DSADD.exe – Windows CMD Command
Notice: A non well formed numeric value encountered in /home/future4tech/public_html/wp-content/plugins/crayon-syntax-highlighter/crayon_formatter.class.php on line 118
Notice: A non well formed numeric value encountered in /home/future4tech/public_html/wp-content/plugins/crayon-syntax-highlighter/crayon_formatter.class.php on line 119
Notice: A non well formed numeric value encountered in /home/future4tech/public_html/wp-content/plugins/crayon-syntax-highlighter/crayon_formatter.class.php on line 118
Notice: A non well formed numeric value encountered in /home/future4tech/public_html/wp-content/plugins/crayon-syntax-highlighter/crayon_formatter.class.php on line 119
Notice: A non well formed numeric value encountered in /home/future4tech/public_html/wp-content/plugins/crayon-syntax-highlighter/crayon_formatter.class.php on line 118
Notice: A non well formed numeric value encountered in /home/future4tech/public_html/wp-content/plugins/crayon-syntax-highlighter/crayon_formatter.class.php on line 119
Add active directory object
1 2 3 4 5 6 7 |
Syntax DSADD Computer DSADD Contact DSADD Group DSADD OU DSADD User DSADD Quota |
Special characters in distinguished names
1 2 3 4 5 6 7 8 |
Commas within a CN must be escaped with the backslash \ character e.g. "CN=Company\, Inc.,CN=Users,DC=F4T,DC=com" Backslashes must also be escaped with a backslash for example, "CN=Sales\\ Latin America,OU=Distribution Lists,DC=F4T,DC=com" If any value contains spaces, use quotation marks: e.g. "CN=John Smith,CN=Users,DC=F4T,DC=com" |
Redirection
You can pipe results from DSQUERY into DSMOD in order to modify an object. If the DN contains any commas or backslashes you will need to redirect to a file first and add the escape characters as above.
Special Tokens
The token $username$ (case insensitive) can be used to place the SAM account name.
Entering * as a password will cause DSADD to prompt for the new password.
Adding multiple Objects
For any DS command, you can enter multiple values separated by spaces.
e.g. to add several user accounts at once just supply a list of the distinguished names separated with spaces.
It is also possible to store multiple values in a text file and redirect it into DSADD.
How to organize Active Directory
An example AD layout using the domain name F4T.com, obviously customize that to your own domain.
The general principle is to create as few OU’s as possible, don’t attempt to use AD as a configuration database.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 |
Keep it simple with separate OU's for Users, Groups, Servers, Workstations and the IT department (Admin). Avoid deeply nested OUs and punctuation. AcmeCo AcmeCo/Admin (OU=Admin,OU=AcmeCo,DC=F4T,DC=com) AcmeCo/Groups (OU=Groups,OU=AcmeCo,DC=F4T,DC=com) AcmeCo/Users (OU=Users,OU=AcmeCo,DC=F4T,DC=com) AcmeCo/Servers (OU=Servers,OU=AcmeCo,DC=F4T,DC=com) AcmeCo/Laptops (OU=Laptops,OU=AcmeCo,DC=F4T,DC=com) AcmeCo/Workstations (OU=Workstations,OU=AcmeCo,DC=F4T,DC=com) AcmeCo/Workstations/Site1 AcmeCo/Workstations/Site2 AcmeCo/Workstations/Site3 PartnerCo An OU for external contacts PartnerCo/Users (OU=Users,OU=PartnerCo,DC=F4T,DC=com) PartnerCo/Workstations (OU=Workstations,OU=PartnerCo,DC=F4T,DC=com) |
If possible store all USER accounts in a single OU. Organizations change and people move around, there is rarely any reason to reflect every such change in Active Directory. One reason for adding additional USER OUs is to allow delegated rights i.e. to allow super users to do password resets.
The default (built-in) Organizational Units (OUs) for Users (CN=Computers, DC=F4T, DC=com) and Computers (CN=Users, DC=F4T, DC=com) will often be used by application installers when creating service accounts.
