Logo - tutorial.programming4.us
Windows XP
Windows Vista
Windows 7
Windows Azure
Windows Server
Windows Phone
 
 
Windows Server

Windows Server 2008 : Moving Accounts with dsmove, Removing Objects with dsrm, Retrieving Information about Objects with dsquery

11/28/2012 4:16:53 PM

Moving Accounts with dsmove

You can move accounts to different OUs or containers with the dsmove command. The difficult part about this task is building the DN, but if you’ve mastered the DN, the command is simple.

Note

You can also move objects with the Active Directory Migration Tool (ADMT) and with the ldifde command.


dsmove CommandComments
Move an object from one OU to another OU.
Dsmove dn -newparent parentdn
C:\>dsmove "cn=joe,ou=east,ou=sales,dc=pearson,dc=
pub" -newparent "ou=west,ou=sales,dc=pearson,dc=pub"
C:\>dsmove "cn=joe,ou=west,ou=sales,dc=pearson,dc=
pub" -newparent "ou=east,ou=sales,dc=pearson,dc=pub"

This example moves a user account from the sales\east OU to the sales\west OU and then back.


Removing Objects with dsrm

Finally, you can remove objects with the dsrm command. The basic syntax is shown in the following table.

dsrm CommandComments
Delete an object.
Dsmove dn -newparent parentdn [-noprompt]
C:\>dsrm "cn=joe,ou=east,ou=sales,dc=pearson,dc=pub"
C:\>dsrm "cn=joe,ou=east,ou=sales,dc=pearson,dc=pub"
-noprompt

This example removes the specified user account. You are prompted to confirm the removal, but you can suppress the prompt with the -noprompt switch.


Retrieving Information about Objects with dsquery

You can use the dsquery command to retrieve information about objects in Active Directory (AD). A benefit of dsquery is that you can retrieve multiple objects at the same time by specifying filter criteria. The basic syntax of the dsquery command is

dsquery dn-property property-value

The following table shows some examples of how to use the dsquery command to retrieve multiple objects.

dsquery CommandComments
Retrieve all the groups in an Organizational Unit (OU).
dsquery group dn
C:\>dsquery group "ou=east,
ou=sales, dc=pearson, dc=pub"

Retrieves a list of all the groups in the sales\east OU.

Note

The only thing you need to add is the distinguished name (DN).

Retrieve all the groups in an OU matching a specific name.
dsquery group dn
C:\>dsquery group "ou=east,
ou=sales, dc=pearson, dc=pub" -name
IT*

You can use the -name switch to identify all the groups with specific names, and you can also use the asterisk (*) wildcard. This example retrieves a list of all the groups in the sales\east OU that have a name that starts with “IT.”
Retrieve a listing of all users in the domain or in an OU.
dsquery user dn
C:\>dsquery user "dc=pearson,
dc=pub"
C:\>dsquery user
"ou=sales,dc=pearson, dc=pub"
C:\>dsquery user
"ou=sales,dc=pearson, dc=pub"
-scope base

Retrieves a listing of all objects, such as all users or all computers. The dn identifies the search range. The first example lists all users in the domain. The second example lists all users in the Sales OU and child OUs. The third example limits the scope to the base OU (Sales) and lists all users in the Sales OU only (not child OUs).
Identify inactive accounts.
dsquery object-type dn -inactive
number-of-weeks
C:\>dsquery user
"dc=pearson,dc=pub" -inactive 4
C:\>dsquery computer
"dc=pearson,dc=pub" -inactive 4

The -inactive switch identifies inactive accounts. These examples retrieve any user accounts and computer accounts that have not been logged on to in the past four weeks.
Identify accounts with stale passwords.
dsquery user dn -stalepwd
number-of-days
C:\>dsquery user
"dc=pearson,dc=pub" -stalepwd 45

A stale password hasn’t been changed in a specific number of days.

Tip

Use this to locate service accounts that have the Password Never Expires setting enabled and haven’t had their passwords changed within a given time.

Locate disabled accounts.
dsquery user dn -disabled
C:\>dsquery user
"dc=pearson,dc=pub" -disabled

Locates all disabled accounts.



