Weekly quickTIP
Major Mod Mechanics
GUIs are for whimps; try DSMOD on the command line.
- By Greg Shields
- 12/04/2006
Last time, we used the native AD tool DSADD to create a new Global Group for the Sales team and a user account for our man, John Brown. DSADD can create new AD objects like user accounts, OU’s, and groups, but to update existing groups or add members to those groups you need a new tool. Meet our new friend DSMOD.
Although DSMOD doesn’t support modification of all object class attributes and is limited to updates within the same forest, it’s handy for scripting massive changes to AD objects.
Tech Help—Just An
E-Mail Away |
Got a Windows, Exchange or virtualization question
or need troubleshooting help? Or maybe you want a better
explanation than provided in the manuals? Describe
your dilemma in an e-mail to the MCPmag.com editors
at mailto:[email protected];
the best questions get answered in this column and garner
the questioner with a nifty Redmond T-shirt.
When you send your questions, please include your
full first and last name, location, certifications (if
any) with your message. (If you prefer to remain anonymous,
specify this in your message, but submit the requested
information for verification purposes.)
|
|
|
Need to add John Brown into that new sales group? Just enter:
dsmod group "cn=Sales,ou=Groups,dc=FirstClassCorp,
dc=com" -addmbr "cn=John Brown,ou=Sales People,dc=FirstClassCorp,
dc=com"
To add multiple members, just separate each member’s distinguished name with a space. If you’d rather remove the members than add them, change the -addmbr switch to an -rmmbr.
DSMOD has some other useful switches for account manipulation. Need to disable a bunch of user accounts in the Sales People OU? List them one by one:
dsmod user "cn={User’s Name},ou=Sales People,dc=FirstClassCorp,
dc=com" "cn={Other User’s Name},ou=Sales People,dc=FirstClassCorp,
dc=com" -disabled yes
How about resetting multiple sales users’ passwords to a known password and requiring them to change their password at the next logon? Yep:
dsmod user "cn={User’s Name},ou=Sales People,dc=FirstClassCorp,
dc=com" "cn={Other User’s Name},ou=Sales People,dc=FirstClassCorp,
dc=com" -mustchpwd yes -pwd N@wPassw8rd
Now just keep telling yourself, "GUI’s are so 2002."
About the Author
Greg Shields is Author Evangelist with PluralSight, and is a globally-recognized expert on systems management, virtualization, and cloud technologies. A multiple-year recipient of the Microsoft MVP, VMware vExpert, and Citrix CTP awards, Greg is a contributing editor for Redmond Magazine and Virtualization Review Magazine, and is a frequent speaker at IT conferences worldwide. Reach him on Twitter at @concentratedgreg.