Using the Active Directory command-line tools, in a Windows 2000 domain, or Windows Server 2003 domain, you can create, modify, and delete a user, from the command-line.
The syntax for creating a user account is:
dsadd user user_DN -samid Sam_Name
where:
user_DN is the distinguished name (DN) of the user you wish to create, like "CN=Jerold Schulman,CN=Users,DC=JSIINC,DC=COM". Sam_Name is the SAM (Security Account Manager) name of the users, like Jerry. NOTE: To disable / enable a user account, use dsmod user user_DN -disabled yes|no. NOTE: To delete a user account, use dsrm user_DN. NOTE: To modify the properties of a user account, use the dsmod user_DN command.
NOTE: When you type dsadd user /?, you receive:
Description: Adds a user to the directory.
Syntax: dsadd user <UserDN> \[-samid <SAMName>\] \[-upn <UPN>\] \[-fn <FirstName>\]
\[-mi <Initial>\] \[-ln <LastName>\] \[-display <DisplayName>\]
\[-empid <EmployeeID>\] \[-pwd \{<Password> | *\}\] \[-desc <Description>\]
\[-memberof <Group ...>\] \[-office <Office>\] \[-tel <Phone#>\]
\[-email <Email>\] \[-hometel <HomePhone#>\] \[-pager <Pager#>\]
\[-mobile <CellPhone#>\] \[-fax <Fax#>\] \[-iptel <IPPhone#>\]
\[-webpg <WebPage>\] \[-title <Title>\] \[-dept <Department>\]
\[-company <Company>\] \[-mgr <Manager>\] \[-hmdir <HomeDir>\]
\[-hmdrv <DriveLtr:>\] \[-profile <ProfilePath>\] \[-loscr <ScriptPath>\]
\[-mustchpwd \{yes | no\}\] \[-canchpwd \{yes | no\}\]
\[-reversiblepwd \{yes | no\}\] \[-pwdneverexpires \{yes | no\}\]
\[-acctexpires <NumDays>\] \[-disabled \{yes | no\}\]
\[\{-s <Server> | -d <Domain>\}\] \[-u <UserName>\]
\[-p \{<Password> | *\}\] \[-q\] \[\{-uc | -uco | -uci\}\]
Parameters:
Value Description
<UserDN> Required. Distinguished name (DN) of user to add.
If the target object is omitted, it will be taken
from standard input (stdin).
-samid <SAMName> Set the SAM account name of user to <SAMName>.
If not specified, dsadd will attempt
to create SAM account name using up to
the first 20 characters from the
common name (CN) value of <UserDN>.
-upn <UPN> Set the upn value to <UPN>.
-fn <FirstName> Set user first name to <FirstName>.
-mi <Initial> Set user middle initial to <Initial>.
-ln <LastName> Set user last name to <LastName>.
-display <DisplayName> Set user display name to <DisplayName>.
-empid <EmployeeID> Set user employee ID to <EmployeeID>.
-pwd \{<Password> | *\} Set user password to <Password>. If *, then you are
prompted for a password.
-desc <Description> Set user description to <Description>.
-memberof <Group ...> Make user a member of one or more groups <Group ...>
-office <Office> Set user office location to <Office>.
-tel <Phone#> Set user telephone# to <Phone#>.
-email <Email> Set user e-mail address to <Email>.
-hometel <HomePhone#> Set user home phone# to <HomePhone#>.
-pager <Pager#> Set user pager# to <Pager#>.
-mobile <CellPhone#> Set user mobile# to <CellPhone#>.
-fax <Fax#> Set user fax# to <Fax#>.
-iptel <IPPhone#> Set user IP phone# to <IPPhone#>.
-webpg <WebPage> Set user web page URL to <WebPage>.
-title <Title> Set user title to <Title>.
-dept <Department> Set user department to <Department>.
-company <Company> Set user company info to <Company>.
-mgr <Manager> Set user's manager to <Manager> (format is DN).
-hmdir <HomeDir> Set user home directory to <HomeDir>. If this is
UNC path, then a drive letter that will be mapped to
this path must also be specified through -hmdrv.
-hmdrv <DriveLtr:> Set user home drive letter to <DriveLtr:>
-profile <ProfilePath> Set user's profile path to <ProfilePath>.
-loscr <ScriptPath> Set user's logon script path to <ScriptPath>.
-mustchpwd \{yes | no\} User must change password at next logon or not.
Default: no.
-canchpwd \{yes | no\} User can change password or not. This should be
"yes" if the -mustchpwd is "yes". Default: yes.
-reversiblepwd \{yes | no\}
Store user password using reversible encryption or
not. Default: no.
-pwdneverexpires \{yes | no\}
User password never expires or not. Default: no.
-acctexpires <NumDays> Set user account to expire in <NumDays> days from
today. A value of 0 implies account expires
at the end of today; a positive value
implies the account expires in the future;
a negative value implies the account already expired
and sets an expiration date in the past;
the string value "never" implies that the
account never expires.
-disabled \{yes | no\} User account is disabled or not. Default: no.
\{-s <Server> | -d <Domain>\}
-s <Server> connects to the domain controller (DC)
with name <Server>.
-d <Domain> connects to a DC in domain <Domain>.
Default: a DC in the logon domain.
-u <UserName> Connect as <UserName>. Default: the logged in user.
User name can be: user name, domain\user name,
or user principal name (UPN).
-p \{<Password> | *\} Password for the user <UserName>. If * is entered,
then you are prompted for a password.
-q Quiet mode: suppress all output to standard output.
\{-uc | -uco | -uci\} -uc Specifies that input from or output to pipe is
formatted in Unicode.
-uco Specifies that output to pipe or file is
formatted in Unicode.
-uci Specifies that input from pipe or file is
formatted in Unicode.
Remarks:
If you do not supply a target object at the command prompt, the target
object is obtained from standard input (stdin). Stdin data can be
accepted from the keyboard, a redirected file, or as piped output from
another command. To mark the end of stdin data from the keyboard or
in a redirected file, use Control+Z, for End of File (EOF).
If a value that you supply contains spaces, use quotation marks
around the text (for example, "CN=John Smith,CN=Users,DC=microsoft,DC=com").
If you enter multiple values, the values must be separated by spaces
(for example, a list of distinguished names).
The special token $username$ (case insensitive) may be used to place the SAM
account name in the value of a parameter. For example, if the target user DN
is CN=Jane Doe,CN=users,CN=microsoft,CN=com and the SAM account name
attribute is "janed," the -hmdir parameter can have
the following substitution:
-hmdir \users\$username$\home
The value of the -hmdir parameter is modified to the following value:
- hmdir \users\janed\home
0 comments
Hide comments
