Полезное‎ > ‎CMD‎ > ‎

dsadd

DSADD.exe

Add active directory object.

Syntax
   DSADD Computer 
   DSADD Contact 
   DSADD Group 
   DSADD OU 
   DSADD User 
   DSADD Quota 

DS* commands are available on networked machines with the server role A.D. Domain Services installed, Domain Controllers (or for XP users: XP Professional).

Special characters in distinguished names

Commas within a CN must be escaped with the backslash \ character
e.g. "CN=Company\, Inc.,CN=Users,DC=ss64,DC=com"

Backslashes must also be escaped with a backslash
for example, "CN=Sales\\ Latin America,OU=Distribution Lists,DC=ss64,DC=com"

If any value contains spaces, use quotation marks:
e.g. "CN=John Smith,CN=Users,DC=SS64,DC=com"

Redirection
You can pipe results from DSQUERY into DSMOD in order to modify an object. If the DN contains any commas or backslashes you will need to redirect to a file first and add the escape characters as above.

Special Tokens
The token $username$ (case insensitive) may be used to place the SAM account name.
Entering * as a password will cause DSADD to prompt for the new password.

Adding multiple Objects
For any DS command you can enter multiple values separated by spaces.
e.g. to add several user accounts at once just supply a list of the distinguished names separated with spaces.
It is also possible to store multiple values in a text file and redirect into DSADD.

How to Organize Active Directory

This is a common question, so below is an example starting point, this assumes a domain name of SS64.com, obviously customise that to your own domain.

Placing everything under a single OU, (in this case ACMECo) makes it easy to apply group policy to everything, though in almost all cases you would do this one level down - applying policy to all users or all workstations. Separate OUs are setup for Users, Groups, Servers, Workstations and the IT department (Admin).

AcmeCo
AcmeCo/Admin        (OU=Admin,OU=AcmeCo,DC=ss64,DC=com)
AcmeCo/Groups       (OU=Groups,OU=AcmeCo,DC=ss64,DC=com)
AcmeCo/Users        (OU=Users,OU=AcmeCo,DC=ss64,DC=com)
AcmeCo/Servers      (OU=Servers,OU=AcmeCo,DC=ss64,DC=com)
AcmeCo/Laptops      (OU=Laptops,OU=AcmeCo,DC=ss64,DC=com)
AcmeCo/Workstations (OU=Workstations,OU=AcmeCo,DC=ss64,DC=com)
AcmeCo/Workstations/Site1
AcmeCo/Workstations/Site2
AcmeCo/Workstations/Site3
 
PartnerCo           An OU for external contacts
PartnerCo/Users        (OU=Users,OU=PartnerCo,DC=ss64,DC=com)
PartnerCo/Workstations (OU=Workstations,OU=PartnerCo,DC=ss64,DC=com)

If possible store all USER accounts in a single OU. Organisations change and people move around, there is rarely any reason to reflect every such change in Active Directory. One reason for adding additional USER OUs is to allow delegated rights i.e. to allow super users to do password resets.

The default (built in) Organizational Units (OUs) for Users (CN=Computers,DC=ss64,DC=com) and Computers (CN=Users,DC=ss64,DC=com) will often be used by application installers when creating service accounts.

“Find a job you like and you add five days to every week” - H. Jackson Brown, Jr

Related commands:

DSMod - Modify object
DSGet - Display object
DSMove - Move object
DSQuery - Search for objects
DSRM - Delete object
CSVDE - Import or export AD info in CSV format.
LDIFDE - Edit AD Objects, extend schema, import or export AD information.
Equivalent bash commands (Linux): ldapmodify - Modify Lightweight Directory Access Protocol