An added benefit of the dsquery command is that you can use it to modify multiple objects at the same time. You can pipe the results of the dsquery command to another command such as the dsmod command. The basic format is

dsquery command | dsmod command

Note

Piping or pipelining is done by adding a pipe character (|) between the commands. The output of the first command becomes the input of the second command.


The following table shows a few examples where you can pipe the results of a dsquery command to a dsmod command.

dsquery CommandComments
Disable inactive accounts.
dsquery object-type dn -inactive
number-of-weeks  | dsmod user
-disabled yes
C:\>dsquery user
"dc=pearson,dc=pub" -inactive 4 |
dsmod user -disabled yes

This example (shown in Figure 8-1) uses a query to identify accounts that are inactive, and then passes the list to the dsmod command. The dsmod command then disables all accounts in the list.
Modify a property for a group of users.
dsquery user dn | dsmod user
-office value
C:\>dsquery user "ou=east,
ou=sales,dc=pearson,dc=pub" |
dsmod user -office "East Sales"

This example first retrieves a list of all users in the sales\east OU and passes this list to the dsmod command. The dsmod command uses the -office switch to change the -office name to Virginia Beach for each of the users.

Note

Because the office name of Virginia Beach has a space, it must be enclosed in quotes.


Tip

In Figure 1, the first command is the dsquery command by itself. This is a good practice so that you know what you will modify before actually modifying it.


Figure 1. Piping the Results of a dsquery to dsmod
 
Other -----------------
- Windows Server 2008 : Modifying Accounts with dsmod
- Designing and Configuring Unified Messaging in Exchange Server 2007 : Unified Messaging Shell Commands
- Designing and Configuring Unified Messaging in Exchange Server 2007 : Monitoring and Troubleshooting Unified Messaging (part 3) - Event Logs
- Designing and Configuring Unified Messaging in Exchange Server 2007 : Monitoring and Troubleshooting Unified Messaging (part 2) - Performance Monitors
- Designing and Configuring Unified Messaging in Exchange Server 2007 : Monitoring and Troubleshooting Unified Messaging (part 1) - Active Calls , Connectivity
- Working with the Windows Home Server Registry : Keeping the Registry Safe
- Working with the Windows Home Server Registry : Starting the Registry Editor, Navigating the Registry
- SharePoint 2010 : Building Composite Solutions (part 2) - External Data Search, External Data and User Profiles
- SharePoint 2010 : Building Composite Solutions (part 1) - External Lists, External Data Columns
- Microsoft Dynamics AX 2009 : Form Customization (part 3) - Displaying an Image on a Form
 
 
Top 10
- Microsoft Exchange Server 2013 : Working with cmdlets (part 2) - Understanding cmdlet errors, Using cmdlet aliases
- Microsoft Exchange Server 2013 : Working with cmdlets (part 1) - Using Windows PowerShell cmdlets, Using cmdlet parameters
- Microsoft Exchange Server 2013 : Using Windows PowerShell (part 2) - Running and using cmdlets, Running and using other commands and utilities
- Microsoft Exchange Server 2013 : Using Windows PowerShell (part 1) - Running and using Windows PowerShell
- Troubleshooting Stop Messages : Being Prepared for Stop Errors - Prevent System Restarts After a Stop Error
- Troubleshooting Stop Messages : Memory Dump Files (part 3) - Using Memory Dump Files to Analyze Stop Errors - WinDbg Debugger
- Troubleshooting Stop Messages : Memory Dump Files (part 2) - Using Memory Dump Files to Analyze Stop Errors - Using Problem Reports And Solutions
- Troubleshooting Stop Messages : Memory Dump Files (part 1) - Configuring Small Memory Dump Files, Configuring Kernel Memory Dump Files
- Troubleshooting Stop Messages : Stop Message Overview - Identifying the Stop Error, Finding Troubleshooting Information
- Deploying IPv6 : Planning for IPv6 Migration - Understanding ISATAP, Migrating an Intranet to IPv6
 
STARS
MOM
HEALTH
FAMILY
ADVICES
GIRLS