Query Active Directory From the Command Prompt
In this Post I will show you some of the Active Directory command tools which will benefit the administrators to write the bat FILES and scripts.
DSADD: This command is used to add the computers,groups,user,ou's and some other objects in the Active directory using command Prompt.
Dsadd computer
Dsadd contact
Dsadd group
Dsadd ou
Dsadd quota
Dsadd user..............................Adds objects to the directory
Example:
dsadd ou "ou=sales, dc=virmansec, dc=com"
This command tells Active Directory to create an OU called Sales in the Vimansec.com domain.
dsadd user "cn=John doe, ou=sales, dc=virmansec, dc=com"
This command will create an user named John Doe in sales OU.
DSGET:This command is used to display the properties of objects in the directory like users,groups,computers etc.
Dsget computer
Dsget contact
Dsget group
Dsget ou
Dsget partition
Dsget quota Dsget server
Dsget site
Dsget subnet
Dsget user.............................. Displays properties of objects in the directory.
Example:
dsget user "CN=John Doe,CN=users,dc=virmansec,dc=com" -memberof -expand
The above command will show the list of groups, recursively expanded, to which the user John Doe belongs.
DSQUERY: This command finds objects in the directory that match a specified search criteria which includes users,computers,printers etc.
Dsquery computer
Dsquery contact
Dsquery group
Dsquery ou
Dsquery partition
Dsquery quota ..............................Finds objects in the directory that match a specified search criteria
Dsquery server
Dsquery site
Dsquery subnet
Dsquery user
Example:
dsquery ou dc=virmansec,dc=com
This command will produce a listing of all OUs
dsquery user cn=users,dc=virmansec,dc.com
It is going to show all the users in the users container.
dsquery servers -hasfsmo schema or (rid, name, infr and pdc.)
It is going to show which server(s) has the schema role
Combinig dsquery with other commands like dsget
To find all users in an organizational unit (OU) named sales whose name starts with "joh" and to show their descriptions, type:
dsquery user OU=sales,dc=virmansec,dc=com -name joh* | dsget user -desc
DSMOD: This command modifies selected attributes of an existing object in the directory like user,computer,ou's etc
Dsmod computer
Dsmod contact
Dsmod group
Dsmod ou .............................. Modifies select attributes of an existing object in the directory
Dsmod partition
Dsmod quota
Dsmod server
Dsmod user
Example:
dsmod computer CN=Server,CN=Computers,DC=virmansec,DC=Com -disabled yes
To disable computer account
dsmod user "CN=John Doe,CN=Users,DC=Virmansec,DC=Com" -pwd A1b2c3d4 -mustchpwd yes
To reset password and force him to change his password the next time
he logs on to the network
DSMOVE: This command moVes selected object in the directory like user,computer,ou's etc to a different location.
Example:
dsmove "CN=John Doe,OU=sales,DC=virmansec,DC=Com" -newname "John Comb"
Renames a user object from John Doe to John Combs.
dsmove "CN=John Doe,OU=Sales,DC=virmansec,DC=Com" -newparent
OU=Marketing,DC=virmansec,DC=Com
Moves Kim Falls from the Sales organization to the Marketing organization
DSRM: This command removes an object, the complete subtree under an object in the directory, or both.
Example:
dsrm -subtree -noprompt -c OU=Marketing,DC=virmansec,DC=Com
Removes an organizational unit called "Marketing" and all the objects
under that organizational unit
dsrm -subtree -exclude -noprompt -c "OU=Marketing,DC=virmansec,DC=Com"
Removes all objects under the organizational unit called "Marketing,"
but leaves the organizational unit intact.
Home