DS (Directory Service) Family of built-in command line utility. The DS (Directory Service) group of commands are split into two families. In one branch are DSadd, DSmod, DSrm and DSMove and in the other branch are DSQuery and DSGet.
DS Commands are:
- DSmod - To Modify Active Directory Attributes.
- DSrm - To Delete Active Directory Objects.
- DSmove - To relocate objects.
- DSadd - Create new accounts.
- DSquery - To find objects that match your query attributes.
- DSget - List the properties of an object
DSadd: Adds specific types of objects to the directory.
- DSadd Computer: Add a single Computer to the directory.
Example 1.To create a computer account named client_PC in the default Computers container of testdomain.com.
CMD: dsadd computer "cn=Client_PC,cn=computers,dc=testdomain,dc=com"
- Dsadd User: Adds a single user to the directory.
Example 1: Creating a user account.
Cmd: dsadd user "cn=stevejobs,cn=users,dc=testdomain,dc=com"
User id "stevejobs" created under Users folder, with out password, and the account status is Disabled.
Examble 2. Creating User account with Password and the account should be enabled mode.
Cmd: dsadd user "cn=stevejobs,cn=users,dc=testdomain,dc=com" -pwd A1b2c3d4 -disabled no
-pwd {<Password>|*}: Specifies that the password for the user be set to Password or an asterisk (*). If you set the password to *, dsadd prompts you for a user password.
-pwd {<Password>|*}: Specifies that the password for the user be set to Password or an asterisk (*). If you set the password to *, dsadd prompts you for a user password.
-mustchpwd {yes | no }: Specifies whether users must change their passwords when they next log on. The available values are Yes and no. By default, users do not have to change their their passwords (no)
-mustchpwd {yes | no}: pecifies whether users must change their passwords when they next log on. The available values are yes and no. By default, users do not have to change their passwords (no).
-pwdneverexpires {yes | no}: Specifies whether the user password never expires. The available values are yes and no. By default, user passwords expire (no).
-disabled {yes | no}: Specifies whether dsadd disables the user account for log on. The available values are yes or no. By default, the user account is disabled for log on (Yes).
-acctexpires <NumberOfDays> : Specifies the number of days from today that the user account will expire. A value of 0 sets expiration at the end of today. A positive value sets expiration in the future. A negative value sets expiration in the past. The value never sets the account to never expire. For example, a value of 0 implies that the account expires at the end of today. A value of -5 implies that the account has already expired 5 days ago and sets an expiration date in the past. A value of 5 sets the account expiration date for 5 days in the future.
-disabled {yes | no}: Specifies whether dsadd disables the user account for log on. The available values are yes or no. By default, the user account is disabled for log on (Yes).
-acctexpires <NumberOfDays> : Specifies the number of days from today that the user account will expire. A value of 0 sets expiration at the end of today. A positive value sets expiration in the future. A negative value sets expiration in the past. The value never sets the account to never expire. For example, a value of 0 implies that the account expires at the end of today. A value of -5 implies that the account has already expired 5 days ago and sets an expiration date in the past. A value of 5 sets the account expiration date for 5 days in the future.
Here User id named "stevejobs" created with password and Enabled.
Example 3.To create the same account, with a set it to never expire, and make it a member of the sales group in the same OU,
Cmd:dsadd user "cn=johnsmith,ou=sales,dc=testdomain,dc=com" -disabled no -pwd
A1c2b3d4 -mustchpwd yes -memberof "cn=accounting, ou=sales, dc=testdomain, dc=com" -acctexpires never
- DSad ou:
Adds a single organizational unit (OU) to the directory.
Example 1. To create an organizational unit (OU) named "sales" in the testdomain.com,
Cmd: dsadd ou "ou=sales,dc=testdomain,dc=com"
- Dsadd Group:
Adds a single group to the directory.
Example 1. Create a group account named Sales in the default Users container of testdomain.com.
Cmd: dsadd group "cn=Sales,cn=users,dc=testdomain,dc=com"
Example 2.To create a universal group named accounting in an organizational unit (OU) named Sales in a domain named testdomain.com.
Cmd: dsadd group "cn=accounting,ou=sales,dc=testdomain,dc=com" -scope u
- Dsadd contact:
Adds a single contact to the directory.
Example 1.To create a contact named MikeDan in the default Users container of testdomain.com,
Cmd: dsadd contact "cn=mikedan,cn=users,dc=testdomain,dc=com"
Dsmod:
Modifies an existing object of a specific type in the directory.
- Dsmod Contact:
Modifies attributes of one or more existing contacts in the directory.
Example 1:To set the company information of multiple contacts,
Cmd:dsmod contact "cn=suneesh,cn=users,dc=testdomain,dc=com" "cn=mikedan,
cn=users,dc=testdomain,dc=com" -office Bangalore
- Dsmod Computer:
Modifies attributes of one or more existing computers in the directory.
Example 1.To disable multiple computer accounts,
Cmd: dsmod computer "cn="MemberServer1,cn=computers,dc=testdomain,dc=com" "cn=MemberServer2,cn=computers,dc=testdomain,dc=com" -disabled yes
- Dsmod User:
Modifies attributes of one or more existing users in the directory.
