Friday, August 9, 2013

Active Directory - Manipulate objects using DS commands

We can manage objects in Active Directory using the Command Line, it’s can help us in many ways (Scripting is the best example) here I will teach you how to do it and how to manage each type of objects, so let’s have some fun!

DSADD User

Here I will give you all the parameters you need when creating new users in Active Directory:
Parameter
Why Using it …?
Dsadd
Use this command for adding objects to your Active Directory
User\OU\
The type of object you want to add
Distinguished Name (DN)
DN uses to specify the full name of object in AD tree , in the example , David is a user in the OU Qa,which is sub-OU of  Israel. Israel located inside Planning.com
Upn
User Principal Name
fn
First Name
Ln
Last Name
pwd
User Password
disabled
Here you can chose if the object will be Enabled \Disabled after creation

Example 1:
Dsadd user “CN=David,OU=Sales,OU=Israel,DC=Planning,DC=com” –upn David@planning.com – fn David –Ln Tzhmach –pwd P@ssw0rd –disabled no
Example 2:
Dsadd ou “OU=newNinjas,OU=Ninjas,OU=Brazil,DC=planning,DC=local”
This command will create new group called “new Ninjas” to the Ninjas OU in Brazil OU.

DSQUERY

We can use this command to get information about OU in our Active Directory , we also can use this tool to get Reports from our Active Directory Tree .
Example 1 :
If we want to get all users in a specific OU we need to type the following :
Dsquery user “OU=Sales,OU=Users,OU=Use,DC=planning,DC=com”
After we type this command this command we will receive all users located in the Sales OU .

Example 2:
If we want to get all users in a specific OU and create a report , we need to type the following :
Dsquery user “OU=Sales,OU=Users,OU=Use,DC=planning,DC=com”  > c:\1 .txt
Note!
·         > is used in many casses to sace outpot to a file , for example we can type IPCONFIG  /all   > c:\ipconfig .txt
Example3 :
If we want to get all objects from the AD  of the “USER ” type , all we need to do :
Dsquery user “DC=planning,DC=com”  > c:\1 .txt
After we receive the list we can open it in Excel shit , after we open it it’s going to look like crump, so to fix this problem all you need to do is to mark the list->Data->Text to columns->Delimited-> and chose COMMA !
All done now you can see the list correctly!

DSADD Group

This is built like the Dsadd command only with little Syntax changes, that helps you define the Group preference .
Keyword
Explanation
Dsadd
Syntax for adding objects in Active Directory
Group
Type of the object in Active Directory
Distinguished Name(DN)
This is the full path of the object in AD tree.
Seegrp(For security group type “YES”)
This is the type of the group Security or Distribution (if we type No we will receive Distribution ’ group)
Scope
Glocal,Domain Local, or Universal

Example:
Dsadd group “CN=Ninjas,OU=Worriors,OU=Cyprus,DC=planning,DC=Local”  - seegrp yes – scope g

dsmode

With the following command we can change existing objects in Active directory ,in the following example we  add existing user to an existing group
Example:

Dsmode group “CN=Ninjas,OU=Worriors,OU=Cyprus,DC=planning,DC=Local”  -addmbr “CN=David Tzhmach,OU=IT,OU=Brazil,DC=planning,DC=Local”
This command will add David Tzhmach from the Brazil OU to the Ninjas group .

Dsrm

With the following command we can remove objects from the Active Directory .
Example:
In the following example we remove the Ninjas group from our Active Directory
Dsrm “CN=ninjas,OU=it,OU=brazil,DC=planning,DC=com”
Note!
After you type this command you will asked to approve this process 


No comments:

Post a Comment

My Presentations