Configuring AD DS Objects Using Command-Line Tools in Windows Server 2008 R2

Use these command-line tools to configure AD DS objects

Command ------------------------------- Description Dsadd computer Dsadd contact Dsadd group ..............................Adds objects to the directory Dsadd ou Dsadd quota Dsadd user

Dsget computer Dsget contact Dsget group Dsget ou Dsget partition Dsget quota .............................. Displays properties of objects in the directory Dsget server Dsget site Dsget subnet Dsget user

Dsmod computer Dsmod contact Dsmod group Dsmod ou .............................. Modifies select attributes of an existing object in the directory Dsmod partition Dsmod quota Dsmod server Dsmod user

Dsquery * Dsquery computer Dsquery contact Dsquery group Dsquery ou Dsquery partition Dsquery quota ..............................Finds objects in the directory that match a specified search criteria Dsquery server Dsquery site Dsquery subnet Dsquery user

Dsmove .......................Moves any object from its current location to a new parent location or renames any object without moving it

Dsrm ....................... Removes an object, the complete subtree under an object in the directory, or both

****************************************************************************

LDAP attribute tag ------------------ Description CN= .............................................Common name .....................................................The name given to the object at creation OU=................................................Organizational unit ....................................................The name of the container DC=................................................Domain component ......................................................The name of the domain

dsquery ou dc=abc,dc=com This command will produce a listing of all OUs

dsquery user cn=users,dc=abc,dc.com It is going to show all the users in the users container.

dsquery servers -hasfsmo schema or (rid, name, infr and pdc.) It is going to show which server(s) has the schema role

*****************************************

dsadd ou "ou=northwest, dc=abc, dc=com" This command tells Active Directory to create an OU called northwest

dsadd user "cn=calvin jay, ou=northwest, dc=abc, dc=com" This command will create an user named calvin jay in northwest OU

*****************************************

dsquery server -domain abc.com | dsget server -dnsname –site Finds all domain controllers for domain abc.com and display their DNS host name and site name

dsget user "CN=Mike Jay,CN=users,dc=abc,dc=com"-memberof –expand Shows the list of groups, recursively expanded, to which a given user belongs

*****************************************

dsmod computer CN=Server1,CN=Computers,DC=abc,DC=Com -disabled yes To disable computer account

dsmod user "CN=Don Jay,CN=Users,DC=abc,DC=Com" -pwd A1b2c3d4 -mustchpwd yes To reset password and force him to change his password the next time he logs on to the network

*****************************************

dsmove "CN=Kim love,OU=Sales,DC=abc,DC=Com" -newname "Kim Falls" Renames a user object from Kim Love to Kim Falls

dsmove "CN=Kim Falls,OU=Sales,DC=abc,DC=Com" -newparent OU=Marketing,DC=abc,DC=Com Moves Kim Falls from the Sales organization to the Marketing organization

*****************************************

dsrm -subtree -noprompt -c OU=Marketing,DC=abc,DC=Com Removes an organizational unit called "Marketing" and all the objects under that organizational unit

dsrm -subtree -exclude -noprompt -c "OU=Marketing,DC=abc,DC=Com" Removes all objects under the organizational unit called "Marketing," but leaves the organizational unit intact