ICT-Hotlist Topic
DSADD ou DSADD group DSADD user
DSMOD ou DSMOD group DSMOD user
DSRM ou DSRM group DSRM user
Published : 2014-01-27.
Last updated : 2020-03-20.
With Windows 2000 the most flexible way to add a bulk of users to the Active
Directory was using VBScript (WSH actually) with the ADSI interface or use expensive third party tools. With the introduction of
Windows 2003 a great command line tool was introduced to add Active Directory objects. This tool DSADD can add OU's, groups,
users and computers to an Active Directory tree.
Supported versions:
- Windows Server 2003 (r2),
- Windows Server 2008 (r2),
- Windows Server 2012(r2),
- Windows Server 2016,
- Windows Server 2019,
- Windows Server 2022
Use these samples to build the following Active Directory structure:
Directory structure build by the examples.
Add an Active Directory Organizational Unit.
Adding an Organizational Unit "OU-Development" with description
to the domain "van_soest.it" use:
dsadd ou "OU=OU-Development, DC=van_soest, DC=it" -desc "Organizational unit for Development
groups"
Warning: A Windows domain name can not contain an underscore "_"
according to these
standards. The underscore is used in these examples as a
spam counter measure.
Add an Active Directory Group.
Adding a group "Gsg-Development"
with a description to the "OU-Development" container can be done by:
dsadd group "cn=Gsg-Development, OU=OU-Development, DC=van_soest, DC=it" -desc "Software development
department" Default it creates a global security group (Gsg)
Add an Active Directory User.
Adding an User to the "Users"
container with the following properties:
- First name = "Johan"
- Last name = "Soest van"
- Login Name = "Johanvs"
- Description = "Johan van Soest"
- Password = "V3ry S3cr3t!"
- Title = "Job Title"
- Department ="ICT-department"
- Company name = "van_soest.it"
- E-mail = johan@van_soest.it
- Home drive = "G:\"
- Home Directory = "\\dc1\$username$"
can be done by:
dsadd user "cn=Johan van Soest, cn=Users, DC=van_soest, DC=it" -upn "johanvs@van_soest.it" -samid
"johanvs" -desc "Johan van Soest" -pwd " V3ry S3cr3t!"" -fn "Johan" -ln "Soest
van" -display "Johan van Soest" -title "Job Title" -dept "ICT-department" -company
"van_soest.it" -email "johan@van_soest.it" -hmdrv G: -hmdir "\\dc1\$username$"
Hidden user folder
A hidden folder can not be added by using the $username$ variable. Use the actual user name instead.
So for a hidden share the statement becomes:
dsadd user "cn=Johan van Soest, cn=Users, DC=van_soest, DC=it" -upn "johanvs@van_soest.it" -samid
"johanvs" -desc "Johan van Soest" -pwd " V3ry S3cr3t!"" -fn "Johan" -ln "Soest
van" -display "Johan van Soest" -title "Job Title" -dept "ICT-department" -company
"van_soest.it" -email "johan@van_soest.it" -hmdrv G:
-hmdir "\\dc1\johanvs$"
Active Directory Group Membership
You may also set group membership of a user by adding the tag
-memberof followed by multiple group distinguished names separated by spaces:
dsadd user "cn=Johan van Soest, cn=Users, DC=van_soest, DC=it" -upn "johanvs@van_soest.it" -samid
"johanvs" -desc "Johan van Soest" -pwd " V3ry S3cr3t!"" -fn "Johan" -ln "Soest
van" -display "Johan van Soest" -title "Job Title" -dept "ICT-department" -company
"van_soest.it" -email "johan@van_soest.it" -hmdrv G: -hmdir "\\dc1\johanvs$"
-memberof "cn=Gsg-Development, OU=OU-Development, DC=van_soest, DC=it"
Add an Active Directory User to an Active Directory Group.
To add an user "Johan van Soest" to the group "Gsg-Development"
after the creation of both, you can use:
dsmod group "cn=Gsg-Development, OU=OU-Development, DC=van_soest, DC=it"
-addmbr "cn=Johan van Soest, cn=Users, DC=van_soest, DC=it"
To see more possibilities about these commands, use the following:
dsadd ou /?
dsadd group /?
dsadd user /?
dsget group /?
dsget user /?
dsmod ou /?
dsmod group /?
dsmod user /?
Example of a dsget command to get all the users of a group sorted.
dsget group "cn=Gsg-Development, OU=OU-Development, DC=van_soest, DC=it" -members | sort
The same command used to show all the domain users in NotePad (Notice the Active Directory container Users is not an OU)
dsget group "cn=Domain Users,cn=Users,dc=van_soest,dc=it" -members | sort >> DomainUsers.txt && NotePad DomainUsers.txt
Removing an Active Directory object.
An object and all the nodes below can be removed with the
dsrm command. To see all the possible options type:
dsrm /?
Changes : 2014 During testing on Windows 2012 r2 server noticed some HTML conversion errors in the DSADD/DSMOD commando's and added DSGET example.
Now you can find an article about the PowerShell equivalents here.
Scripts and programming examples disclaimer
Unless stated otherwise, the script sources and programming examples provided are copyrighted freeware.
You may modify them, as long as a reference to the original code and hyperlink to the source page is included in the modified code and documentation.
However, it is not allowed to publish (copies of) scripts and programming examples on your own site, blog, vlog, or distribute them on paper or any other medium, without prior written consent.
Many of the techniques used in these scripts, including but not limited to modifying the registry or system files and settings, impose a risk of rendering the Operating System inoperable and loss of data.
Make sure you have verified full backups and the associated restore software available before running any script or programming example.
Use these scripts and programming examples entirely at your own risk. All liability claims against the author in relation to material or non-material losses caused by the use, misuse or non-use of the information provided, or the use of incorrect or incomplete information, are excluded. All content is subject to change and provided without obligation.
|