Close

Weekly quickTIP

Major Mod Mechanics

GUIs are for whimps; try DSMOD on the command line.

Last time, we used the native AD tool DSADD to create a new Global Group for the Sales team and a user account for our man, John Brown. DSADD can create new AD objects like user accounts, OU’s, and groups, but to update existing groups or add members to those groups you need a new tool. Meet our new friend DSMOD.

Although DSMOD doesn’t support modification of all object class attributes and is limited to updates within the same forest, it’s handy for scripting massive changes to AD objects.

Tech Help—Just An
E-Mail Away

Got a Windows, Exchange or virtualization question or need troubleshooting help? Or maybe you want a better explanation than provided in the manuals? Describe your dilemma in an e-mail to the MCPmag.com editors at mailto:editor@mcpmag.com; the best questions get answered in this column and garner the questioner with a nifty Redmond T-shirt.

When you send your questions, please include your full first and last name, location, certifications (if any) with your message. (If you prefer to remain anonymous, specify this in your message, but submit the requested information for verification purposes.)

Need to add John Brown into that new sales group? Just enter:

dsmod group "cn=Sales,ou=Groups,dc=FirstClassCorp,
dc=com" -addmbr "cn=John Brown,ou=Sales People,dc=FirstClassCorp,
dc=com"

To add multiple members, just separate each member’s distinguished name with a space. If you’d rather remove the members than add them, change the -addmbr switch to an -rmmbr.

DSMOD has some other useful switches for account manipulation. Need to disable a bunch of user accounts in the Sales People OU? List them one by one:

dsmod user "cn={User’s Name},ou=Sales People,dc=FirstClassCorp,
dc=com" "cn={Other User’s Name},ou=Sales People,dc=FirstClassCorp,
dc=com" -disabled yes

How about resetting multiple sales users’ passwords to a known password and requiring them to change their password at the next logon? Yep:

dsmod user "cn={User’s Name},ou=Sales People,dc=FirstClassCorp,
dc=com" "cn={Other User’s Name},ou=Sales People,dc=FirstClassCorp,
dc=com" -mustchpwd yes -pwd N@wPassw8rd

Now just keep telling yourself, "GUI’s are so 2002."

About the Author

Greg is an independent author, speaker, and IT consultant, as well as a Founding Partner with Concentrated Technology. With nearly 15 years in information technology, Greg has developed extensive experience in systems administration, engineering, and architecture specializing in Microsoft OS, remote application, and virtualization technologies.  Greg is a Contributing Editor and columnist for TechNet Magazine, a former columnist for Redmond Magazine and Virtualization Review Magazine, and has authored or contributed to ten books and countless white papers and webcasts. His writing is regularly seen in publications like TechTarget online, e-books from Realtime Publishers, and the UK-based IT EXPERT Magazine.  He has also produced numerous video training series for CBT Nuggets.


Reader Comments:

Sun, Dec 17, 2006 Anonymous Anonymous

u think your pretty smart, dont you

Mon, Dec 11, 2006 Michael McCormick Grafton, WI

Back in the mid-70s I learned Wang DOS to free my self from the shell used by Military Wang Computers. The reason for that was to better understand how the operating system worked and how I could exploit that knowledge to be more effective on my PCs.

It seems that modern Computer users are re-learning that lesson.

The syntex may be more obtuse. It may take a bit longer to manually use a command. ...HOWEVER, one would much more easily learn about OUs etc by using the command line or even batch file (now laughingly called a script). The manual method forces one to think.

Wed, Dec 6, 2006 Troy Denton, TX

True, the directory service tools are awesome, but the example implementation is kinda lame.

Add Your Comment Now:

Your Name:(optional)
Your Email:(optional)
Your Location:(optional)
Comment:
Please type the letters/numbers you see above