:: infotechGuyz.

com ::
> For IT community by IT community

Windows Server 2008

Exchange 2007
Active Directory Commands

Exchange 2010
How to Manage Active Directory from command line

> How to add new objects to Active Directory from command line
Lync 2010
> How to delete Active Directory objects from command line
Scripting / Command-line > How to display Active Directory objects properties from command line
> How to modify Active Directory objects properties from command line
VMware
> How to move Active Directory objects from command line
BlackBerry Server (BES) > How to search Active Directory from command line
> How to manage Group Policy from command line
Windows 7
How to add new objects to Active Directory from command line
Excel Macro / VBA
H:\>dsadd /?
Description: This tool's commands add specific types of objects to the
Manage Microsoft
Windows directory. The dsadd commands:
Streamline Windows
Administration and dsadd computer - adds a computer to the directory.
Management. Free dsadd contact - adds a contact to the directory.
30-day Trial
www.systemtools.com
dsadd group - adds a group to the directory.

Cisco UCS C-Series dsadd ou - adds an organizational unit to the directory.

Server dsadd user - adds a user to the directory.
Reduce Operating dsadd quota - adds a quota specification to a directory partition.
Costs by 30%. Find
out more & Win
For help on a specific command, type "dsadd <ObjectType> /?" where
Digital Camera!
www.Cisco.com/IN <ObjectType> is one of the supported object types shown above.
Sign Up For Orkut For example, dsadd ou /?.
Now Remarks:
Join Communities of Commas that are not used as separators in distinguished names must be
Your Interest, Try out
escaped with the backslash ("\") character
Cool Games & Apps
and More! (for example, "CN=Company\, Inc.,CN=Users,DC=microsoft,DC=com").
www.google.com/Orkut Backslashes used in distinguished names must be escaped with a backslash
Windows Client (for example,
TechCenter "CN=Sales\\ Latin America,OU=Distribution Lists,DC=microsoft,DC=com").
Destination for
technical resources How to delete Active Directory objects from command line
Expert guidance to
Windows Client. H:\>dsrm /?
Technet.Microsoft.com/Windows
Description: This command deletes objects from the directory.
Train Your
AffenPinscher
How To Housebreak, Syntax: dsrm <ObjectDN ...> [-noprompt] [-subtree [-exclude]]
Train & Stop An [{-s <Server> | -d <Domain>}] [-u <UserName>]
AffenPinscher From [-p {<Password> | *}] [-c] [-q] [{-uc | -uco | -uci}]
Barking
AffenPinscher.TrainPetDog.com
Parameters:
InfotechGuyz.com Blog Value Description
<ObjectDN ...> Required/stdin. List of one or more
distinguished names (DNs) of objects to delete.
If this parameter is omitted it is
taken from standard input (stdin).
-noprompt Silent mode: do not prompt for delete confirmation.
-subtree [-exclude] Delete object and all objects in the subtree under it.
-exclude excludes the object itself
when deleting its subtree.
{-s <Server> | -d <Domain>}
-s <Server> connects to the domain controller (DC) with
name <Server>.
-d <Domain> connects to a DC in domain <Domain>.
Default: a DC in the logon domain.
-u <UserName> Connect as <UserName>. Default: the logged in user.

http://www.infotechguyz.com/cmd/activedirectorycommandline.html
 User name can be: user name, domain\user name,
or user principal name (UPN).
-p {<Password> | *}
Password for the user <UserName>. If * is used,
then the command prompts you for the password.
-c Continuous operation mode: report errors but continue
with next object in argument list when multiple
target objects are specified.
Without this option, command exits on first error.
-q Quiet mode: suppress all output to standard output.
{-uc | -uco | -uci} -uc Specifies that input from or output to pipe is
formatted in Unicode.
-uco Specifies that output to pipe or file is
formatted in Unicode.
-uci Specifies that input from pipe or file is
formatted in Unicode.

