Computer and Software Support


dsadd

This page is from Microsoft

Updated: January 21, 2005

Adds specific types of objects to the directory. The dsadd commands include:

 

dsadd computer

Adds a single computer to the directory.
Return to Top

Syntax

dsadd computer ComputerDN [-samid SAMName] [-desc Description] [-locLocation] [-memberof GroupDN ...] [{-s Server | -d Domain}] [-uUserName] [-p {Password | *}] [-q] [{-uc | -uco | -uci}]

Parameters

ComputerDN
Required. Specifies the distinguished name of the computer you want to add. If the distinguished name is omitted, it will be taken from standard input (stdin).
-samid SAMName
Specifies to use the SAM name as the unique SAM account name for this computer (for example, TESTPC2$). If this parameter is not specified, then a SAM account name is derived from the value of the common name attribute used in ComputerDN.
-desc Description
Specifies the description of the computer you want to add.
-loc Location
Specifies the location of the computer you want to add.
-memberof GroupDN ...
Specifies the groups in which you want the computer as a member.
{-s Server | -d Domain}
Connects the computer to either a specified server or domain. By default, the computer is connected to the domain controller in the logon domain.
-u UserName
Specifies the user name with which the user logs on to a remote server. By default, -u uses the user name with which the user logged on. You can use any of the following formats to specify a user name:user name (for example, Linda)domain\user name (for example, widgets\Linda)user principal name (UPN) (for example, Linda@widgets.microsoft.com)
-p {Password| *}
Specifies to use either a password or a * to log on to a remote server. If you type *, you are prompted for a password.
-q
Suppresses all output to standard output (quiet mode).
{-uc | -uco | -uci}
Specifies that output or input data is formatted in Unicode. The following table lists and describes each format.ValueDescription-uc Specifies a Unicode format for input from or output to a pipe (|).-uco Specifies a Unicode format for output to a pipe (|) or a file. -uci Specifies a Unicode format for input from a pipe (|) or a file.
/?
Displays help at the command prompt.

Remarks

  • If you do not supply a target object at the command prompt, the target object is obtained from standard input (stdin). Stdin data can be accepted from the keyboard, a redirected file, or as piped output from another command. To mark the end of stdin data from the keyboard or in a redirected file, use the end-of-file character (CTRL+Z).
  • If a value that you supply contains spaces, use quotation marks around the text (for example, "CN=DC 2,OU=Domain Controllers, DC=Microsoft,DC=Com").
  • If you supply multiple values for a parameter, use spaces to separate the values (for example, a list of distinguished names).

Examples

To create a computer account named WorkstationA in the default Computers container of fabrikam.com, at a command prompt, type the following command, and then press ENTER:

dsadd computer cn=WorkstationA,cn=computers, dc=fabrikam,dc=com

To create a computer account named WorkstationB in a top-level OU named Service Dept in the same domain, at a command prompt, type the following command, and then press ENTER:

dsadd computer "cn=WorkstationB,ou=service dept,dc=fabrikam,dc=com"

 

dsadd contact

Adds a single contact to the directory.
Return to Top

Syntax

dsadd contact ContactDN [-fn FirstName] [-mi Initial] [-ln LastName] [-display DisplayName] [-desc Description] [-office Office] [-tel PhoneNumber] [-email Email] [-hometel HomePhoneNumber] [-pager PagerNumber] [-mobile CellPhoneNumber] [-fax FaxNumber] [-iptel IPPhoneNumber] [-title Title] [-dept Department] [-company Company] [{-s Server | -d Domain}] [-u UserName] [-p {Password | *}] [-q ] [{-uc | -uco | -uci }]

