Site Meter Microsoft Talk » Blog Archive » Essential Tools for Active Directory - 2

Essential Tools for Active Directory - 2

by

hd2-windows Dsadd

Dsadd is used to create an instance of an Active Directory object class on a particular directory partition. These classes include users, computers, contacts, groups, organizational units, and quotas. Dsadd has a generic syntax that consists of the following:

dsadd <ObjectType> <ObjectDistinguishedName> attributes

Note that each object type you create takes a specific set of switches corresponding to the attributes available for that type. This command creates a single user object with various attributes populated (note that the following is all on one line):

dsadd user cn=afuller,ou=IT,dc=contoso,dc=com
–samID afuller –fn Andrew –ln Fuller –pwd *
-memberOf cn=IT,ou=Groups,dc=contoso,dc=com "cn=Help Desk,ou=Groups,
dc=contoso,dc=com"
–desc "Marketing Director"

The –memberOf switch requires the full distinguished name (DN) of each group the user should be added to; if you want to add the user to multiple groups you can add multiple DNs separated by spaces.

If any element contains a space, such as the DN of the Help Desk group, it needs to be enclosed in double quotes. If an element contains a backslash, like an OU called IT\EMEA, the backslash must be entered twice: IT\\EMEA. (These requirements apply to all of the ds* tools.)

When you use the -pwd * switch, you’ll be prompted to enter a password for the user at the command line. You can specify the password within the command itself (-pwd P@ssword1), but this will display the password in plain text on the screen or in any text or script file that you’ve embedded the command into.

Similarly, you can create a group object and an OU using the following two commands:

dsadd computer cn=WKS1,ou=Workstations,dc=contoso,dc=com
dsadd ou "ou=Training OU,dc=contoso,dc=com"

Dsmod

Dsmod is used to modify an existing object, and you work with it much as with dsadd, using different submenus and syntax depending on the type of object you’re modifying. The following dsmod statement changes a user’s password and modifies his account so he will be prompted to change to a new password on next logon:

dsmod user "cn=afuller,ou=IT,dc=contoso,dc=com" –pwd P@ssw0rd1
    –mustchpwd yes

To see how similar these switches are, look at the dsadd syntax you would use to create this user with the same attributes configured:

dsadd user "cn=afuller,ou=IT,dc=contoso,dc=com" –pwd P@ssw0rd1
    –mustchpwd yes

As you can clearly see, if you know the switches to create objects in dsadd, you can use those same switches to modify users with dsmod.

Dsrm

The converse of dsadd is dsrm; as you might imagine, this tool lets you delete an object from the command line. The basic dsrm syntax is pretty straightforward: simply enter dsrm followed by the distinguished name of the object you want to delete, like so:

dsrm cn=WKS1,ou=Workstations,dc=contoso,dc=com

By default, dsrm will prompt "Are you sure you want to delete this object?" Type Y, then press Enter. You can suppress this prompt using the –noprompt switch, but, obviously, you then get no chance to confirm that you’ve selected the correct object before deleting it. Two additional switches can be helpful if you are deleting a container object, that is, an organizational unit that could potentially contain other objects within it. The following command deletes the TrainingOU organizational unit and all objects contained within it:

dsrm ou=TrainingOU,dc=contoso,dc=com –subtree

This one deletes all child objects contained within TrainingOU but leaves the organizational unit object itself in place:

dsrm ou=TrainingOU,dc=contoso,dc=com –subtree
    –exclude

Dsmove

To move or rename an object in Active Directory, you use the dsmove tool, but note that you should use it to move an object only within a single domain. To migrate objects between domains or forests, use the Active Directory Migration Tool (ADMT), a free download from the Microsoft Web site. Dsmove relies on two switches that can be used separately or in combination. This command gives Steve Conn’s account a new last name:

dsmove "cn=Conn, Steve,ou=IT,dc=contoso,dc=com"
    –newname "Steve Conn"

