Useful Commands to use with Active Directory

Create User

dsadd user “CN=Ahmed Mohamed Ali,OU=Temp,OU=Egypt,OU=Common Users,OU=User Accounts,DC=Expert,DC=com,DC=eg” -upn E00001@adib.co.ae -samid E00001 -display “Ahmed Mohamed Ali” -dept “Heliopolis Branch” -pwd 123456789 -mustchpwd yes -disabled yes -title “Banker” -desc “Banker” -company “Expert EGYPT” -office “Cairo Branch” -fn “Ahmed” -mi “Mohame” -ln “Ali” -memberof “CN=Cairo Staff,OU=Egypt,OU=Groups,DC=Expert,DC=com,DC=eg”

 

Note:

– I would recommend creating the User in a temp empty OU first, and after confirming that everything is OK, you can move them top their desired OU.

– The ‘-mi “xxxxxx”‘ field must NOT exceed 6 characters, that’s by design.

 

Add Telephone and Mobile info to a User

dsmod user “CN=Ahmed Mohamed Ali,OU=Egypt,OU=Common Users,OU=User Accounts,DC=Expert,DC=com,DC=eg” -tel “0020211111111” -mobile “20101111111”

 

Create Global Security Group

 
dsadd group “CN=Finance,OU=egypt,ou=Groups,DC=Expert,DC=com,DC=eg” -samid Finance -secgrp yes -scope G
 

Add Members to a Group

dsmod group “CN=Finance,OU=egypt,ou=Groups,DC=Expert,DC=com,DC=eg” -addmbr “CN=Ahmed Mohamed Ali,OU=Temp,OU=Egypt,OU=Common Users,OU=User Accounts,DC=Expert,DC=com,DC=eg”
 

Dump objects details inside an OU to a .CSV file

CSVDE -d “OU=Egypt,OU=Users,DC=Expert,DC=com,DC=eg” -f “C:\Documents and Settings\Administrator\Desktop\Users_Egypt.csv”
 

Get User Email in a text file, from his SAMID

Create this batch and name it like Useremail.bat

@echo off dsquery user -samid %1 | dsget user -email | Find “@” >usermail.txt
 

Run it as

Useremail.bat AMohamed

and get the result in usermail.txt

Get The User DN from the SAMID

DSQuery User -samid AMohamed
 

Change a Domain Account’s Password[1]

Using the following command you reset user DoeJ his password to Pa$$word1!

dsquery user -samid DoeJ | dsmod user -pwd Pa$$word1!

If you use * instead of Pa$$word1!, you will be asked for a password. iIf you are logged on to a domain controller you can also use the net user command, the equivalent command in this case would be:

net user DoeJ Pa$$word1!

You can also use the net user command from your workstation:

net user DoeJ Pa$$word1! /domain

Change the default location of creating Computer objects

By default when you join a PC to the domain, a computer object for that PC will be created in “Computers” OU,

to change this, for example, make the default OU for newly joined PCs to be “CompanyPCs”

C:\WINDOWS\system32>redircmp.exe OU=CompanyPCs,DC=Expert,DC=com,DC=eg

Get Users of a Group

dsget group “CN=GFSAccMaintenanceLegalOfficer,OU=Egypt,OU=Groups,DC=adib,DC=co,DC=ae” -members

 

Delete User

Dsquery user -samid EXXXX | DSrm -noprompt -c  > c:\log.txt

 

List Groups and its members

 

Echo “CN=GROUPNAME,OU=Egypt,OU=Groups,DC=Masry,DC=com,DC=eg” >>LIST.txt & dsget group “CN=GROUPNAME,OU=Egypt,OU=Groups,DC=Masry,DC=com,DC=eg” -members >>LIST.txt

 

Locked Users Saved Query

(&(&(&(objectCategory=Person)(objectClass=User)(lockoutTime>=1))))

 

 

References:

DSADD on TechNet

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s