Parameters

ContactDN
Required. Specifies the distinguished name of the contact you want to add. If the distinguished name is omitted, it will be taken from standard input (stdin).
-fn FirstName
Specifies the first name of the contact you want to add.
-mi Initial
Specifies the middle initial of the contact you want to add.
-ln LastName
Specifies the last name of the contact you want to add.
-display DisplayName
Specifies the display name of the contact you want to add.
-desc Description
Specifies the description of the contact you want to add.
-office Office
Specifies the office location of the contact you want to add.
-tel PhoneNumber
Specifies the telephone number of the contact you want to add.
-email Email
Specifies the e-mail address of the contact you want to add.
-hometel HomePhoneNumber
Specifies the home telephone number of the contact you want to add.
-pager PagerNumber
Specifies the pager number of the contact you want to add.
-mobile CellPhoneNumber
Specifies the mobile phone number of the contact you want to add.
-fax FaxNumber
Specifies the fax number of the contact you want to add.
-iptel IPPhoneNumber
Specifies the IP phone number of the contact you want to add.
-title Title
Specifies the title of the contact you want to add.
-dept Department
Specifies the department of the contact you want to add.
-company Company
Specifies the company information for the contact you want to add.
{-s Server | -d Domain}
Connects to a specified remote server or domain. By default, the computer is connected to the domain controller in the logon domain.
-u UserName
Specifies the user name with which the user logs on to a remote server. By default, the logged on user name is used. You can specify a user name using one of the following formats:user name (for example, Linda)domain\user name (for example, widgets\Linda)user principal name (UPN) (for example, Linda@widgets.microsoft.com)
-p {Password | *}
Specifies to use either a password or a * to log on to a remote server. If you type *, you are prompted for a password.
-q
Suppresses all output to standard output (quiet mode).
{-uc | -uco | -uci}
Specifies that output or input data is formatted in Unicode. The following table lists and describes each format.ValueDescription-uc Specifies a Unicode format for input from or output to a pipe (|).-uco Specifies a Unicode format for output to a pipe (|) or a file. -uci Specifies a Unicode format for input from a pipe (|) or a file.
/?
Displays help at the command prompt.

Remarks

  • If you do not supply a target object at the command prompt, the target object is obtained from standard input (stdin). Stdin data can be accepted from the keyboard, a redirected file, or as piped output from another command. To mark the end of stdin data from the keyboard or in a redirected file, use the end-of-file character (CTRL+Z).
  • If the value that you supply contains spaces, use quotation marks around the text (for example, "CN=Mike Danseglio,CN=Users, DC=Microsoft,DC=Com").
  • This command only supports a subset of commonly used object class attributes
 

Examples

To create a contact named Jeff Hay in a top-level OU named Service Dept in the fabrikam.com domain, at a command prompt, type the following command, and then press ENTER:

dsadd contact "cn=Jeff Hay,ou=service dept,dc=fabrikam,dc=com"

To create a contact named Jun Cao in the default users container, at a command prompt, type the following command, and then press ENTER:

dsadd contact "cn=Jun Cao,cn=users,dc=fabrikam,dc=com"

 

dsadd group

Adds a single group to the directory.
Return to Top

Syntax

dsadd group GroupDN [-secgrp {yes | no}] [-scope {l | g | u}] [-samid SAMName] [-desc Description] [-memberof Group ...] [-members Member ...] [{-s Server | -d Domain}] [-u UserName] [-p {Password | *}] [-q] [{-uc | -uco | -uci}]

Parameters

GroupDN
Required. Specifies the distinguished name of the group you want to add. If the distinguished name is omitted, it will be taken from standard input (stdin).
-secgrp {yes | no}
Specifies whether the group you want to add is a security group (yes) or a distribution group (no). By default, the group is added as a security group (yes).
-scope {l | g | u}
Specifies whether the scope of the group you want to add is domain local (l), global (g), or universal (u). If the domain is in mixed-mode, then the universal scope is not supported. By default, the scope of the group is set to global.
-samid SAMName
Specifies to use the SAM name as the unique SAM account name for this group (for example, operators). If this parameter is not specified, it is generated from the relative distinguished name.
-desc Description
Specifies the description of the group you want to add.
-memberof Group ...
Specifies the groups to which this new group should be added.
-members Member ...
Specifies the members to add to the new group.
{-s Server | -d Domain}
Connects to a specified remote server or domain. By default, the computer is connected to the domain controller in the logon domain.
-u UserName
Specifies the user name with which the user logs on to a remote server. By default, -u uses the user name with which the user logged on. You can use any of the following formats to specify a user name: user name (for example, Linda)domain\user name (for example, widgets\Linda)user principal name (UPN) (for example, Linda@widgets.microsoft.com)
-p {Password | *}
Specifies to use either a password or a * to log on to a remote server. If you type *, you are prompted for a password.
-q
Suppresses all output to standard output (quiet mode).
{-uc | -uco| -uci}
Specifies that output or input data is formatted in Unicode. The following table lists and describes each format. ValueDescription-uc Specifies a Unicode format for input from or output to a pipe (|).-uco Specifies a Unicode format for output to a pipe (|) or a file. -uci Specifies a Unicode format for input from a pipe (|) or a file.
/?
Displays help at the command prompt.

Remarks

  • If you do not supply a target object at the command prompt, the target object is obtained from standard input (stdin). Stdin data can be accepted from the keyboard, a redirected file, or as piped output from another command. To mark the end of stdin data from the keyboard or in a redirected file, use the end-of-file character (CTRL+Z).
  • If a value that you supply contains spaces, use quotation marks around the text (for example, "CN=Mike Danseglio,CN=Users, DC=Microsoft,DC=Com").
  • If you supply multiple values for a parameter, use spaces to separate the values (for example, a list of distinguished names).
  • This command only supports a subset of commonly used object class attributes.
 

