dsadd | new in WS2003 |
Adds users, groups, and other objects to Active Directory and configures AD quotas.
dsadd command switches [{-s Server -d Domain }] [-u UserName ] [-p { Password *}] [-q] [-dsec Description]
Any dsadd command (see later list).
Various switches that go with each command (see later list).
Connects to a specified server or domain to run the command (if omitted, defaults to domain controller in logon domain).
Credentials for running the command. Specify UserName as domain\ user or user@domain . If -p * , prompts for password.
Runs in quiet mode to suppress standard output of command.
Specifies the description for the object.
Here is a list of supported dsadd commands with a brief description of their syntax (only the most commonly used switches are described):
Adds a computer account to Active Directory with distinguished name ComputerDN .
Adds a contact to Active Directory with distinguished name ContactDN .
Adds a group to Active Directory with distinguished name GroupDN . The -secgrp yes option creates a security group (the default) while the -scope option creates either a local, global, or universal group (default is global).
Adds an organizational unit to Active Directory with distinguished name OrganizationalUnitDN .
Configures an Active Directory quota for the security principal specified by -acct SecurityPrincipalDN , limiting how many directory objects the security principal can own in the specified partition. To specify an unlimited quota, use -qlimit -1 .
Adds a user to Active Directory with distinguished name UserDN and properties specified by switches (there are many more).
Create a new computer account for the workstation DESK155 in the Sales organizational unit of the mtit.local domain using the Administrator account for that domain:
dsadd computer CN=DESK155,OU=Sales,DC=mtit,DC=local -u Administrator -p * Enter Password:********** dsadd succeeded:CN=DESK155,OU=Sales,DC=mtit,DC=local
If you open Active Directory Users and Computers, you can see the new computer account in the Sales OU.
Create a new domain local group named Human Resources in the Sales OU of mtit.local :
dsadd group "CN=Human Resources,OU=Sales,DC=mtit,DC=local" -scope l dsadd succeeded:CN=Human Resources,OU=Sales,DC=mtit,DC=local
Note the quotation marks in the example (required due to the space in the group name).
Create the user Bob Jones and add him to the Human Resources group:
dsadd user CN=bjones,OU=Sales,DC=mtit, DC=local -upn bjones@mtit.local -fn Bob -ln Jones -display "Bob Jones" -pwd Passw0rd -email bjones@mtit.com -memberof "CN=Human Resources,OU=Sales,DC=mtit,DC=local" dsadd succeeded:CN=bjones,OU=Sales,DC=mtit,DC=local
If you omit the distinguished name of the object you are creating, it is obtained from standard inputSTDINi.e., the keyboard, a redirected file, or piped output from another command. Use Ctrl-Z to indicate the end of file character for STDIN.
Active Directory , dsget , dsmod , dsmove , dsquery , dsrm , Groups , Users