Friday, August 9, 2013

Active Directory - Manipulate objects using DS commands

We can manage objects in Active Directory using the Command Line, it’s can help us in many ways (Scripting is the best example) here I will teach you how to do it and how to manage each type of objects, so let’s have some fun!


Here I will give you all the parameters you need when creating new users in Active Directory:
Why Using it …?
Use this command for adding objects to your Active Directory
The type of object you want to add
Distinguished Name (DN)
DN uses to specify the full name of object in AD tree , in the example , David is a user in the OU Qa,which is sub-OU of  Israel. Israel located inside
User Principal Name
First Name
Last Name
User Password
Here you can chose if the object will be Enabled \Disabled after creation

Example 1:
Dsadd user “CN=David,OU=Sales,OU=Israel,DC=Planning,DC=com” –upn – fn David –Ln Tzhmach –pwd P@ssw0rd –disabled no
Example 2:
Dsadd ou “OU=newNinjas,OU=Ninjas,OU=Brazil,DC=planning,DC=local”
This command will create new group called “new Ninjas” to the Ninjas OU in Brazil OU.


We can use this command to get information about OU in our Active Directory , we also can use this tool to get Reports from our Active Directory Tree .
Example 1 :
If we want to get all users in a specific OU we need to type the following :
Dsquery user “OU=Sales,OU=Users,OU=Use,DC=planning,DC=com”
After we type this command this command we will receive all users located in the Sales OU .

Example 2:
If we want to get all users in a specific OU and create a report , we need to type the following :
Dsquery user “OU=Sales,OU=Users,OU=Use,DC=planning,DC=com”  > c:\1 .txt
·         > is used in many casses to sace outpot to a file , for example we can type IPCONFIG  /all   > c:\ipconfig .txt
Example3 :
If we want to get all objects from the AD  of the “USER ” type , all we need to do :
Dsquery user “DC=planning,DC=com”  > c:\1 .txt
After we receive the list we can open it in Excel shit , after we open it it’s going to look like crump, so to fix this problem all you need to do is to mark the list->Data->Text to columns->Delimited-> and chose COMMA !
All done now you can see the list correctly!


This is built like the Dsadd command only with little Syntax changes, that helps you define the Group preference .
Syntax for adding objects in Active Directory
Type of the object in Active Directory
Distinguished Name(DN)
This is the full path of the object in AD tree.
Seegrp(For security group type “YES”)
This is the type of the group Security or Distribution (if we type No we will receive Distribution ’ group)
Glocal,Domain Local, or Universal

Dsadd group “CN=Ninjas,OU=Worriors,OU=Cyprus,DC=planning,DC=Local”  - seegrp yes – scope g


With the following command we can change existing objects in Active directory ,in the following example we  add existing user to an existing group

Dsmode group “CN=Ninjas,OU=Worriors,OU=Cyprus,DC=planning,DC=Local”  -addmbr “CN=David Tzhmach,OU=IT,OU=Brazil,DC=planning,DC=Local”
This command will add David Tzhmach from the Brazil OU to the Ninjas group .


With the following command we can remove objects from the Active Directory .
In the following example we remove the Ninjas group from our Active Directory
Dsrm “CN=ninjas,OU=it,OU=brazil,DC=planning,DC=com”
After you type this command you will asked to approve this process 

No comments:

Post a Comment

My Presentations