dsmod | new in WS2003 |
Modifies the properties of objects in Active Directory.
dsmod command switches [{-s Server -d Domain }] [-u UserName ] [-p { Password *}] [-q] [-c] [-desc Description]
Any dsmod command (see below).
Various switches that go with each command (see below).
Connects to a specified server or domain to run the command (if omitted, defaults to domain controller in logon domain).
Credentials for running the command. Specify UserName as domain\ user or user@domain . If -p * , prompts for password.
Runs in quiet mode to suppress standard output of command.
Reports errors and then continues with next object in argument list if multiple objects are specified; otherwise , exits upon error.
Modifies the description for the object.
Here is a list of supported dsmod commands together with a brief description of their syntax (only the most commonly used switches are described):
Modifies properties of one or more computer accounts identified by their distinguished names . Options include:
Enables ( yes ) or disables ( no ) the computer account
Resets the computer account
Modifies the first name, last name , email address, and other attributes of one or more contacts identified by their distinguished names
Modifies the properties of one or more groups identified by their distinguished names. See dsadd group earlier in this chapter for info about -secgrp and -scope options. The -samid SAMName option specifies the SAM account name, and the last option specifies members that should be added to, removed from, or replaced in the group.
Modifies properties of one or more organizational units specified by their distinguished names. The only thing you can modify is the description of the group.
Modifies properties of one or more domain controllers specified by their distinguished names. The -isgc option specifies whether the server is a global catalog server ( yes ) or not ( no ).
Modifies the properties of one or more user accounts specified by their distinguished names. See dsadd user earlier in this chapter for information on some of the switches here.
Specifies the distinguished names of one or more quota specifications to modify. Here -qlimit Value indicates the number of Active Directory objects that can be owned by the security principal to which the quota object is assigned.
Specifies distinguished names of one or more directory partitions you want to modify, with -qdefault Value specifiying the default quota for the partition and -qtmbstnwt Percent specifying the percentage by which the tombstone object count should be reduced when calculating quota usage.
Use dsget to check whether computer account DESK157 in Sales OU of mtit.local domain is enabled or disabled:
dsget computer CN=DESK157,OU=Sales,DC=mtit,DC=local -disabled disabled yes dsget succeeded
The account is disabled, so use dsmod to enable it:
dsmod computer CN=DESK157,OU=Sales,DC=mtit,DC=local -disabled no dsmod succeeded:CN=DESK157,OU=Sales,DC=mtit,DC=local
Verify the result:
dsget computer CN=DESK157,OU=Sales,DC=mtit,DC=local -disabled disabled no dsget succeeded
Active Directory , dsadd , dsget , dsmove , dsquery , dsrm , Groups , Users