This videos looks at 5 Active Directory command lines tools that can be used in scripts to speed up administration in your domain. Using these command line tools, the administrator can add, modify, delete and retrieve information about any object in Active Directory.
This video will look at all the Command line tools shown above. Even thought each command line tool performs a different function, you will start to see that the parameters used in different tools are simpler.
A lot of the commands ask for a parameter called distinguished name. The distinguished name uniquely identifies an object in Active Directory. The same way a full filename and path would identify a file on a hard disk. The Distinguished Name identifies the Active Directory object using the following syntax.
CN Common Name
OU Organizational Unit Name
DC Domain Component
An example of a distinguished name is as follows
The DSAdd command allows objects to be created in Active Directory. The parameter supported by the command are computer, contact, group, OU, user and quota.
DSAdd user “cn=Simth,cn=users,dc=ITFreeTraining,dc=local” –fn John –ln Simth –pwd P@ssw0rd –mustchpwd yes
DSAdd computer “cn=pc1,cn=computers,dc=ITFreeTraining,dc=local”
DSAdd group “cn=GSales,ou=Users,ou=New York,dc=ITFreeTraining,dc=local” –scope g
This command gets information about an object in Active Directory. The command requires the type of object to be retrieve to be given. This can be computer, contact, group, OU, server, user, subnet, site, quote and partition. Following this is the Distinguished Name of the object. After this you need to indicate what information you want to retrieve, for example to retrieve the description for the object you would add -desc
DSGet user “cn=John Doe,ou=Users,ou=New York,dc=ITFreeTraining,dc=local” –fn –ln -email
DSMos allows individual attributes of Active Directory objects to be modified. This command support the following parameters computer, contact, group, OU, server, user, quote and partition.
dsmod user “cn=Simth,cn=users,dc=ITFreeTraining,dc=local” -pwd P@ssw0rd2 -mustchpwd
This command deletes and object in Active Directory. Unlike the other commands, the type of object does not need to be given in the command line. The command support additional parameters like –NoPrompt will remove the prompt asking you to procedure before deleting the object.
dsrm “OU=Testing,dc=ITFreeTraining,dc=local“ –subtree -c
This command queries the Active Directory database for objects. It supports the following parameters computer, contact, group, ou, site, server, user, quote, partition and LDAP queries.
dsquery ou DC=ITFreeTraining,DC=Local
“MCTS 70-640 Configuring Windows Server 2008 Active Directory” pg 88-89