Examples

To create a group account named Techs in an OU named Repairs, which is subordinate to the top-level OU Service Dept of the domain fabrikam.com, at a command prompt, type the following command, and then press ENTER:

dsadd group "cn=Techs,ou=Repairs,ou=Service Dept,dc=fabrikam,dc=com"

To create a group account named Support in the default Users container of fabrikam.com, at a command prompt, type the following command, and then press ENTER:

dsadd group cn=Support,cn=Users, dc=fabrikam,dc=com

 

dsadd ou

Adds a single organizational unit (OU) to the directory.
Return to Top

Syntax

dsadd ou OrganizationalUnitDN [-desc Description] [{-s Server | -d Domain}][-u UserName] [-p {Password | *}] [-q] [{-uc | -uco | -uci}]

Parameters

OrganizationalUnitDN
Required. Specifies the distinguished name of the organizational unit you want to add. If the distinguished name is omitted, it will be taken from standard input (stdin).
-desc Description
Specifies the description of the organizational unit you want to add.
{-s Server | -d Domain}
Connects to a specified remote server or domain. By default, the computer is connected to the domain controller in the logon domain.
-u UserName
Specifies the user name with which the user logs on to a remote server. By default, the logged on user name is used. You can specify a user name using one of the following formats: user name (for example, Linda)domain\user name (for example, widgets\Linda)user principal name (UPN) (for example, Linda@widgets.microsoft.com)
-p {Password | *}
Specifies to use either a password or a * to log on to a remote server. If you type *, you are prompted for a password.
-q
Suppresses all output to standard output (quiet mode).
{-uc | -uco | -uci}
Specifies that output or input data is formatted in Unicode. The following table lists and describes each format. ValueDescription-uc Specifies a Unicode format for input from or output to a pipe (|).-uco Specifies a Unicode format for output to a pipe (|) or a file. -uci Specifies a Unicode format for input from a pipe (|) or a file.
/?
Displays help at the command prompt.

Remarks

  • If you do not supply a target object at the command prompt, the target object is obtained from standard input (stdin). Stdin data can be accepted from the keyboard, a redirected file, or as piped output from another command. To mark the end of stdin data from the keyboard or in a redirected file, use the end-of-file character (CTRL+Z).
  • If a value that you supply contains spaces, use quotation marks around the text (for example, "OU=Domain Controllers, DC=Microsoft,DC=Com").
  • This command only supports a subset of commonly used object class attributes.
 

Examples

To create an OU named Service Dept in a domain named fabrikam.com, at a command prompt, type the following command, and then press ENTER:

dsadd ou "ou=Service Dept,dc=fabrikam,dc=com"

To create an OU subordinate to the Service Dept named Repairs, at a command prompt, type the following command, and then press ENTER:

dsadd ou "ou=Repairs,ou=Service Dept,dc=fabrikam,dc=com"

 

dsadd user

Adds a single user to the directory.
Return to Top

Syntax

dsadd user UserDN [-samid SAMName] [-upn UPN] [-fn FirstName] [-mi Initial] [-ln LastName] [-display DisplayName] [-empid EmployeeID] [-pwd {Password | *}] [-desc Description] [-memberof Group ...] [-office Office] [-tel PhoneNumber] [-email Email] [-hometel HomePhoneNumber] [-pager PagerNumber] [-mobile CellPhoneNumber] [-fax FaxNumber] [-iptel IPPhoneNumber] [-webpg WebPage] [-title Title] [-dept Department] [-company Company] [-mgr Manager] [-hmdir HomeDirectory] [-hmdrv DriveLetter:][-profile ProfilePath] [-loscr ScriptPath] [-mustchpwd {yes | no}] [-canchpwd {yes | no}] [-reversiblepwd {yes | no}] [-pwdneverexpires {yes | no}] [-acctexpires NumberOfDays] [-disabled {yes | no}] [{-s Server | -d Domain}] [-u UserName] [-p {Password | *}] [-q] [{-uc | -uco | -uci}]