This command moves Steve’s account from the IT OU to the Training OU:

dsmove "cn=Conn, Steve,ou=IT,dc=contoso,dc=com" –newparent
    ou=Training,dc=contoso,dc=com

You can combine a rename and a move into a single operation by specifying both switches at once, like this:

dsmove "cn=Conn, Steve,ou=IT,dc=contoso,dc=com" –newname
    "Steve Conn" –newparent ou=Training,dc=contoso,dc=com
 
Recommended Microsoft Daisy: Convert Text to Audio | HowTo: Make a smooth transition from Office 2003 to Office 2007
 

Posted in Server on November 15th, 2007

Link to this Entry

Recent Posts

Related Posts

Leave a Reply


About Microsoft Talk

My name is Brick ONeil, and I’ve been with the 451 Press Network since March 2007. I’m the new blogger for Microsoft Talk. We’ll be discussing ‘About Microsoft’ itself. What’s happening, who’s coming/going, what new technologies they’re coming out with, updates and upgrades. I’ll try to bring you news each day that impacts your daily life and use of Microsoft products, or just interesting information I think you’ll enjoy

Microsoft Talk Author(s)

NAVIGATE

LINKS

CATEGORIES

TOP COMMENTERS

RECENT COMMENTS

SUBSCRIBE

ARCHIVES

Blogging Flair

 

Technology Channel Posts

  • Cell Phones + Social Networks = Love?
    [caption id="attachment_262" align="alignnone" width="128" caption="Social Networks"][/caption]Wireless industry ready to interface with Facebook, MySpace and Bebo Everybody at this week's Mobile [...]
  • LG X120 Netbook
    LG Electronics has announced it is launching their newest netbook called the LG X120. The laptop is a cute one with only 10.1″ screen with backlit. Powering it is an Intel Atom processor [...]
  • Uniea Haptique HardShell Case for MacBook
    This hardshell cases for the new MacBook aluminum are made of ABS plastic coupled with soft touch coating. It offers a textured feel, almost leather like, and protects the surface of the laptop [...]
  • Haier shows off it's offerings to the masses
    [caption id="attachment_1757" align="alignnone" width="600" caption="Haier netb ook, G1 and G2"][/caption]The fine folks over at Haier shows off mysterious "NetBooks," Android phones Haier's [...]
  • Hackers target Gamers
    [caption id="attachment_887" align="alignnone" width="128" caption="Xbox"][/caption]Although I'm not a gamer, everyone should be aware of hackers and malware. According to microsoft, What's the [...]
  • Microsoft Equips Individuals With New Training Resources Needed for Jobs
    [caption id="attachment_733" align="alignnone" width="109" caption="Microsoft"][/caption]Second time around for this bit of news, but very apropos in today's business climate. Microsoft Corp. [...]
  • LG Phone's Transparent Keypad Expected to "Make A New Fashion Statement"
    [caption id="attachment_259" align="alignnone" width="950" caption="Transluscent Phone"][/caption][caption id="attachment_258" align="alignnone" width="500" caption="LG GD-900"][/caption]Firmware or [...]
  • Preorder Nokia N86 at Expansys
    [caption id="attachment_1754" align="alignnone" width="162" caption="Nokia N86"][/caption]Engadget breaks this story: European markets can expect to see Nokia's N86 handset on or about July 22, [...]
  • Microsoft Tests Vista SP2, Readies Windows 7 Updates
    [caption id="attachment_884" align="alignnone" width="116" caption="Vista"][/caption]Lots coming out of Redmond these days. Service Pack 2 for Windows Vista and Windows Server 2008 is reportedly [...]
  • Five Steps to an E-friendly Résumé
    [caption id="attachment_730" align="alignnone" width="128" caption="Resume on Outlook"][/caption]With today's economy and layoffs, we all need all the help we can get when searching for jobs. MSN [...]

 

Hot Off The Press