DSMOD on the command line

The native AD tool DSADD can be used to create objects like user accounts, OUs and groups for example a new Global Group the Sales Team and a user account for John Brown.

To update existing groups or add members to those groups, you need DSMOD. Although DSMOD doesn’t support modification of all object class attributes and is limited to updates within the same forest, it’s handy for scripting massive changes to AD objects.

dsmod group “cn=Sales,ou=Groups,dc=FirstClassCorp,dc=com” -addmbr “cn=John Brown,ou=Sales People,dc=FirstClassCorp,dc=com

To add multiple members, just separate each member’s distinguished name with a space. If you’d rather remove the members than add them, change the -addmbr switch to an -rmmbr.

DSMOD has some other useful switches for account manipulation.

Need to disable a bunch of user accounts in the Sales People OU? List them one by one:

dsmod user “cn={User’s Name},ou=Sales People,dc=FirstClassCorp,dc=com” “cn={Other User’s Name},ou=Sales People,dc=FirstClassCorp,dc=com” -disabled yes

How about resetting multiple sales users’ passwords to a known password and requiring them to change their password at the next logon?

dsmod user “cn={User’s Name},ou=Sales People,dc=FirstClassCorp,dc=com” “cn={Other User’s Name},ou=Sales People,dc=FirstClassCorp,dc=com” -mustchpwd yes -pwd N@wPassw8rd

Source…

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: