IT Stuff
 

Managing Active Directory from the command line

The following command-line tools can be used to manage Active Directory.

Name Description

CSVDE

Import and export Active Directory data using comma-separated format.

Dsadd

Add users, groups, computers, contacts, and organizational units to Active Directory.

Dsmod

Modify an existing object of a specific type in the directory. The types of objects that can be modified are: users, groups, computers, servers, contacts, and organizational units.

Dsrm

Remove objects of the specified type from Active Directory.

Dsmove

Rename an object without moving it in the directory tree, or move an object from its current location in the directory to a new location within a single domain controller. (For cross-domain moves, use the Movetree command-line tool.)

Dsquery

Query and find a list of objects in the directory using specified search criteria. Use in a generic mode to query for any type of object or in a specialized mode to query for for selected object types. The specific types of objects that can be queried through this command are: computers, contacts, subnets, groups, organizational units, sites, servers and users.

Dsget

Display selected attributes of specific object types in Active Directory. Attributes of the following object types can be viewed: computers, contacts, subnets, groups, organizational units, servers, sites, and users.

LDIFDE

Ceate, modify, and delete directory objects. This tool can also be used to extend the schema, export Active Directory user and group information to other applications or services, and populate Active Directory with data from other directory services.

Ntdsutil

General purpose Active Directory management tool. Use Ntdsutil to perform database maintenance of Active Directory, to manage single master operations, and remove metadata left behind by domain controllers that were removed from the network without being properly uninstalled.