Scribd
Upload
25 views5 pages

Active Directory User Management Scripts

The document contains instructions for adding, modifying, querying, moving, and removing users, groups, computers, and organizational units from an Active Directory domain using Windows Server 2003 command line tools like dsadd, dsmod, dsquery, dsmove, and dsrm.

Uploaded by

Nguyen Manh Cuong
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
25 views5 pages

Active Directory User Management Scripts

The document contains instructions for adding, modifying, querying, moving, and removing users, groups, computers, and organizational units from an Active Directory domain using Windows Server 2003 command line tools like dsadd, dsmod, dsquery, dsmove, and dsrm.

Uploaded by

Nguyen Manh Cuong
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd

AddUsers.

bat

dsadd ou “OU=Sales,DC=worldwideimporters,DC=com”
dsadd ou “OU=Marketing and Finance,DC=worldwideimporters,DC=com”
dsadd user “CN=KimA,OU=Sales,DC=worldwideimporters,DC=com”
dsadd user “CN=SeanA,Ou=Sales,DC=worldwideimporters,DC=com”
dsadd user “CN=NeilC,Ou=Sales,DC=worldwideimporters,DC=com”
dsadd user “CN=AaronC,Ou=Sales,DC=worldwideimporters,DC=com”
dsadd user “CN=AndrewH,Ou=Sales,DC=worldwideimporters,DC=com”
dsadd user “CN=DonH,Ou=Marketing and Finance,DC=worldwideimporters,DC=com”
dsadd user “Cn=GarthF,Ou=Marketing and Finance,DC=worldwideimporters,DC=com”
dsadd user “CN=MarkH,Ou=Marketing and Finance,DC=worldwideimporters,DC=com”
dsadd user “CN=JoB,Ou=Marketing and Finance,DC=worldwideimporters,DC=com”
dsadd user “CN=ScottC,Ou=Marketing and Finance,DC=worldwideimporters,DC=com”
dsadd group “CN=Sales Users,CN=users,DC=worldwideimporters,DC=com” -scope g
dsadd group “CN=Marketing and Finance
Users,CN=users,DC=worldwideimporters,DC=com” -scope g
dsadd group “CN=Sales Data,CN=users,DC=worldwideimporters,DC=com” -scope l
dsadd group “CN=Marketing and Finance
Data,CN=users,DC=worldwideimporters,DC=com” -scope l
dsadd computer “CN=SALESWKSTN1,OU=Sales,DC=worldwideimporters,DC=com”
dsadd computer “CN=SALESWKSTN2,OU=Sales,DC=worldwideimporters,DC=com”
dsadd computer “CN=MAFWKSTN1,OU=Marketing and
Finance,DC=worldwideimporters,DC=com”
dsadd computer “CN=MAFWKSTN2,OU=Marketing and
Finance,DC=worldwideimporters,DC=com”
ModifyMembers.bat

dsmod group “CN=Marketing and Finance


users,CN=users,DC=worldwideimporters,DC=com” -addmbr “CN=KimA,OU=Marketing and
Finance,DC=worldwideimporters,DC=com” “CN=SeanA,OU=Marketing and
Finance,DC=worldwideimporters,DC=com” “CN=AaronC,OU=Marketing and
Finance,DC=worldwideimporters,DC=com”
dsmod user “CN=KimA,OU=Marketing and Finance,DC=worldwideimporters,Dc=com”
“CN=SeanA,OU=Marketing and Finance,DC=worldwideimporters,DC=com”
“CN=AaronC,OU=Marketing and Finance,DC=worldwideimporters,DC=com” -pwd Abcd123
-mustchpwd yes
MoveUsers.bat

dsmove “CN=KimA,OU=Sales,DC=worldwideimporters,DC=com” -newparent


“OU=Marketing and Finance,DC=worldwideimporters,DC=com”
dsmove “CN=AaronC,OU=Sales,DC=worldwideimporters,DC=com” -newparent
“OU=Marketing and Finance,DC=worldwideimporters,DC=com”
dsmove “CN=SeanA,OU=Sales,DC=worldwideimporters,DC=com” -newparent
“OU=Marketing and Finance,DC=worldwideimporters,DC=com”ModifyMembers.bat
QueryUsers.bat

