The native AD tool DSADD can be used to create objects like user accounts, OUs and groups for example a new Global Group the Sales Team and a user account for John Brown.
To update existing groups or add members to those groups, you need DSMOD. Although DSMOD doesn’t support modification of all object class attributes and is limited to updates within the same forest, it’s handy for scripting massive changes to AD objects.
dsmod group “cn=Sales,ou=Groups,dc=FirstClassCorp,dc=com” -addmbr “cn=John Brown,ou=Sales People,dc=FirstClassCorp,dc=com“
To add multiple members, just separate each member’s distinguished name with a space. If you’d rather remove the members than add them, change the -addmbr switch to an -rmmbr.
DSMOD has some other useful switches for account manipulation.
Need to disable a bunch of user accounts in the Sales People OU? List them one by one:
dsmod user “cn={User’s Name},ou=Sales People,dc=FirstClassCorp,dc=com” “cn={Other User’s Name},ou=Sales People,dc=FirstClassCorp,dc=com” -disabled yes
How about resetting multiple sales users’ passwords to a known password and requiring them to change their password at the next logon?
dsmod user “cn={User’s Name},ou=Sales People,dc=FirstClassCorp,dc=com” “cn={Other User’s Name},ou=Sales People,dc=FirstClassCorp,dc=com” -mustchpwd yes -pwd N@wPassw8rd
