Useful Commands to use with Active Directory

Create User

dsadd user “CN=Ahmed Mohamed Ali,OU=Temp,OU=Egypt,OU=Common Users,OU=User Accounts,DC=Expert,DC=com,DC=eg” -upn -samid E00001 -display “Ahmed Mohamed Ali” -dept “Heliopolis Branch” -pwd 123456789 -mustchpwd yes -disabled yes -title “Banker” -desc “Banker” -company “Expert EGYPT” -office “Cairo Branch” -fn “Ahmed” -mi “Mohame” -ln “Ali” -memberof “CN=Cairo Staff,OU=Egypt,OU=Groups,DC=Expert,DC=com,DC=eg”



– I would recommend creating the User in a temp empty OU first, and after confirming that everything is OK, you can move them top their desired OU.

– The ‘-mi “xxxxxx”‘ field must NOT exceed 6 characters, that’s by design.


Add Telephone and Mobile info to a User

dsmod user “CN=Ahmed Mohamed Ali,OU=Egypt,OU=Common Users,OU=User Accounts,DC=Expert,DC=com,DC=eg” -tel “0020211111111” -mobile “20101111111”


Create Global Security Group

dsadd group “CN=Finance,OU=egypt,ou=Groups,DC=Expert,DC=com,DC=eg” -samid Finance -secgrp yes -scope G

Add Members to a Group

dsmod group “CN=Finance,OU=egypt,ou=Groups,DC=Expert,DC=com,DC=eg” -addmbr “CN=Ahmed Mohamed Ali,OU=Temp,OU=Egypt,OU=Common Users,OU=User Accounts,DC=Expert,DC=com,DC=eg”

Dump objects details inside an OU to a .CSV file

CSVDE -d “OU=Egypt,OU=Users,DC=Expert,DC=com,DC=eg” -f “C:\Documents and Settings\Administrator\Desktop\Users_Egypt.csv”

Get User Email in a text file, from his SAMID

Create this batch and name it like Useremail.bat

@echo off dsquery user -samid %1 | dsget user -email | Find “@” >usermail.txt

Run it as

Useremail.bat AMohamed

and get the result in usermail.txt

Get The User DN from the SAMID

DSQuery User -samid AMohamed

Change a Domain Account’s Password[1]

Using the following command you reset user DoeJ his password to Pa$$word1!

dsquery user -samid DoeJ | dsmod user -pwd Pa$$word1!

If you use * instead of Pa$$word1!, you will be asked for a password. iIf you are logged on to a domain controller you can also use the net user command, the equivalent command in this case would be:

net user DoeJ Pa$$word1!

You can also use the net user command from your workstation:

net user DoeJ Pa$$word1! /domain

Change the default location of creating Computer objects

By default when you join a PC to the domain, a computer object for that PC will be created in “Computers” OU,

to change this, for example, make the default OU for newly joined PCs to be “CompanyPCs”

C:\WINDOWS\system32>redircmp.exe OU=CompanyPCs,DC=Expert,DC=com,DC=eg

Get Users of a Group

dsget group “CN=GFSAccMaintenanceLegalOfficer,OU=Egypt,OU=Groups,DC=adib,DC=co,DC=ae” -members


Delete User

Dsquery user -samid EXXXX | DSrm -noprompt -c  > c:\log.txt


List Groups and its members


Echo “CN=GROUPNAME,OU=Egypt,OU=Groups,DC=Masry,DC=com,DC=eg” >>LIST.txt & dsget group “CN=GROUPNAME,OU=Egypt,OU=Groups,DC=Masry,DC=com,DC=eg” -members >>LIST.txt


Locked Users Saved Query





