Active Directory Command Line Tools

This videos looks at 5 Active Directory command lines tools that can be used in scripts to speed up administration in your domain. Using these command line tools, the administrator can add, modify, delete and retrieve information about any object in Active Directory.

Show lesson content

DSAdd 0:47

DSGet 04:34

DSMod 05:32

DSRM 06:31

DSQuery 07:43

This video will look at all the Command line tools shown above. Even thought each command line tool performs a different function, you will start to see that the parameters used in different tools are simpler

Distinguished Name
A lot of the commands ask for a parameter called distinguished name. The distinguished name uniquely identifies an object in Active Directory. The same way a full filename and path would identify a file on a hard disk. The Distinguished Name identifies the Active Directory object using the following syntax.

CN Common Name

OU Organizational Unit Name

DC Domain Component

An example of a distinguished name is as follows


The DSAdd command allows objects to be created in Active Directory. The parameter supported by the command are computer, contact, group, OU, user and quota.


DSAdd user “cn=Simth,cn=users,dc=ITFreeTraining,dc=local” –fn John –ln Simth –pwd P@ssw0rd –mustchpwd yes

DSAdd computer “cn=pc1,cn=computers,dc=ITFreeTraining,dc=local”

DSAdd group “cn=GSales,ou=Users,ou=New York,dc=ITFreeTraining,dc=local” –scope g

This command gets information about an object in Active Directory. The command requires the type of object to be retrieve to be given. This can be computer, contact, group, OU, server, user, subnet, site, quote and partition. Following this is the Distinguished Name of the object. After this you need to indicate what information you want to retrieve, for example to retrieve the description for the object you would add -desc

DSGet user “cn=John Doe,ou=Users,ou=New York,dc=ITFreeTraining,dc=local” –fn –ln -email

DSMos allows individual attributes of Active Directory objects to be modified. This command support the following parameters computer, contact, group, OU, server, user, quote and partition.

dsmod user “cn=Simth,cn=users,dc=ITFreeTraining,dc=local” -pwd P@ssw0rd2 -mustchpwd

This command deletes and object in Active Directory. Unlike the other commands, the type of object does not need to be given in the command line. The command support additional parameters like –NoPrompt will remove the prompt asking you to procedure before deleting the object.


dsrm “OU=Testing,dc=ITFreeTraining,dc=local“ –subtree -c

This command queries the Active Directory database for objects. It supports the following parameters computer, contact, group, ou, site, server, user, quote, partition and LDAP queries.


dsquery ou DC=ITFreeTraining,DC=Local

“MCTS 70-640 Configuring Windows Server 2008 Active Directory” pg 88-89
DSAdd http://technet.microsoft.com/en-us/library/cc753708
DSGet http://technet.microsoft.com/en-us/library/cc755162
DSMod http://technet.microsoft.com/en-us/library/cc732406
DSRM http://technet.microsoft.com/en-us/library/cc731865
DSQuery http://technet.microsoft.com/en-us/library/cc732952


Lesson tags: 70-640-active-directory
Back to: 70-640 Introduction to Active Directory > Maintaining Active Directory Objects

Active Directory is a system which offers centralized control of your computers.


Active Directory Infrastructure


Group Policy