dsget user “CN=KimA,OU=Sales,DC=worldwideimporters,DC=Com” -memberof -expand


>”c:documents and SettingsAll UsersDesktopuserinfo.txt”
dsquery user “OU=Sales,DC=worldwideimporters,DC=com” >>”c:documents and
SettingsAll UsersDesktopuserinfo.txt”
dsquery user “OU=Marketing and Finance,DC=worldwideimporters,DC=com”
>>”c:documents and SettingsAll UsersDesktopuserinfo.txt”
Notepad “c:documents and SettingsAll UsersDesktopuserinfo.txt”
Remove1.bat
dsrm -noprompt -c “cn=KimA,OU=Marketing and
Finance,DC=worldwideimporters,DC=com”
dsrm -noprompt -c “CN=mafwkstn1,OU=Marketing and
Finance,DC=worldwideimporters,DC=com”
dsrm -noprompt -c “CN=Marketing and Finance
Users,CN=Users,DC=worldwideimporters,DC=com”
dsrm -subtree -noprompt -c “OU=Marketing and
Finance,DC=worldwideimporters,DC=com”
RemoveAll.bat

dsrm -subtree -noprompt -c “OU=Sales,DC=worldwideimporters,DC=com”


dsrm -noprompt -c “CN=Marketing and Finance
Data,CN=Users,DC=worldwideimporters,DC=com”
dsrm -noprompt -c “CN=Sales Users,CN=Users,DC=worldwideimporters,DC=com”
dsrm -noprompt -c “CN=Sales data,CN=Users,DC=worldwideimporters,DC=com”

Windows Server 2003's directory service command-line tools

****************************************************************************

Command ------------------------------- Description


Dsadd computer
Dsadd contact
Dsadd group ..............................Adds objects to the directory
Dsadd ou
Dsadd quota
Dsadd user

Dsget computer
Dsget contact
Dsget group
Dsget ou
Dsget partition
Dsget quota .............................. Displays properties of objects in the directory
Dsget server
Dsget site
Dsget subnet
Dsget user

Dsmod computer
Dsmod contact
Dsmod group
Dsmod ou .............................. Modifies select attributes of an existing object in
the directory
Dsmod partition
Dsmod quota
Dsmod server
Dsmod user

Dsquery *
Dsquery computer
Dsquery contact
Dsquery group
Dsquery ou
Dsquery partition
Dsquery quota ..............................Finds objects in the directory that match a
specified search criteria
Dsquery server
Dsquery site
Dsquery subnet
Dsquery user

Dsmove .......................Moves any object from its current location to a new parent
location or renames any object without moving it

Dsrm ....................... Removes an object, the complete subtree under an object in


the directory, or both

****************************************************************************

LDAP attribute tag ------------------ Description


CN= .............................................Common name
.....................................................The name given to the object at creation
OU=................................................Organizational unit
....................................................The name of the container
DC=................................................Domain component
......................................................The name of the domain

dsquery ou dc=abc,dc=com
This command will produce a listing of all OUs

dsquery user cn=users,dc=abc,dc.com


It is going to show all the users in the users container.

dsquery servers -hasfsmo schema or (rid, name, infr and pdc.)


It is going to show which server(s) has the schema role
*****************************************

dsadd ou "ou=northwest, dc=abc, dc=com"


This command tells Active Directory to create an OU called northwest

dsadd user "cn=calvin jay, ou=northwest, dc=abc, dc=com"


This command will create an user named calvin jay in northwest OU

*****************************************

dsquery server -domain abc.com | dsget server -dnsname –site


Finds all domain controllers for domain abc.com and display their DNS host name
and site name

dsget user "CN=Mike Jay,CN=users,dc=abc,dc=com"-memberof –expand


Shows the list of groups, recursively expanded, to which a given user belongs

*****************************************

dsmod computer CN=Server1,CN=Computers,DC=abc,DC=Com -disabled yes


To disable computer account

dsmod user "CN=Don Jay,CN=Users,DC=abc,DC=Com" -pwd A1b2c3d4 -


mustchpwd yes
To reset password and force him to change his password the next time he logs
on to the network

*****************************************

dsmove "CN=Kim love,OU=Sales,DC=abc,DC=Com" -newname "Kim Falls"


Renames a user object from Kim Love to Kim Falls

dsmove "CN=Kim Falls,OU=Sales,DC=abc,DC=Com" -newparent


OU=Marketing,DC=abc,DC=Com
Moves Kim Falls from the Sales organization to the Marketing organization

*****************************************

dsrm -subtree -noprompt -c OU=Marketing,DC=abc,DC=Com


Removes an organizational unit called "Marketing" and all the objects under that
organizational unit

dsrm -subtree -exclude -noprompt -c "OU=Marketing,DC=abc,DC=Com"


Removes all objects under the organizational unit called "Marketing," but leaves
the organizational unit intact

Xem password user da expire chua

net user %USERNAME% /domain


net group “Groupname” /domain

Search-ADAccount -PasswordNeverExpires | FT Name,ObjectClass -A

You might also like