Parameters

UserDN
Required. Specifies the distinguished name of the user you want to add. If the distinguished name is omitted, it will be taken from standard input (stdin).
-samid SAMName
Specifies the SAM name as the unique SAM account name for this user (for example, Linda). If not specified, dsadd will attempt to create SAM account name using up to the first 20 characters from the common name (CN) value of UserDN.
-upn UPN
Specifies the user principal name of the user you want to add, (for example, Linda@widgets.microsoft.com).
-fn FirstName
Specifies the first name of the user you want to add.
-mi Initial
Specifies the middle initial of the user you want to add.
-ln LastName
Specifies the last name of the user you want to add.
-display DisplayName
Specifies the display name of the user you want to add.
-empid EmployeeID
Specifies the employee ID of the user you want to add.
-pwd {Password| *}
Specifies the password for the user to be set to Password or *. If set to *, you are prompted for a user password.
-desc Description
Specifies the description of the user you want to add.
-memberof GroupDN ...
Specifies the distinguished names of the groups in which you want the user to be a member.
-office Office
Specifies the office location of the user you want to add.
-tel PhoneNumber
Specifies the telephone number of the user you want to add.
-email Email
Specifies the e-mail address of the user you want to add.
-hometel HomePhoneNumber
Specifies the home telephone number of the user you want to add.
-pager PagerNumber
Specifies the pager number of the user you want to add.
-mobile CellPhoneNumber
Specifies the cell phone number of the user you want to add.
-fax FaxNumber
Specifies the fax number of the user you want to add.
-iptel IPPhoneNumber
Specifies the IP phone number of the user you want to add.
-webpg WebPage
Specifies the Web page URL of the user you want to add.
-title Title
Specifies the title of the user you want to add.
-dept Department
Specifies the department of the user you want to add.
-company Company
Specifies the company information of the user you want to add.
-mgr ManagerDN
Specifies the distinguished name of the manager of the user you want to add.
-hmdir HomeDirectory
Specifies the home directory location of the user you want to add. If HomeDirectory is given as a Universal Naming Convention (UNC) path, then you must specify a drive letter to be mapped to this path using the -hmdrv parameter.
-hmdrv DriveLetter :
Specifies the home directory drive letter (for example, E:) of the user you want to add..
-profile ProfilePath
Specifies the profile path of the user you want to add.
-loscr ScriptPath
Specifies the logon script path of the user you want to add.
-mustchpwd {yes | no}
Specifies if users must change their passwords at the time of next logon (yes) or not (no). By default, the user does not need to change the password (no).
-canchpwd {yes | no}
Specifies if users can change their passwords at all (yes) or not (no). By default, the user is allowed to change the password (yes). The value of this parameter must be yes if the value of the -mustchpwd parameter is yes.
-reversiblepwd {yes | no}
Specifies if the user password should be stored using reversible encryption (yes) or not (no). By default, the user cannot use reversible encryption (no).
-pwdneverexpires {yes | no}
Specifies if the user password never expires (yes) or not (no). By default, the user password does expire (no).
-acctexpires NumberOfDays
Specifies the number of days from today that the user account will expire. A value of 0 sets expiration at the end of today. A positive value sets expiration in the future. A negative value sets expiration in the past. The value never sets the account to never expire. For example, a value of 0 implies that the account expires at the end of today. A value of -5 implies that the account has already expired 5 days ago and sets an expiration date in the past. A value of 5 sets the account expiration date for 5 days in the future.
-disabled {yes | no}
Specifies if the user account is disabled for log on (yes) or enabled (no). For example, the command dsadd user CN=Nicolettep,CN=Users,DC=Widgets, DC=Microsoft,DC=Com -pwd Password1 -disabled no creates a Nicolettep user account in an enabled state. By default, the user account is disabled for log on (yes). For example, the command dsadd user CN=Nathanp,CN=Users,DC=Widgets, DC=Microsoft,DC=Com creates a Nathanp user account in a disabled state.
{-s Server | -d Domain}
Connects to a specified remote server or domain. By default, the computer is connected to the domain controller in the logon domain.
-u UserName
Specifies the user name with which the user logs on to a remote server. By default, -u uses the user name with which the user logged on. You can use any of the following formats to specify a user name: user name (for example, Linda)domain\user name (for example, widgets\Linda)user principal name (UPN) (for example, Linda@widgets.microsoft.com)
-p {Password | *}
Specifies to use either a password or a * to log on to a remote server. If you type *, you are prompted for a password.
-q
Suppresses all output to standard output (quiet mode).
{-uc | -uco | -uci}
Specifies that output or input data is formatted in Unicode. The following table lists and describes each format. ValueDescription-uc Specifies a Unicode format for input from or output to a pipe (|).-uco Specifies a Unicode format for output to a pipe (|) or a file. -uci Specifies a Unicode format for input from a pipe (|) or a file.
/?
Displays help at the command prompt.

