Introduction to DSAdd Groups
DSAdd can create the full range of Windows Server 2003/8 Active Directory objects, on this page we will focus on manipulating groups.
- Example 1: Using DSAdd to Create an Organizational Unit
- Example 2: Creating Groups with DSAdd
- Example 3: DSAdd to Control Group Members
- Example 4: MemberOf
- Active Directory Permissions Analyzer
♦
Example 1: Using DSAdd to Create an Organizational Unit
Preparation:
Logon to your domain controller.
Examine the script below. Edit ou= or dc= to reflect YOUR domain.
Run, CMD then copy your script and paste into the command window. Alternatively type it starting with dsadd ou ………
dsadd ou "ou=guyds, dc=cp, dc=com"
Note 1: dsadd ou. This command tells Active Directory which object to create, in this case an OU (not a user).
Note 2: You only really need speech marks if there is a space in any of your names. So ou=guyds, dc=cp, dc=com would work fine, but ou=GUY Space DS, dc=cp, dc=com fails because of the spaces in the GUY Space DS, name. In this second example you must type: "ou=GUY Space DS, dc=cp, dc=com"
Example 2: Creating Groups with DSAdd (Assumes you have completed Example 1)
Creating groups with DSAdd requires more information, and that means more switches. When you create a group, ask yourself, "Will the group be Global, or Domain Local? Is the group for distribution or security".
-scope g Global group
-scope L Domain Local group (Could also be -scope l. Lower case L)
-secgrp yes Security group (not distribution)
dsadd group "cn=L Epson, ou=guyds, dc=cp, dc=com" -secgrp yes -scope L
Note 1: cn=L Epson This is the name of the group. Best practices suggests that we begin the group name with L for Local.
Note 2: Try dsadd group /? to double check the syntax for your -switches.
Guy Recommends: SolarWinds’ Free Bulk Import Tool
Import users from a spreadsheet. Just provide a list of the users with their fields in the top row, and save as .csv file. Then launch this FREE utility and match your fields with AD’s attributes, click and import the users.
Optionally, you can provide the name of the OU where the new accounts will be born. Download your FREE bulk import tool.
If you need more comprehensive software, download a free trial of SAM (Server & Application Monitor)
Example 3: DSAdd to Control Group Members
Perhaps one of the most useful DSAdd features is the ability to add a member to a groups as you create the group. Assuming you have already created a user called Elizabeth you would append this to Example 2.
-members "cn=Elizabeth, ou=guyds, dc=cp, dc=com"
If there is a snag, you need to remember to add the members when you create the group otherwise dsadd will not work. However, you could try dsmod to modify or add members to an existing group.
dsadd group "cn=L Oki, ou=guyds, dc=cp, dc=com" -secgrp yes -scope L -members "cn=elizabeth, ou=guyds, dc=cp, dc=com"
Example 4: MemberOf
This is where want to add the group to another group. In practical terms this means nesting, or adding a global group to the membership of a local group.
DS Error Messages
DS has its own family of error messages. I found that the messages are specific and varied, just remember to pay attention to detail. READ ERROR MESSAGES SLOWLY.
If you like this page then please share it with your friends
See more of the DS family of built-in Active Directory utilities
• DSQuery • DSQuery User • DSQuery Group • Free Import CSV Tool
• DSGet – List the properties of an object • DS Commands • WSH – Create a user
• DSMod – Modify Active Directory attributes • DSAdd – Create new accounts
