Administer the ADUC through the command line tools. First up: DSADD

By Greg Shields

Tired of the ADUC — the Active Directory Users & Computers — with all its mouse-moving and clicky-clicky? Among others, Windows Server 2003 adds four native tools that make the administration of “The A-Duck” a whole lot more command-line friendly. The first in our series, DSADD, allows for the generation of Active Directory objects. Need to create a new global group called “Sales” in the Groups OU for the domain? Just enter:

dsadd group “cn=Sales,ou=Groups,dc=FirstClassCorp,dc=com” -secgrp yes -scope g

Note that any time we have spaces in the distinguished name for an object, we have to encapsulate it with quotes. OUs are done similarly. Let’s create a new OU for those pesky sales people:

dsadd ou “ou=Sales People,dc=FirstClassCorp,dc=com”

Now, we’ll create a new user account for the new sales guy, John Brown, in our new Sales OU, give him a new initial password and require him to change it the first time he logs in:

dsadd user “cn=John Brown,ou=Sales People,dc=FirstClassCorp,dc=com” -samid jbrown -fn John -ln Brown -display “John Brown” -pwd N@wPassw8rd -mustchpwd yes

There’s plenty more object-creating ability using DSADD. Just do a DSADD /? at the command prompt to find out more.



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: