dsadd

Adds users, groups, and other objects to Active Directory and configures AD quotas.

Syntax

 dsadd   command     switches   [{-s   Server   -d   Domain   }] [-u   UserName   ]  [-p {   Password   *}] [-q] [-dsec Description] 

Options

command

Any dsadd command (see later list).

switches

Various switches that go with each command (see later list).

{-s Server -d Domain}

Connects to a specified server or domain to run the command (if omitted, defaults to domain controller in logon domain).

[-u UserName] [-p {Password *}]

Credentials for running the command. Specify UserName as domain\ user or user@domain . If -p * , prompts for password.

-q

Runs in quiet mode to suppress standard output of command.

-desc Description

Specifies the description for the object.

Commands

Here is a list of supported dsadd commands with a brief description of their syntax (only the most commonly used switches are described):

dsadd computer ComputerDN

Adds a computer account to Active Directory with distinguished name ComputerDN .

dsadd contact ContactDN [-fn FirstName] [-ln LastName] [-email Email]

Adds a contact to Active Directory with distinguished name ContactDN .

dsadd group GroupDN [-secgrp {yes no}] [-scope {l g u}]

Adds a group to Active Directory with distinguished name GroupDN . The -secgrp yes option creates a security group (the default) while the -scope option creates either a local, global, or universal group (default is global).

dsadd ou OrganizationalUnitDN

Adds an organizational unit to Active Directory with distinguished name OrganizationalUnitDN .

dsadd quota -part PartitionDN [-rdn RelativeDistinguishedName] -acct SecurityPrincipalDN -qlimit Value

Configures an Active Directory quota for the security principal specified by -acct SecurityPrincipalDN , limiting how many directory objects the security principal can own in the specified partition. To specify an unlimited quota, use -qlimit -1 .

dsadd user UserDN [-upn UserPrincipalName] [-fn FirstName] [-ln LastName] [-display DisplayName] [-pwd {Password *}] [-memberof Group;...] [-tel PhoneNumber] [-email Email] [-title Title] [-company Company] [-hmdir HomeDirectory] [-profile ProfilePath] [-pwdneverexpires {yes no}] ...

Adds a user to Active Directory with distinguished name UserDN and properties specified by switches (there are many more).

Examples

Create a new computer account for the workstation DESK155 in the Sales organizational unit of the mtit.local domain using the Administrator account for that domain:

  dsadd computer CN=DESK155,OU=Sales,DC=mtit,DC=local -u Administrator -p *  Enter Password:**********     dsadd succeeded:CN=DESK155,OU=Sales,DC=mtit,DC=local 

If you open Active Directory Users and Computers, you can see the new computer account in the Sales OU.

Create a new domain local group named Human Resources in the Sales OU of mtit.local :

  dsadd group "CN=Human Resources,OU=Sales,DC=mtit,DC=local" -scope l  dsadd succeeded:CN=Human Resources,OU=Sales,DC=mtit,DC=local 

Note the quotation marks in the example (required due to the space in the group name).

Create the user Bob Jones and add him to the Human Resources group:

  dsadd user CN=bjones,OU=Sales,DC=mtit,   DC=local -upn bjones@mtit.local -fn Bob -ln Jones   -display "Bob Jones" -pwd Passw0rd -email bjones@mtit.com   -memberof "CN=Human Resources,OU=Sales,DC=mtit,DC=local"  dsadd succeeded:CN=bjones,OU=Sales,DC=mtit,DC=local 

Notes

If you omit the distinguished name of the object you are creating, it is obtained from standard inputSTDINi.e., the keyboard, a redirected file, or piped output from another command. Use Ctrl-Z to indicate the end of file character for STDIN.

See Also

Active Directory , dsget , dsmod , dsmove , dsquery , dsrm , Groups , Users