Remarks

  • If you do not supply a target object at the command prompt, the target object is obtained from standard input (stdin). Stdin data can be accepted from the keyboard, a redirected file, or as piped output from another command. To mark the end of stdin data from the keyboard or in a redirected file, use the end-of-file character (CTRL+Z).
  • If a value that you supply contains spaces, use quotation marks around the text (for example, "CN=Mike Danseglio,CN=Users, DC=Microsoft,DC=Com").
  • If you supply multiple values for a parameter, use spaces to separate the values (for example, a list of distinguished names).
  • The special token $username$ (case insensitive) may replace the SAM account name in the value of the -email , -hmdir , -profile , and -webpg parameters. For example, if a SAM account name is "Denise," the -hmdir parameter can be written in either of the following formats:

    -hmdir\users\Denise\home

    -hmdir\users\$username$\home

  • Using strong passwords on all user accounts can help minimize security risks. For more information about strong passwords, see Related Topics.

     

Examples

To create a disabled user account named OCox in the top-level OU named Service Dept in the fabrikam.com domain, at a command prompt, type the following command, and then press ENTER:

dsadd user cn=OCox,ou=Service Dept, dc=fabrikam,dc=com -disabled yes

To create a user account named ACon with a password of $erVice41 in the default users container of the same domain, at a command prompt, type the following command, and then press ENTER:

Dsadd user "cn=ACon,cn=users,dc= fabrikam,dc=com" -pwd $erVice41

 

dsadd quota

Adds a quota specification to a directory partition. A quota specification determines the maximum number of directory objects a given security principal can own in a specified directory partition.
Return to Top

Syntax

dsadd quota -part PartitionDN [-rdn RelativeDistinguishedName] -acct Name -qlimit Value [-desc Description] [{-s Server | -d Domain}] [-u UserName][-p {Password | *}] [-q] [{-uc | -uco | -uci}]

Parameters

-part PartitionDN
Required. Specifies the distinguished name of the directory partition on which you want to create a quota. If you do not specify the distinguished name, it is taken from standard input (stdin).
-rdn RelativeDistinguishedName
Specifies the relative distinguished name of the quota specification being created. If you do not specify -rdn , it is set to Domain_AccountName, using the domain and account name of the security principal specified by the -acct parameter.
-acct Name
Required. Specifies the security principal (user, group, computer, or InetOrgPerson) to whom the quota specification applies. You can use any of the following forms for Name: Distinguished name (also known as DN) of the security principalDomain\SAMAccountName of the security principal
-qlimit Value
Required. Specifies the number of objects within the directory partition that can be owned by the security principal. To specify an unlimited quota, use -1.
-desc Description
Specifies a description for the quota specification that you want to add.
{-s Server | -d Domain}
Connects the computer to either a specified server or domain. By default, the computer is connected to a domain controller in the logon domain.
-u UserName
Specifies the user name with which user will log on to a remote server. By default, -u uses the user name with which the user logged on. You can use any of the following formats to specify a user name: user name (for example, Linda)domain\user name (for example, widgets\Linda)user principal name (UPN) (for example, Linda@widgets.microsoft.com)
-p {Password| *}
Specifies use of a specific password or a * to log on to a remote server. If you type *, you are prompted for a password.
-q
Suppresses all output to standard output (quiet mode).
{-uc | -uco | -uci}
Specifies that output or input data is formatted in Unicode. The following table lists and describes each format. ValueDescription-uc Specifies a Unicode format for input from or output to a pipe (|).-uco Specifies a Unicode format for output to a pipe (|) or a file. -uci Specifies a Unicode format for input from a pipe (|) or a file.
/?
Displays help at the command prompt.

Remarks

  • If you do not specify a target object at the command prompt, the target object is obtained from standard input (stdin). Stdin data can be accepted from the keyboard, a redirected file, or as piped output from another command. To mark the end of stdin data from the keyboard or in a redirected file, use CTRL+Z for End of File (EOF).
  • If a value that you use contains spaces, use quotation marks around the text (for example, "CN=DC 2,OU=Domain Controllers, DC=Microsoft,DC=Com").

Examples

To specify a quota of 1000 objects for the configuration partition for user account AConn, which is in the default Users container of the fabrikam.com domain, at a command prompt, type the following command, and then press ENTER:

dsadd quota -part cn=configuration, dc=fabrikam,dc=com -acct cn=aconn,cn=users,dc=fabrikam,dc=com

Formatting legend

Format Meaning
Italic Information that the user must supply
Bold Elements that the user must type exactly as shown
Ellipsis (...) Parameter that can be repeated several times in a command line
Between brackets ([]) Optional items
Between braces ({}); choices separated by pipe (|). Example: {even|odd} Set of choices from which the user must choose only one
Courier font Code or program output