credential <PSCredential>] [-IncludeDeletedObjects] [-Properties
    <String[]>] [-ResultPageSize <Int32>] [-ResultSetSize <Int32>] [-SearchBase <String>] [-SearchScope {Base |
    OneLevel | Subtree}] [-Server <String>] -LDAPFilter <String> [<CommonParameters>]


DESCRIPTION
    The Get-ADObject cmdlet gets an Active Directory object or performs a search to retrieve multiple objects.

    The Identity parameter specifies the Active Directory object to get. You can identify the object to get by its
    distinguished name (DN) or GUID. You can also set the parameter to an Active Directory object variable, such as
    $<localADObject> or pass an object through the pipeline to the Identity parameter.

    To search for and retrieve more than one object, use the Filter or LDAPFilter parameters. The Filter parameter
    uses the PowerShell Expression Language to write query strings for Active Directory. PowerShell Expression
    Language syntax provides rich type conversion support for value types received by the Filter parameter. For more
    information about the Filter parameter syntax, see about_ActiveDirectory_Filter. If you have existing LDAP query
    strings, you can use the LDAPFilter parameter.

    This cmdlet gets a default set of Active Directory object properties. To get additional properties use the
    Properties parameter. For more information about the how to determine the properties for computer objects, see the
    Properties parameter description.


RELATED LINKS
    Online Version: http://go.microsoft.com/fwlink/p/?linkid=291034
    New-ADObject
    Remove-ADObject
    Set-ADObject

REMARKS
    To see the examples, type: "get-help Get-ADObject -examples".
    For more information, type: "get-help Get-ADObject -detailed".
    For technical information, type: "get-help Get-ADObject -full".
    For online help, type: "get-help Get-ADObject -online"

Again, if you're interested in viewing the help documentation for any of the other PowerShell commands we cover in this guide, use the following command:

Get-Help "PowerShell Command"

Now that we know what the PowerShell commands are, let's look at some real-world examples of how to use them.

Get-ADObject Example

Get-ADObject -Filter 'name -like "object_name*"'

This first example is pretty basic, but I wanted to emphasize that Get-ADObject searches all AD objects, not just a specific object class. As you can see, I've used the -like filter operator to return objects that start with a specific name. In this case, I'm searching for objects that start with odin, followed by an asterisk to return all results. Both the computer object "ODIN" and the user object "odin borson" were returned.

Get-ADUser Example

Get-ADUser -SearchBase "OU=OU_name,DC=domain,DC=domain" -Filter 'EmailAddress -notlike "*"' -Properties Department | Select Name, Department

In this example, we're using the Get-ADUser cmdlet, which specifically searches for user objects. We've specified an OU to search using the -SearchBase parameter. We've then used the -Filter parameter to filter based on the EmailAddress property and used the -notlike operator to specifically search for users with an empty EmailAddress property. We've included the -Properties parameter with the Department attribute since department isn't an attribute that's returned by default with Get-ADUser. Lastly, we've piped this command to the Select cmdlet to output only the Name and Department properties.

Get-ADComputer Example

$date = (Get-Date).AddDays(-180)

Get-ADComputer -SearchBase "OU=OU_name,DC=domain,DC=domain" -Filter 'Created -ge $date' -Properties operatingSystem, Created | Select-Object Name, operatingSystem, Created

For our last example, we're using the Get-ADComputer cmdlet to return a list of computers created in the last 180 days. First, we use the Get-Date cmdlet to return the current date, minus 180 days and assign it to the $date variable. Next, we use the Get-ADComputer cmdlet to search for computers in a specific OU. Then, we use the -Filter parameter to compare the Created property against the $date variable. Lastly, we return the operatingSystem and Created properties which aren't returned by default, and use the Select-Object (alias Select) to output only the Name, operatingSystem, and Created properties.

You can easily modify the $date variable command to suit your needs. If you want to return computers created in the last 30 days, change -180 to -30.

Wrapping Up

If you haven't started the transition to PowerShell yet, now's the time. PowerShell is one bandwagon you don't want to miss jumping on. Once you start using it, it'll be hard to stop. And just think, now that you know the PowerShell equivalent of dsquery,  you're one cmdlet closer to mastering PowerShell.

Ready to put the PowerShell Scanner through its paces?

Take our 14-day Free Trial. Feel the power of the PowerShell scanner.
Start a Trial

Don't miss the next post!

8 ways to protect your business from ransomware

Ransomware attacks are on the rise, and it's only a matter of time before your business becomes a target. Learn how to protect yourself before it's too late.

General
PDQ.com
© 2021 PDQ.com Corporation
Products
  • PDQ Deploy ®
  • PDQ Inventory ®
  • SimpleMDM
  • Pricing
  • Downloads
  • Licensing
  • Buy