Computer and Software Support


Directory Service Command-line

This page is from Microsoft

Updated: January 21, 2005

Directory service command-line tools are a suite of tools that you can use to manage the various objects in Active Directory and to perform queries for information in the directory. The following list provides a brief description of each command-line tool and its functionality:

  • dsadd--Adds objects to the directory. For more information, see Dsadd .
  • dsget--Displays properties of objects in the directory. For more information, see Dsget .
  • dsmod--Modifies select attributes of an existing object in the directory. For more information, see Dsmod .
  • dsquery--Finds objects in the directory that match a specified search criteria. For more information, see Dsquery .
  • dsmove--Moves an object from its current location to a new parent location. For more information, see Dsmove .
  • dsrm--Removes an object, the complete subtree under an object in the directory, or both. For more information, see Dsrm .

 

 

Target object types

All of the command-line tools can operate on a variety of object types in the directory. Each command that accepts object-specific arguments allows you to enter a target object type as an argument along with the identity of the target object upon which the command will operate. The target object type is specified as a string literal representing the object class from a predefined set of string literals. For example, in the command dsmod computer, computer is the string literal specifying the object type.

The identity of the target object is specified following the object type and in the format of a distinguished name (the value of the an object's distinguished name attribute). For example, the distinguished name of a user object may be CN=Jeff Smith,OU=Sales,DC=microsoft,DC=com.

In the following command, computer specifies the object type being modified and CN=Jeff Smith,OU=Sales,DC=microsoft,DC=com identifies the target object to be modified:

dsmod computer CN=Jeff Smith,OU=Sales,DC=microsoft,DC=com
-disabled yes

Running commands on the network

Each tool has parameters that allow you to specify the server, domain, user name, and password to use when running the command. For example, here is the syntax for the dsadd computer command:

dsadd computer ObjectDN

[-samid SAMName]

[-desc Description]

[-loc Location]

[-memberof Group...]

[(-sServer | -dDomain)]

[-u UserName]

[-p (Password|*)]

[-q]

If these parameters are not entered, the tool uses the local server, domain, user name, and password.

Command Syntax

The following conventions are used to document the syntax of the directory service command-line tools:
  • The option for a target object's distinguished name attribute is displayed as ObjectDN or ObjectDN ... when you can specify multiple objects.
  • A command does not perform any operation without an object type, such as computer, and any of the object type's required parameters, such as a target object's distinguished name, ObjectDN.
  • For certain commands, if the user does not specify a target object at the command prompt, the target object is obtained from standard input. Obtaining values from standard input allows you to pipe output from one command into another.
  • Target object syntaxes that use the "..." (ellipsis) character indicate that a list of distinguished names can be specified, with each distinguished name separated by a space, unless noted otherwise. For example, the following parameter accepts multiple distinguished names:

    -memberof Group ...

    If the distinguished names themselves contain spaces, then they should be enclosed with quotation marks (" ").

    Commas that are not used as separators in distinguished names must be escaped with the backslash (\) character (for example, "CN=Company\, Inc.,CN=Users,DC=microsoft,DC=com"). Backslashes used in distinguished names must be escaped with a backslash (for example, "CN=Sales\\ Latin America,OU=Distribution Lists,DC=microsoft,DC=com").

Command input

  • All parameters are case insensitive.
  • Command-line parameters can be specified with either a hyphen (-) or forward slash (/) character.
  • A command line parameter and any corresponding values for the parameter should be separated by at least one space.
  • When reading from standard input, both space and newline characters are treated as argument separators.
  • An empty string or null string value can be specified by quotation marks (" ") with no characters enclosed between the quotes. An empty string value specified is not the same as a missing value. A parameter value of "" (NULL string) will be treated as a request to delete the attribute value(s) from the target object.
  • Help on any command can be requested with /? (for example, dsadd computer /?).

Command output

The following are the conventions for displaying data, status messages, errors, and warnings that result from running commands:
  • Successful command completion status messages are written to standard output.
  • Any data displayed by a command is written to standard output.
  • Any warning or error messages are written to standard error.
  • Exit codes (error levels) use 0 to indicate success. If an operation is not successful, the exit code will be a value in HRESULT format. For example, the value for the HRESULT E_FAIL is 0x80004005.
  • If the quiet mode is specified for a command (using the -q parameter), then all output to standard output is suppressed. However, any messages to standard error are not suppressed as a result of quiet mode.

Formatting legend

Format Meaning
Italic Information that the user must supply
Bold Elements that the user must type exactly as shown
Ellipsis (...) Parameter that can be repeated several times in a command line
Between brackets ([]) Optional items
Between braces ({}); choices separated by pipe (|). Example: {even|odd} Set of choices from which the user must choose only one
Courier font Code or program output