Remarks:
If a value that you supply contains spaces, use quotation marks
around the text (for example, "CN=John Smith,CN=Users,DC=microsoft,DC=com").
If you enter multiple values, the values must be separated by spaces
(for example, a list of distinguished names).

Commas that are not used as separators in distinguished names must be

escaped with the backslash ("\") character
(for example, "CN=Company\, Inc.,CN=Users,DC=microsoft,DC=com").
Backslashes used in distinguished names must be escaped with a backslash
(for example,
"CN=Sales\\ Latin America,OU=Distribution Lists,DC=microsoft,DC=com").

Examples:
To remove an organizational unit (OU) called "Marketing" and all the objects
under that OU, use the following command:

dsrm -subtree -noprompt -c ou=Marketing,dc=microsoft,dc=com

To remove all objects under the OU called "Marketing" but leave

the OU intact, use the following command with the -exclude parameter:

dsrm -subtree -exclude -noprompt -c "ou=Marketing,dc=microsoft,dc=com"

How to display Active Directory objects properties from command line

H:\>dsget /?
Description: This tool's commands display the selected properties
of a specific object in the directory. The dsget commands:

dsget computer - displays properties of computers in the directory.

dsget contact - displays properties of contacts in the directory.
dsget subnet - displays properties of subnets in the directory.
dsget group - displays properties of groups in the directory.
dsget ou - displays properties of ou's in the directory.
dsget server - displays properties of servers in the directory.
dsget site - displays properties of sites in the directory.
dsget user - displays properties of users in the directory.
dsget quota - displays properties of quotas in the directory.
dsget partition - displays properties of partitions in the directory.

To display an arbitrary set of attributes of any given object in the

directory use the dsquery * command (see examples below).

For help on a specific command, type "dsget <ObjectType> /?" where

<ObjectType> is one of the supported object types shown above.
For example, dsget ou /?.

http://www.infotechguyz.com/cmd/activedirectorycommandline.html
 Remarks:
The dsget commands help you to view the properties of a specific object in
the directory: the input to dsget is an object and the output is a list of
properties for that object. To find all objects that meet a given search
criterion, use the dsquery commands (dsquery /?).

The dsget commands support piping of input to allow you to pipe results from
the dsquery commands as input to the dsget commands and display detailed
information on the objects found by the dsquery commands.

Commas that are not used as separators in distinguished names must be

escaped with the backslash ("\") character
(for example, "CN=Company\, Inc.,CN=Users,DC=microsoft,DC=com").
Backslashes used in distinguished names must be escaped with a backslash (for
example, "CN=Sales\\ Latin America,OU=Distribution Lists,DC=microsoft,
DC=com").

How to modify Active Directory objects properties from command line

H:\>dsmod /?
Description: This dsmod command modifies existing objects in the directory.
The dsmod commands include:

dsmod computer - modifies an existing computer in the directory.

dsmod contact - modifies an existing contact in the directory.
dsmod group - modifies an existing group in the directory.
dsmod ou - modifies an existing organizational unit in the directory.
dsmod server - modifies an existing domain controller in the directory.
dsmod user - modifies an existing user in the directory.
dsmod quota - modifies an existing quota specification in the directory.
dsmod partition - modifies an existing quota specification in the directory.

For help on a specific command, type "dsmod <ObjectType> /?" where

<ObjectType> is one of the supported object types shown above.
For example, dsmod ou /?.

Remarks:
The dsmod commands support piping of input to allow you to pipe results from
the dsquery commands as input to the dsmod commands and modify the objects
found by the dsquery commands.

Commas that are not used as separators in distinguished names must be

escaped with the backslash ("\") character
(for example, "CN=Company\, Inc.,CN=Users,DC=microsoft,DC=com").
Backslashes used in distinguished names must be escaped with a backslash
(for example,
"CN=Sales\\ Latin America,OU=Distribution Lists,DC=microsoft,DC=com").

