Modify active directory object.
DS* commands are available on networked machines with the server role A.D. Domain Services installed, Domain Controllers (or for XP users: XP Professional).
Special characters in distinguished names
Commas within a CN must be escaped with the backslash \ character
e.g. "CN=Company\, Inc.,CN=Users,DC=ss64,DC=com"
Backslashes must also be escaped with a backslash
for example, "CN=Sales\\ Latin America,OU=Distribution Lists,DC=ss64,DC=com"
If any value contains spaces, use quotation marks:
e.g. "CN=John Smith,CN=Users,DC=SS64,DC=com"
You can pipe results from DSQUERY into DSMOD in order to modify an object. If the DN contains any commas or backslashes you will need to redirect to a file first and add the escape characters as above.
e.g. To find all users in the Marketing OU (organizational unit) and add them to the Sales group:
DSQUERY user -startnode "ou=Marketing,dc=SS64,dc=com" | DSMOD group "cn=Sales,ou=Marketing,dc=SS64,dc=com" -addmbr
The token $username$ (case insensitive) may be used to place the SAM account name.
Entering * as a password will cause DSMOD to prompt for the new password.
For any DS command you can enter multiple values separated by spaces.
e.g. to modify several user accounts at once just supply a list of the distinguished names separated with spaces.
“The aim of science is not to open the door to infinite wisdom but to set a limit to infinite error” - Bertolt Brecht ‘Life of Galileo’
DSAdd - Add object
DSMod - Modify object
DSGet - Display object
DSMove - Move object
DSQuery - Search for objects
DSRM - Delete object
CSVDE - Import or export AD info in CSV format.
LDIFDE - Edit AD Objects, extend schema, import or export AD information.
Q322684 - Directory Service Command-Line Tools
Equivalent bash commands (Linux): ldapmodify - Modify Lightweight Directory Access Protocol