Use these command-line tools to configure AD DS objects
Command ------------------------------- Description Dsadd computer Dsadd contact Dsadd group ..............................Adds objects to the directory Dsadd ou Dsadd quota Dsadd user
Dsget computer Dsget contact Dsget group Dsget ou Dsget partition Dsget quota .............................. Displays properties of objects in the directory Dsget server Dsget site Dsget subnet Dsget user
Dsmod computer Dsmod contact Dsmod group Dsmod ou .............................. Modifies select attributes of an existing object in the directory Dsmod partition Dsmod quota Dsmod server Dsmod user
Dsquery * Dsquery computer Dsquery contact Dsquery group Dsquery ou Dsquery partition Dsquery quota ..............................Finds objects in the directory that match a specified search criteria Dsquery server Dsquery site Dsquery subnet Dsquery user
Dsmove .......................Moves any object from its current location to a new parent location or renames any object without moving it
Dsrm ....................... Removes an object, the complete subtree under an object in the directory, or both
****************************************************************************
LDAP attribute tag ------------------ Description CN= .............................................Common name .....................................................The name given to the object at creation OU=................................................Organizational unit ....................................................The name of the container DC=................................................Domain component ......................................................The name of the domain
dsquery ou dc=abc,dc=com This command will produce a listing of all OUs
dsquery user cn=users,dc=abc,dc.com It is going to show all the users in the users container.
dsquery servers -hasfsmo schema or (rid, name, infr and pdc.) It is going to show which server(s) has the schema role
*****************************************
dsadd ou "ou=northwest, dc=abc, dc=com" This command tells Active Directory to create an OU called northwest
dsadd user "cn=calvin jay, ou=northwest, dc=abc, dc=com" This command will create an user named calvin jay in northwest OU
*****************************************
dsquery server -domain abc.com | dsget server -dnsname –site Finds all domain controllers for domain abc.com and display their DNS host name and site name
dsget user "CN=Mike Jay,CN=users,dc=abc,dc=com"-memberof –expand Shows the list of groups, recursively expanded, to which a given user belongs
*****************************************
dsmod computer CN=Server1,CN=Computers,DC=abc,DC=Com -disabled yes To disable computer account
dsmod user "CN=Don Jay,CN=Users,DC=abc,DC=Com" -pwd A1b2c3d4 -mustchpwd yes To reset password and force him to change his password the next time he logs on to the network
*****************************************
dsmove "CN=Kim love,OU=Sales,DC=abc,DC=Com" -newname "Kim Falls" Renames a user object from Kim Love to Kim Falls
dsmove "CN=Kim Falls,OU=Sales,DC=abc,DC=Com" -newparent OU=Marketing,DC=abc,DC=Com Moves Kim Falls from the Sales organization to the Marketing organization
*****************************************
dsrm -subtree -noprompt -c OU=Marketing,DC=abc,DC=Com Removes an organizational unit called "Marketing" and all the objects under that organizational unit
dsrm -subtree -exclude -noprompt -c "OU=Marketing,DC=abc,DC=Com" Removes all objects under the organizational unit called "Marketing," but leaves the organizational unit intact