Examples:
To find all users in the organizational unit (OU)
"ou=Marketing,dc=microsoft,dc=com" and add them to the Marketing Staff group:

dsquery user ûstartnode "ou=Marketing,dc=microsoft,dc=com" |

dsmod group "cn=Marketing Staff,ou=Marketing,dc=microsoft,dc=com" –addmbr

How to move Active Directory objects from command line

H:\>dsmove /?
Description: This command moves or renames an object within the directory.

Syntax: dsmove <ObjectDN>

[-newparent <ParentDN>]
[-newname <NewName>]
[{-s <Server> | -d <Domain>}]
[-u <UserName>]

http://www.infotechguyz.com/cmd/activedirectorycommandline.html
 [-p {<Password> | *}]
[-q]
[{-uc | -uco | -uci}]

Parameters:

Value Description
<ObjectDN> Required/stdin. Distinguished name (DN)
of object to move or rename.
If this parameter is omitted it
will be taken from standard input (stdin).
-newparent <ParentDN> DN of the new parent location to which object
should be moved.
-newname <NewName> New relative distinguished name (RDN) value
to which object should be renamed.
{-s <Server> | -d <Domain>}
-s <Server> connects to the domain controller (DC)
with name <Server>.
-d <Domain> connects to a DC in domain <Domain>.
Default: a DC in the logon domain.
-u <UserName> Connect as <UserName>. Default: the logged in user.
User name can be: user name, domain\user name,
or user principal name (UPN).
-p <Password> Password for the user <UserName>.
If * is used, then the command prompts for a
password.
-q Quiet mode: suppress all output to standard output.
{-uc | -uco | -uci} -uc Specifies that input from or output to pipe is
formatted in Unicode.
-uco Specifies that output to pipe or file is
formatted in Unicode.
-uci Specifies that input from pipe or file is
formatted in Unicode.

Remarks:
If a value that you supply contains spaces, use quotation marks
around the text (for example, "CN=John Smith,CN=Users,DC=microsoft,DC=com").
If you enter multiple values, the values must be separated by spaces
(for example, a list of distinguished names).

Commas that are not used as separators in distinguished names must be

escaped with the backslash ("\") character
(for example, "CN=Company\, Inc.,CN=Users,DC=microsoft,DC=com").
Backslashes used in distinguished names must be escaped with a backslash
(for example,
"CN=Sales\\ Latin America,OU=Distribution Lists,DC=microsoft,DC=com").

Examples:
The user object for the user Jane Doe can be renamed to Jane Jones
with the following command:

dsmove "cn=Jane Doe,ou=sales,dc=microsoft,dc=com" -newname "Jane Jones"

The same user can be moved from the Sales organization to the Marketing
organization with the following command:

dsmove "cn=Jane Doe,ou=sales,dc=microsoft,dc=com"

-newparent ou=Marketing,dc=microsoft,dc=com

The rename and move operations for the user can be combined with the
following command:

dsmove "cn=Jane Doe,ou=sales,dc=microsoft,dc=com"

-newparent ou=Marketing,dc=microsoft,dc=com -newname "Jane Jones"

http://www.infotechguyz.com/cmd/activedirectorycommandline.html
 How to search Active Directory from command line

H:\>dsquery /?
Description: This tool's commands suite allow you to query the directory
according to specified criteria. Each of the following dsquery commands finds
objects of a specific object type, with the exception of dsquery *, which can
query for any type of object:

dsquery computer - finds computers in the directory.

dsquery contact - finds contacts in the directory.
dsquery subnet - finds subnets in the directory.
dsquery group - finds groups in the directory.
dsquery ou - finds organizational units in the directory.
dsquery site - finds sites in the directory.
dsquery server - finds domain controllers in the directory.
dsquery user - finds users in the directory.
dsquery quota - finds quota specifications in the directory.
dsquery partition - finds partitions in the directory.
dsquery * - finds any object in the directory by using a generic LDAP query.

