dsmod – useful commands

Get members of group

dsget user „CN=UserName,OU=xxxxx,,DC=domain,DC=domain“ -memberof -expand

dsget group „CN=GroupName,DC=domain,DC=domain“ -members

Get inactive computers

dsquery computer -inactive 8 -limit 500 „OU=xxxxx,,DC=domain,DC=domain“

inactive = weeks

default limit is 100 objects

How to tell if lastLogontimeStamp is in sync

1. Using repadmin to check the value of lastLogontimeStamp on all DC’s in a domain for one user:

repadmin /showattr * (or put name of DC server) /attrs:lastLogontimeStamp


repadmin /showattr * CN=user1,OU=accounting,DC=domain,dc=com /attrs:lastLogontimeStamp

2. Using repadmin to dump the lastLogontimeStamp for all users in a domain including users that have no data in the lastLogontimeStamp attribute:

repadmin /showattr * /subtree /filter:“(&(objectCategory=Person)(objectClass=user))“ /attrs:lastLogontimeStamp

3. Dump lastLogonTime stamp for users but only ones that have the attribute populated

repadmin /showattr * dc=domain,dc=com /subtree /filter:“((&(lastLogontimeStamp=*)(objectCategory=Person)(objectClass=user)))“ /attrs:lastLogontimeStamp

How create new mailbox from powershell Exchange 2007

$password = Read-Host „Enter password“ -AsSecureString

New-Mailbox -Name ‚test_user2‘ -Alias ‚test_user2‘ -OrganizationalUnit ‚FQDNdomain/OU/OU‘ -UserPrincipalName ‚test_user2@domain‘ -SamAccountName ‚test_user2‘ -FirstName ‚test_user2‘ -Initials “ -LastName “ -Password $password -ResetPasswordOnNextLogon $false -Database ‚NAMEOFEXCHANGESERVER\NAMEOFMAILBOXGROUP\MAILBOXDATABASE‘

create distribution group over powershell
new-DistributionGroup -Name ‚test_distribution_group1‘ -Type ‚Distribution‘ -OrganizationalUnit ‚FQDNDOMAIN/OU/OU/OU‘ -SamAccountName ‚test_distribution_group1‘ -Alias ‚test_distribution_group1‘