dsmod – useful commands

Get members of group

dsget user “CN=UserName,OU=xxxxx,,DC=domain,DC=domain” -memberof -expand

dsget group “CN=GroupName,DC=domain,DC=domain” -members

Get inactive computers

dsquery computer -inactive 8 -limit 500 “OU=xxxxx,,DC=domain,DC=domain”

inactive = weeks

default limit is 100 objects

How to tell if lastLogontimeStamp is in sync

1. Using repadmin to check the value of lastLogontimeStamp on all DC’s in a domain for one user:

repadmin /showattr * (or put name of DC server) /attrs:lastLogontimeStamp


repadmin /showattr * CN=user1,OU=accounting,DC=domain,dc=com /attrs:lastLogontimeStamp

2. Using repadmin to dump the lastLogontimeStamp for all users in a domain including users that have no data in the lastLogontimeStamp attribute:

repadmin /showattr * /subtree /filter:”(&(objectCategory=Person)(objectClass=user))” /attrs:lastLogontimeStamp

3. Dump lastLogonTime stamp for users but only ones that have the attribute populated

repadmin /showattr * dc=domain,dc=com /subtree /filter:”((&(lastLogontimeStamp=*)(objectCategory=Person)(objectClass=user)))” /attrs:lastLogontimeStamp

How create new mailbox from powershell Exchange 2007

$password = Read-Host “Enter password” -AsSecureString

New-Mailbox -Name ‘test_user2’ -Alias ‘test_user2’ -OrganizationalUnit ‘FQDNdomain/OU/OU’ -UserPrincipalName ‘test_user2@domain’ -SamAccountName ‘test_user2’ -FirstName ‘test_user2’ -Initials ” -LastName ” -Password $password -ResetPasswordOnNextLogon $false -Database ‘NAMEOFEXCHANGESERVER\NAMEOFMAILBOXGROUP\MAILBOXDATABASE’

create distribution group over powershell
new-DistributionGroup -Name ‘test_distribution_group1’ -Type ‘Distribution’ -OrganizationalUnit ‘FQDNDOMAIN/OU/OU/OU’ -SamAccountName ‘test_distribution_group1’ -Alias ‘test_distribution_group1’