For help on a specific command, type "dsquery <ObjectType> /?" where

<ObjectType> is one of the supported object types shown above.
For example, dsquery ou /?.

Remarks:
The dsquery commands help you find objects in the directory that match
a specified search criterion: the input to dsquery is a search criterion
and the output is a list of objects matching the search. To get the
properties of a specific object, use the dsget commands (dsget /?).

The results from a dsquery command can be piped as input to one of the other
directory service command-line tools, such as dsmod, dsget, dsrm or dsmove.

Commas that are not used as separators in distinguished names must be

escaped with the backslash ("\") character
(for example, "CN=Company\, Inc.,CN=Users,DC=microsoft,DC=com"). Backslashes
used in distinguished names must be escaped with a backslash (for example,
"CN=Sales\\ Latin America,OU=Distribution Lists,DC=microsoft,DC=com").

Examples:
To find all computers that have been inactive for the last four weeks and
remove them from the directory:

dsquery computer -inactive 4 | dsrm

To find all users in the organizational unit

"ou=Marketing,dc=microsoft,dc=com" and add them to the Marketing Staff group:

dsquery user ou=Marketing,dc=microsoft,dc=com | dsmod group

"cn=Marketing Staff,ou=Marketing,dc=microsoft,dc=com" -addmbr

To find all users with names starting with "John" and display his office
number:

dsquery user -name John* | dsget user -office

To display an arbitrary set of attributes of any given object in the

directory use the dsquery * command. For example, to display the
sAMAccountName, userPrincipalName and department attributes of the object
whose DN is ou=Test,dc=microsoft,dc=com:

dsquery * ou=Test,dc=microsoft,dc=com -scope base

http://www.infotechguyz.com/cmd/activedirectorycommandline.html
 -attr sAMAccountName userPrincipalName department

To read all attributes of the object whose DN is ou=Test,dc=microsoft,dc=com:

dsquery * ou=Test,dc=microsoft,dc=com -scope base -attr *

How to manage Group Policy from command line

H:\>gpupdate /?
Microsoftr Windowsr Operating System Group Policy Refresh Utility v5.1
c Microsoft Corporation. All rights reserved.

Description: Refreshes Group Policies settings.

Syntax: GPUpdate [/Target:{Computer | User}] [/Force] [/Wait:<value>]

[/Logoff] [/Boot] [/Sync]

Parameters:

Value Description
/Target:{Computer | User} Specifies that only User or only Computer
policy settings are refreshed. By default,
both User and Computer policy settings are
refreshed.

/Force Reapplies all policy settings. By default,

only policy settings that have changed are
applied.

/Wait:{value} Sets the number of seconds to wait for policy

processing to finish. The default is 600
seconds. The value '0' means not to wait.
The value '-1' means to wait indefinitely.
When the time limit is exceeded, the command
prompt returns, but policy processing
continues.

/Logoff Causes a logoff after the Group Policy settings

have been refreshed. This is required for
those Group Policy client-side extensions
that do not process policy on a background
refresh cycle but do process policy when a
user logs on. Examples include user-targeted
Software Installation and Folder Redirection.
This option has no effect if there are no
extensions called that require a logoff.

/Boot Causes a reboot after the Group Policy settings

are refreshed. This is required for those
Group Policy client-side extensions that do
not process policy on a background refresh cycle
but do process policy at computer startup.
Examples include computer-targeted Software
Installation. This option has no effect if
there are no extensions called that require
a reboot.

/Sync Causes the next foreground policy application to

be done synchronously. Foreground policy
applications occur at computer boot and user
logon. You can specify this for the user,
computer or both using the /Target parameter.
The /Force and /Wait parameters will be ignored
if specified.

http://www.infotechguyz.com/cmd/activedirectorycommandline.html
http://www.infotechguyz.com/cmd/activedirectorycommandline.html