dsmod

dsmod

new in WS2003

Modifies the properties of objects in Active Directory.

Syntax

 dsmod   command     switches   [{-s   Server   -d   Domain   }] [-u   UserName   ]  [-p {   Password   *}] [-q] [-c] [-desc Description]

Options

command: Any dsmod command (see below).
switches: Various switches that go with each command (see below).
{-s Server -d Domain}: Connects to a specified server or domain to run the command (if omitted, defaults to domain controller in logon domain).
[-u UserName] [-p {Password *}]: Credentials for running the command. Specify UserName as domain\ user or user@domain . If -p * , prompts for password.
-q: Runs in quiet mode to suppress standard output of command.
-c: Reports errors and then continues with next object in argument list if multiple objects are specified; otherwise , exits upon error.
-desc Description: Modifies the description for the object.

Commands

Here is a list of supported dsmod commands together with a brief description of their syntax (only the most commonly used switches are described):

dsmod computer ComputerDN... [-disabled {yes no}] [-reset]

Modifies properties of one or more computer accounts identified by their distinguished names . Options include:

-disabled {yes no}: Enables ( yes ) or disables ( no ) the computer account
-reset: Resets the computer account

dsmod contact ContactDN... [-fn] [-ln] [-email] ...

Modifies the first name, last name , email address, and other attributes of one or more contacts identified by their distinguished names

dsmod group GroupDN... [-secgrp {yes no}] [-scope {l g u}] [-samid SAMName] [{-addmbr -rmmbr -chmbr} MemberDN...]

Modifies the properties of one or more groups identified by their distinguished names. See dsadd group earlier in this chapter for info about -secgrp and -scope options. The -samid SAMName option specifies the SAM account name, and the last option specifies members that should be added to, removed from, or replaced in the group.

dsmod ou OrganizationalUnitDN...

Modifies properties of one or more organizational units specified by their distinguished names. The only thing you can modify is the description of the group.

dsmod server ServerDN... [-isgc {yes no}]

Modifies properties of one or more domain controllers specified by their distinguished names. The -isgc option specifies whether the server is a global catalog server ( yes ) or not ( no ).

dsmod user UserDN... [-upn UserPrincipalName] [-fn FirstName] [-ln LastName][-display DisplayName] [-pwd {Password *}] [-tel PhoneNumber] [-email Email] [-title Title] [-company Company] [-hmdir HomeDirectory] [-profile ProfilePath] [-pwdneverexpires {yes no}] ...

Modifies the properties of one or more user accounts specified by their distinguished names. See dsadd user earlier in this chapter for information on some of the switches here.

dsmod quota QuotaDN... [-qlimit Value]

Specifies the distinguished names of one or more quota specifications to modify. Here -qlimit Value indicates the number of Active Directory objects that can be owned by the security principal to which the quota object is assigned.

dsmod partition PartitionDN... [-qdefault Value] [-qtmbstnw Percent]

Specifies distinguished names of one or more directory partitions you want to modify, with -qdefault Value specifiying the default quota for the partition and -qtmbstnwt Percent specifying the percentage by which the tombstone object count should be reduced when calculating quota usage.

Examples

Use dsget to check whether computer account DESK157 in Sales OU of mtit.local domain is enabled or disabled:

  dsget computer CN=DESK157,OU=Sales,DC=mtit,DC=local -disabled  disabled   yes dsget succeeded

The account is disabled, so use dsmod to enable it:

  dsmod computer CN=DESK157,OU=Sales,DC=mtit,DC=local -disabled no  dsmod succeeded:CN=DESK157,OU=Sales,DC=mtit,DC=local

Verify the result:

  dsget computer CN=DESK157,OU=Sales,DC=mtit,DC=local -disabled  disabled   no dsget succeeded

Syntax

Options

Commands

Examples

See Also