Dsquery

Dsquery is a command-line utility included with Windows Server systems that have the Active Directory Domain Services (AD DS) role installed. It is used to query directory objects such as users, groups, computers, and organizational units directly from the command line. The tool must be executed from an elevated command prompt, meaning it requires administrative privileges to run.

Forests

StandIn and ADSearch do not support custom search bases, making them unsuitable for forest-wide enumeration. The below query:

• *: sets the search base as a generic LDAP object, rather than a specific object, e.g. user or computer.

• "cn=partitions,cn=configuration,dc=moneycorp,dc=com": the CN=Partitions location holds metadata about all naming contexts in the AD forest (like domain partitions, application partitions, etc.).

• -filter "(netbiosname=*)": matches objects having a netbiosname attribute set (i.e., not empty). This typically returns domain partitions that are associated with a NetBIOS name (e.g., MONEYCORP for moneycorp.com).

• -attribute ncname: the distinguished name (DN) of the naming context (like DC=moneycorp,DC=com).

dsquery.exe '* "cn=partitions,cn=configuration,dc=moneycorp,dc=com" -filter "(netbiosname=*)" --attribute ncname'