6/4/2014 I am busy changing the world: Windows Active Directory Domain Services - All "dsadd" parameters

http://iambusychangingtheworld.blogspot.com/2013/12/windows-active-directory-domain.html 1/3

Windows Active Directory Domain Services - All"dsadd" parameters

"dsadd" is a command line tool to add an account into the MS

Windows Active Directory :

dsadd user [-samid ] [-upn ] [-fn ] [-mi ] \

[-ln ] [-display ] [-empid ] [-pwd { | *}] \

[-desc ] [-memberof ...] [-office ] [-tel ] \

[-email ] [-hometel ] [-pager ] [-mobile ] \

[-fax ] [-iptel ] [-webpg ] [-title ] \

[-dept ] [-company ] [-mgr ] [-hmdir ] \

[-hmdrv :][-profile ] [-loscr ] [-mustchpwd {yes | no}] \

[-canchpwd {yes | no}] [-reversiblepwd {yes | no}] [-pwdneverexpires {yes | no}] \

[-acctexpires ] [-disabled {yes | no}] [{-s | -d }] \

[-u ] [-p { | *}] [-q] [{-uc | -uco | -uci}]

All "dsadd"'s parameters (http://technet.microsoft.com/en-

us/library/cc731279.aspx):

Parameter Description

Required. Specifies the distinguished name of the user that you want to

add. If you omit the distinguished name, dsadd takes the name from standardinput (stdin).

-samid

Specifies the Security Accounts Manager (SAM) name as the unique SAMaccount name for this user, for example, Linda. If you do not specify the

SAM name, dsadd attempts to create the SAM account name by using up to thefirst 20 characters from the common name (CN) value ofUserDN.

-upn Specifies the user principal name of the user that you want to add, forexample, Linda@widgets.contoso.com.

-fn Specifies the first name of the user that you want to add.

-mi Specifies the middle initial of the user that you want to add.

-ln Specifies the last name of the user that you want to add.

-display

Specifies the display name of the user that you want to add.

-empid

Specifies the employee ID of the user that you want to add.

-pwd {|*}

Specifies that the password for the user be set to Password or an asterisk

(*). If you set the password to *, dsadd prompts you for a user password.

-desc

Specifies the description of the user that you want to add.

-memberof

Specifies the distinguished names of the groups of which you want the userto be a member.

-office Specifies the office location of the user that you want to add.

-telr

Specifies the telephone number of the user that you want to add.

-email Specifies the e-mail address of the user that you want to add.

-hometel

Specifies the home telephone number of the user that you want to add.

6/4/2014 I am busy changing the world: Windows Active Directory Domain Services - All "dsadd" parameters

http://iambusychangingtheworld.blogspot.com/2013/12/windows-active-directory-domain.html 2/3

-pager

Specifies the pager number of the user that you want to add.

-mobile

Specifies the cell phone number of the user that you want to add.

-fax Specifies the fax number of the user that you want to add.

-iptel

Specifies the IP phone number of the user that you want to add.

-webpg Specifies the Web page URL of the user that you want to add.

-title Specifies the title of the user that you want to add.

-dept

Specifies the department of the user that you want to add.

-company

Specifies the company information of the user that you want to add.

-mgr Specifies the distinguished name of the manager of the user that you wantto add.

-hmdir

Specifies the home directory location of the user that you want to add. Ifyou specifyHomeDirectory as a Universal Naming Convention (UNC) path, then

you must specify a drive letter for dsadd to map to this path using the -

hmdrv parameter.

-hmdrv :

Specifies the home directory drive letter (for example, E:) of the userthat you want to add.

-profile

Specifies the profile path of the user that you want to add.

-loscr

Specifies the logon script path of the user that you want to add.

-mustchpwd {yes |no}

Specifies whether users must change their passwords when they next log on.

The available values are yes and no. By default, users do not have to

change their passwords (no).

-canchpwd {yes |no}

Specifies whether users can change their passwords. The available values

are yes and no. By default, users can change their passwords (yes). The

value of this parameter must beyes if the value of the -mustchpwd parameter

is yes.

-reversiblepwd{yes | no}

Specifies whether to store user passwords using reversible encryption. The

available values are yes and no. By default, users cannot use reversible

encryption (no).

-pwdneverexpires{yes | no}

Specifies whether the user password never expires. The available values

are yes and no. By default, user passwords expire (no).

-acctexpires

Specifies the number of days from today that the user account will expire.A value of 0 sets expiration at the end of today. A positive value setsexpiration in the future. A negative value sets expiration in the past. The

value never sets the account to never expire. For example, a value

of 0 implies that the account expires at the end of today. A value

of -5 implies that the account has already expired 5 days ago and sets an

expiration date in the past. A value of 5 sets the account expiration datefor 5 days in the future.

-disabled {yes |no}

Specifies whether dsadd disables the user account for logon. The available

values are yesor no. For example, the following command creates aNicolettep user account in an enabled state:

dsadd user CN=Nicolettep,CN=Users,DC=Widgets,DC=Contoso,DC=Com -pwd Password1 -disabled no

By default, the user account is disabled for log on (yes). For example, thefollowing command creates a Nathanp user account in a disabled state:

dsadd user CN=Nathanp,CN=Users,DC=Widgets,DC=Contoso,DC=Com

{-s | -d}

Connects to a specified remote server or domain. By default, the computeris connected to the domain controller in the logon domain.

-u

Specifies the user name with which the user logs on to a remote server. By

default, -uuses the user name with which the user logged on. You can useany of the following formats to specify a user name:

user name (for example, Linda)

domain\user name (for example, widgets\Linda)

user principal name (UPN) (for example,

6/4/2014 I am busy changing the world: Windows Active Directory Domain Services - All "dsadd" parameters

http://iambusychangingtheworld.blogspot.com/2013/12/windows-active-directory-domain.html 3/3

Linda@widgets.contoso.com)

-p { |*}

Specifies to use either a password or a * to log on to a remote server. If

you type *, you are prompted for a password.

-q Suppresses all output to standard output (quiet mode).

{-uc | -uco | -uci}

Specifies that output or input data is formatted in Unicode. The followinglist explains each format.

-uc: Specifies a Unicode format for input from or output to a

pipe (|).

-uco : Specifies a Unicode format for output to a pipe (|) or

a file.

-uci: Specifies a Unicode format for input from a pipe (|) or

a file.

/? Displays help at the command prompt.