Example 1. To reset the password for "Antony" and force him to change his password when he next logs on to the network.
Cmd: dsmod user "cn=antony,ou=sales,dc=testdomain,dc=com" -pwd A1c2b3d4 -mustchpwd yes
Example 2. To reset multiple user passwords to a common password and force users to change their passwords when they next log on to the network.
Cmd:dsmod user "cn=antony,ou=sales,dc=testdomain,dc=com" "cn=johnsmith,
ou=sales,dc=testdomain,dc=com" -pwd a1b6c7d9 -mustchpwd yes
- Dsmod Group:
Modifies attributes of one or more existing groups in the directory.
Example 1. To add the user Mike Danseglio to all administrator distribution list groups.
Cmd: dsquery group "OU=Distribution Lists,DC=contoso,DC=com" -name adm* | dsmod group -addmbr "CN=Mike Danseglio,CN=Users,DC=contoso,DC=com"
Example 2. To add all members of the US Info group to the Canada Info group.
Cmd: dsget group "CN=US INFO,OU=Distribution Lists,DC=contoso,DC=com" -members | dsmod group "CN=CANADA INFO,OU=Distribution Lists,DC= contoso,DC=com" -addmbr
{-addmbr | -rmmbr | -chmbr} <MemberDN> : Specifies to add members to, remove them from, or replace them in a group. MemberDN specifies the members that the operation affects. You can specify only one of these parameters in any command invocation.
{-addmbr | -rmmbr | -chmbr} <MemberDN> : Specifies to add members to, remove them from, or replace them in a group. MemberDN specifies the members that the operation affects. You can specify only one of these parameters in any command invocation.
MemberDN specifies the distinguished names of one or more members for AD DS to add to, delete from, or replace in the group that GroupDNspecifies. You must give each member a distinguished name, for example, CN=Mike Danseglio,OU=Users,DC=Contoso,DC=Com. The list of members must follow the -addmbr, -rmmbr, and -chmbr parameters. If values are omitted, they are obtained through standard input (stdin) to support piping of output from another command to input of this command. If you use GroupDN and MemberDN together, thendsmod takes only one parameter from stdin, which requires you to specify at least one parameter at the command prompt.
Example 3. To add all users from the Marketing organizational unit (OU) to the existing group Marketing Staff.
Cmd: dsquery user OU=Marketing,DC=Contoso,DC=Com | dsmod group "CN=Marketing Staff,OU=Marketing,DC=Contoso,DC=Com" -addmbr
Dsquery: Queries the directory by using search criteria that you specify. Each of the dsquery commands finds objects of a specific object type, with the exception ofdsquery *, which can query for any type of object
Example 1. - To find all users in the default Users folder with DSQuery.
Cmd:dsquery user domainroot
Example 2. To find all users whose name begins with a*
Cmd: dsquery user domainroot -name a*
Example 3. To filter the output with -o rdn
Cmd: dsquery user domainroot -name a* -o rdn
{-o{dn | rdn |upn |samid}: Specifies the format in which the list of entries found by the search will be displayed. A dn value displays the distinguished name of each entry. An rdn value displays the relative distinguished name of each entry. A upn value displays the user principal name of each entry. A samid value displays the SAM account name of each entry. By default, the dn format is used.
{-o{dn | rdn |upn |samid}: Specifies the format in which the list of entries found by the search will be displayed. A dn value displays the distinguished name of each entry. An rdn value displays the relative distinguished name of each entry. A upn value displays the user principal name of each entry. A samid value displays the SAM account name of each entry. By default, the dn format is used.
Dsrm:
Deletes an object of a specific type or any general object from the directory.
Deletes an object of a specific type or any general object from the directory.
Example 1. To remove an organizational unit (OU) named Marketing and all the objects under that OU.
Cmd: dsrm -subtree -noprompt -c "ou=Marketing,dc=testdomain,dc=com"
Example 2.To remove all objects under an OU named Marketing, but leave the OU intact.
Cmd: dsrm -subtree -exclude -noprompt -c "ou=marketing,dc=testdomain,dc=com"
Dsmove:
Moves a single object, within a domain, from its current location in the directory to a new location, or renames a single object without moving it in the directory tree.
Moves a single object, within a domain, from its current location in the directory to a new location, or renames a single object without moving it in the directory tree.
Example 1. To rename a user object from Johnsmith to smith
Cmd: dsmove "cn=jhonsmith,ou=sales,dc=testdomain,dc=com" -newname "smith"
Example 2.To move the user object for antony from the Sales organization to the Marketing organization.
Cmd:dsmove "cn=antony,ou=sales,dc=testdomain,dc=com" -newparent "ou=marketing,
dc=testdomain,dc=com"
Example 3.To combine the rename and move operations.
Cmd:dsmove "cn=antony,ou=sales,dc=testdomain,dc=com" -newparent "ou=Marketing,
dc=testdomain,dc=com" -newname "Joseph"
No comments:
Post a Comment