Hamizi Jamaluddin
Jul 5, 20182 min
Updated: Aug 9, 2019
Use these command-line tools to configure AD DS objects
Command ------------------------------- Description
Dsadd computer
Dsadd contact
Dsadd group ..............................Adds objects to the directory
Dsadd ou
Dsadd quota
Dsadd user
Dsget computer
Dsget contact
Dsget group
Dsget ou
Dsget partition
Dsget quota .............................. Displays properties of objects in the directory
Dsget server
Dsget site
Dsget subnet
Dsget user
Dsmod computer
Dsmod contact
Dsmod group
Dsmod ou .............................. Modifies select attributes of an existing object in the directory
Dsmod partition
Dsmod quota
Dsmod server
Dsmod user
Dsquery *
Dsquery computer
Dsquery contact
Dsquery group
Dsquery ou
Dsquery partition
Dsquery quota ..............................Finds objects in the directory that match a specified search criteria
Dsquery server
Dsquery site
Dsquery subnet
Dsquery user
Dsmove .......................Moves any object from its current location to a new parent location or renames any object without moving it
Dsrm ....................... Removes an object, the complete subtree under an object in the directory, or both
****************************************************************************
LDAP attribute tag ------------------ Description
CN= .............................................Common name
.....................................................The name given to the object at creation
OU=................................................Organizational unit
....................................................The name of the container
DC=................................................Domain component
......................................................The name of the domain
dsquery ou dc=abc,dc=com
This command will produce a listing of all OUs
dsquery user cn=users,dc=abc,dc.com
It is going to show all the users in the users container.
dsquery servers -hasfsmo schema or (rid, name, infr and pdc.)
It is going to show which server(s) has the schema role
*****************************************
dsadd ou "ou=northwest, dc=abc, dc=com"
This command tells Active Directory to create an OU called northwest
dsadd user "cn=calvin jay, ou=northwest, dc=abc, dc=com"
This command will create an user named calvin jay in northwest OU
*****************************************
dsquery server -domain abc.com | dsget server -dnsname –site
Finds all domain controllers for domain abc.com and display their DNS host name and site name
dsget user "CN=Mike Jay,CN=users,dc=abc,dc=com"-memberof –expand
Shows the list of groups, recursively expanded, to which a given user belongs
*****************************************
dsmod computer CN=Server1,CN=Computers,DC=abc,DC=Com -disabled yes
To disable computer account
dsmod user "CN=Don Jay,CN=Users,DC=abc,DC=Com" -pwd A1b2c3d4 -mustchpwd yes
To reset password and force him to change his password the next time he logs on to the network
*****************************************
dsmove "CN=Kim love,OU=Sales,DC=abc,DC=Com" -newname "Kim Falls"
Renames a user object from Kim Love to Kim Falls
dsmove "CN=Kim Falls,OU=Sales,DC=abc,DC=Com" -newparent OU=Marketing,DC=abc,DC=Com
Moves Kim Falls from the Sales organization to the Marketing organization
*****************************************
dsrm -subtree -noprompt -c OU=Marketing,DC=abc,DC=Com
Removes an organizational unit called "Marketing" and all the objects under that organizational unit
dsrm -subtree -exclude -noprompt -c "OU=Marketing,DC=abc,DC=Com"
Removes all objects under the organizational unit called "Marketing," but leaves the organizational unit intact