DS Family of Command Line Tools for Windows 2003/8
DS built-in tools for Windows Server 2003/8
The DS (Directory Service) group of commands are split into two families. In one branch are DSadd, DSmod, DSrm and DSMove and in the other branch are DSQuery and DSGet.
When it comes to choosing a scripting tool for Active Directory objects, you really are spoilt for choice. The the DS family of built-in
command line executables offer alternative strategies to CSVDE, LDIFDE and VBScript.
Let me introduce you to the members of the DS family:
These DS tools have their own command structure which you can split into five parts:
1 2
3
4 5 Tool
object "DN" (as in LDAP distinguished name) -switch value For example: DSadd
user "cn=billy, ou=managers, dc=cp, dc=com" -pwd cX49pQba
This will add a user called Billy to the Managers OU and set the password to cx49Qba
Here are some
of the common DS switches which work with DSadd and DSmod -pwd (password)
-upn (userPrincipalName) -fn (FirstName) -samid (Sam account name).
The best way to learn about this DS family is to logon at a domain controller
and experiment from the command line. I have prepared examples of the two
most common programs.
Try some sample commands for DSadd.
Guy Recommends: Solarwinds' Free Bulk Import Tool
Import users from a spreadsheet. Just provide a list of the
users with their fields in the
top row, and save as .csv file. Then launch this FREE utility and match
your fields with AD's
attributes, click and import the users. Optionally, you can
provide the name of the OU where the new accounts will be born.
There are also two bonus tools in the free download, and all 3 have been approved by Microsoft:
The DSQuery and DSGet remind me of UNIX commands in that they operate at the command line, use powerful verbs, and produce plenty of action. One pre-requisite for getting the most from this DS
family is a working knowledge of LDAP.
If you need to query users or computers from a range of OU's and then return information, for example, office, department manager. Then DSQuery and DSGet would be your tools of choice. Moreover, you
can export the information into a text file.
These DS tools are new in Windows Server 2003/8. My own view is that if
you regularly need to add, or modify a FEW users, groups or computers, then the DS
commands are an alternative to the Active Directory Users and Computers snap-in.
As yet, I have not found a way of using DS commands to bulk import users.
In this respect DS suffers from the same weakness as LDIFDE, there seems to be
no mechanism to use a For.... Next loop. Now if you know different, you
have a bulk import solution for DS, then please let me know.
On my travels, I have found mixed reactions to DS commands, while some say there
are better ways of creating users, others tell me: 'DSmod is great little
utility for a quick change to a user'. If you like command line utilities then you will like the DS family. If you prefer menu driven programs
then stick with Active Directory Users and Computers.
Guy
Recommends: Permissions Analyzer - Free Active Directory Tool
I like the
Permissions Monitor because it enables me to see quickly WHO has permissions
to do WHAT. When you launch this tool it analyzes a users effective NTFS
permissions for a specific file or folder, takes into account network share
access, then displays the results in a nifty desktop dashboard!
Think of all the frustration that this free utility saves when you are
troubleshooting authorization problems for users access to a resource.
Windows Management Instrumentation (WMI) is one of the hidden
treasures of Microsoft operating systems.
Fortunately, Solarwinds
have created the
Free WMI Monitor so that you can actually see and understand these gems of
performance information. Take the guess work out of which
WMI counters to use for applications like Microsoft Active Directory,
SQL or Exchange Server.
