Future4Tech

DSADD.exe – Windows CMD Command

by

Add active directory object 

Syntax
   DSADD Computer
   DSADD Contact 
   DSADD Group
   DSADD OU
   DSADD User
   DSADD Quota

Special characters in distinguished names 

Commas within a CN must be escaped with the backslash \ character
e.g. "CN=Company\, Inc.,CN=Users,DC=F4T,DC=com"

Backslashes must also be escaped with a backslash
for example, "CN=Sales\\ Latin America,OU=Distribution Lists,DC=F4T,DC=com"

If any value contains spaces, use quotation marks:
e.g. "CN=John Smith,CN=Users,DC=F4T,DC=com"

Redirection
You can pipe results from DSQUERY into DSMOD in order to modify an object. If the DN contains any commas or backslashes you will need to redirect to a file first and add the escape characters as above.

Special Tokens
The token $username$ (case insensitive) can be used to place the SAM account name.
Entering * as a password will cause DSADD to prompt for the new password.

Adding multiple Objects

For any DS command, you can enter multiple values separated by spaces.
e.g. to add several user accounts at once just supply a list of the distinguished names separated with spaces.
It is also possible to store multiple values in a text file and redirect it into DSADD.

How to organize Active Directory

An example AD layout using the domain name F4T.com, obviously customize that to your own domain.

The general principle is to create as few OU’s as possible, don’t attempt to use AD as a configuration database.

Keep it simple with separate OU's for Users, Groups, Servers, Workstations and the IT department (Admin). Avoid deeply nested OUs and punctuation.

AcmeCo
AcmeCo/Admin        (OU=Admin,OU=AcmeCo,DC=F4T,DC=com)
AcmeCo/Groups       (OU=Groups,OU=AcmeCo,DC=F4T,DC=com)
AcmeCo/Users        (OU=Users,OU=AcmeCo,DC=F4T,DC=com)
AcmeCo/Servers      (OU=Servers,OU=AcmeCo,DC=F4T,DC=com)
AcmeCo/Laptops      (OU=Laptops,OU=AcmeCo,DC=F4T,DC=com)
AcmeCo/Workstations (OU=Workstations,OU=AcmeCo,DC=F4T,DC=com)
AcmeCo/Workstations/Site1
AcmeCo/Workstations/Site2
AcmeCo/Workstations/Site3

PartnerCo           An OU for external contacts
PartnerCo/Users        (OU=Users,OU=PartnerCo,DC=F4T,DC=com)
PartnerCo/Workstations (OU=Workstations,OU=PartnerCo,DC=F4T,DC=com)

If possible store all USER accounts in a single OU. Organizations change and people move around, there is rarely any reason to reflect every such change in Active Directory. One reason for adding additional USER OUs is to allow delegated rights i.e. to allow super users to do password resets.

The default (built-in) Organizational Units (OUs) for Users (CN=Computers, DC=F4T, DC=com) and Computers (CN=Users, DC=F4T, DC=com) will often be used by application installers when creating service accounts.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *