DOWNLOAD THE CODE:
Download the Code 38283.zip

The Dsmod Utility
The Dsmod utility modifies existing AD users, computers, groups, OUs, and contacts. For example, you can change a group's membership or scope. Dsmod's OU option isn't as useful as the other options; you can't do much other than to change the description. To reset Jim Bob's password and force him to change it at the next logon, type

dsmod user "CN=James Robert,
  CN=Users,DC=bigtex,DC=net"
  -pwd Uf@tfingeredIt
  -mustchpwd yes

If Jim Bob has just been too much trouble, you can disable his account by typing

dsmod user "CN=James Robert,
  CN=Users,DC=bigtex,DC=net"
  -disabled yes

To reset a computer account, type

dsmod computer CN=JimBobsPC,
  CN=goodolboys,CN=roughnecks,
  DC=bigtex,DC=net -reset

To change the GoodOlBoys group's scope from global to universal, type

dsmod group CN=GoodOlBoys,
  CN=roughnecks,DC=bigtex,
  DC=net -scope u

The Dsmod server command can make the task of creating a Global Catalog (GC) server easier than picking and clicking your way through the Active Directory Sites and Services console, as the following command shows:

dsmod server CN=firstdomcont,
  CN=servers,
  CN=default-first-site-name,
  CN=configuration,DC=bigtex,
  DC=net -isgc yes

Note that the DN of the server you want to make a GC server isn't the name you'd see in the MMC Active Directory Users and Computers console; instead, the name you need to type is the DC's representation in the Configuration naming context. (The Sites portion of the Active Directory Sites and Services console is really a view of the sites container in the Configuration naming context.)

The Dsmove Utility
The Dsmove utility moves an object within a domain. (You must use Movetree, in Support Tools on the Windows 2003 CD-ROM, to move objects between domains.)

Dsmove has two options: -newname and -newparent. You use -newname when you want to rename an object, as in

dsmove CN=sdeuby,CN=users,
  CN=bigtex,CN=com
  -newname "CN=Sean Deuby"

Note that to rename an object, you need to specify in the -newname option only the relative distinguished name (RDN) of the object, not the complete DN. If you wanted to relocate the SDeuby object within the domain to the Roughnecks OU we created earlier, you'd use the -newparent option, as in

dsmove CN=sdeuby,CN=users,
  CN=bigtex,CN=com
  -newparent OU=roughnecks,
  DC=bigtex,DC=net

In this case, you must tell the target object (SDeuby) exactly where to go by specifying the full DN of the destination parent object (the Roughnecks OU in Bigtex.net).

The Dsrm Utility
In contrast to the other Ds utilities, Dsrm is quite simple: It deletes an AD object whose DN you specify. Other than the options for alternate credentials and server connections that all these tools share, Dsrm has only two options. The -subtree option specifies that you want to delete both the object and all objects under it. If you don't use the -subtree option, Dsrm deletes only the object. The -subtree option's -exclude parameter ensures that you keep the target object while deleting everything under it. The -noprompt option stops the utility from asking you to confirm the deletion. For example, the command

dsrm OU=roughnecks,DC=bigtex,
  DC=net -subtree -exclude
  -noprompt

deletes everything in the Roughnecks OU but leaves the OU intact.

The Shutdown Utility
Win2K and Windows NT originally didn't have a command-line utility to shut down the system. To address this omission, the Microsoft Windows 2000 Server Resource Kit added a Shutdown utility to perform some basic shutdown functions such as rebooting, forcing running applications to close, providing a simple GUI, and setting a countdown-to-shutdown timer. This Shutdown utility also has an abort switch (/a) to stop the countdown timer—which can be exciting to try to remember when you have less than 30 seconds before the system shuts down.

In Windows 2003, Shutdown has moved from the resource kit to %windir%\system32. You can now do practically anything related to shutdowns and restarts right from the command line: shut down (/s), restart (/r), power down (/p), hibernate (/h), force-close applications (/f), and abort (/a). You can also use the /l switch to log off without shutting down.

An improved GUI, which Figure 5 shows, lets you shut down multiple computers with one command and specify the reason you're shutting down or restarting the computers. You open the Shutdown GUI by typing

shutdown /i

The new Shutdown Event Tracker tries to collect the reason for every operator-initiated shutdown. If the system has shut down unexpectedly, a reason-collection dialog box pops up the first time an administrator logs on after rebooting the system. The command-line Shutdown also lets you document the shutdown reason by using the /d switch and one of 23 reasons. For example, the command

shutdown /r /t 30 /f
  /d p:02:04 /c:"This is a test
  of the SHUTDOWN
  command line utility"

reboots the computer after 30 seconds, forcing applications to close, leaving a message in the System event log, and specifying the reboot reason as "Operating System: Reconfiguration (planned)". The new Shutdown has a thorough Help file, which you open by clicking Help on the Shutdown GUI.

Prev. page     1 2 [3] 4     next page



You must log on before posting a comment.

If you don't have a username & password, please register now.

Reader Comments

I liked the article and the utilities and tried some of the examples. But nowhere can I find any reference to error messages I might receive, especially with DSADD.

For instance: adding an ou as in your first example of the DSADD utility, dsadd failed, A referrel was returned from the server.

What does this mean? I certainly don't know.

Brian- April 11, 2004

Hallo, I'd like to help Brain. This error appers when ds-commands syntax is incorrect. In this case 1) check DN of your query or 2) try to add quotes to DN. Hope this helps.

Eugene Sarazhinsky- June 18, 2004

I'd like to add users with the DN to be LastName, First. I can't seem to get this work? Also, any way to automatically create the e-mail account at the same time?

MikeWachholz- August 12, 2004

Article Rating 3 out of 5

it's the best page really a boon for me in this hard time thanks to writer

Anonymous User- November 30, 2004

Try Changing CN=users In The DSADD Command To OU=users. That Should Fix The Problem With The Command Returning An Error, Change "users" To Whatever OU You Want To Place The Newly Created User In.

-Schauste

Anonymous User- December 03, 2004

Lets say I have an OU called Admin. Within that OU I created 2 more OU's called users and computers. How would I map to a user in the OU=Admin the user is inside the OU=sales.

Ican get everything to work through just having an Admin OU, but for administration purposes I have added a further 2 OU's within an OU.

How would i use say the dsadd command to put a user in an OU within an OU????

Anonymous User- December 15, 2004

I thought command line utilities were only for Novell and Unix Administrators, and the big advantage to the Windows GUI was you didn't need command line utilities. How about some real integrated tools that do the job of batching and scripting for use, like ZenWorks.

wglabais- January 18, 2005

Article Rating 3 out of 5

With the 2 OUs (Nested), the syntax is to list the lowest OU 1st. i.e in the case of Sales inside Admin, type

DSADD computer "<pcname>,OU=Sales,OU=Admin,cn=<DomainName>,cn=<DomainSuffix>"

Hope this helps. Steve B

Anonymous User- February 27, 2005

Something I was taught on a course recently; "Read it Right to Left"

Pete

Anonymous User- March 13, 2005

Article Rating 4 out of 5

i would like to know when two user use of NAT

how nat underestand the packet that recived,belong to which user?

Anonymous User- June 02, 2005

Article Rating 3 out of 5

good sit

hamedjafari- July 25, 2008

Article Rating 3 out of 5