active directory domain services - all _dsadd_ parameters.pdf
TRANSCRIPT
-
6/4/2014 I am busy changing the world: Windows Active Directory Domain Services - All "dsadd" parameters
http://iambusychangingtheworld.blogspot.com/2013/12/windows-active-directory-domain.html 1/3
Windows Active Directory Domain Services - All"dsadd" parameters
"dsadd" is a command line tool to add an account into the MS
Windows Active Directory :
dsadd user [-samid ] [-upn ] [-fn ] [-mi ] \
[-ln ] [-display ] [-empid ] [-pwd { | *}] \
[-desc ] [-memberof ...] [-office ] [-tel ] \
[-email ] [-hometel ] [-pager ] [-mobile ] \
[-fax ] [-iptel ] [-webpg ] [-title ] \
[-dept ] [-company ] [-mgr ] [-hmdir ] \
[-hmdrv :][-profile ] [-loscr ] [-mustchpwd {yes | no}] \
[-canchpwd {yes | no}] [-reversiblepwd {yes | no}] [-pwdneverexpires {yes | no}] \
[-acctexpires ] [-disabled {yes | no}] [{-s | -d }] \
[-u ] [-p { | *}] [-q] [{-uc | -uco | -uci}]
All "dsadd"'s parameters (http://technet.microsoft.com/en-
us/library/cc731279.aspx):
Parameter Description
Required. Specifies the distinguished name of the user that you want to
add. If you omit the distinguished name, dsadd takes the name from standardinput (stdin).
-samid
Specifies the Security Accounts Manager (SAM) name as the unique SAMaccount name for this user, for example, Linda. If you do not specify the
SAM name, dsadd attempts to create the SAM account name by using up to thefirst 20 characters from the common name (CN) value ofUserDN.
-upn Specifies the user principal name of the user that you want to add, forexample, [email protected].
-fn Specifies the first name of the user that you want to add.
-mi Specifies the middle initial of the user that you want to add.
-ln Specifies the last name of the user that you want to add.
-display
Specifies the display name of the user that you want to add.
-empid
Specifies the employee ID of the user that you want to add.
-pwd {|*}
Specifies that the password for the user be set to Password or an asterisk
(*). If you set the password to *, dsadd prompts you for a user password.
-desc
Specifies the description of the user that you want to add.
-memberof
Specifies the distinguished names of the groups of which you want the userto be a member.
-office Specifies the office location of the user that you want to add.
-telr
Specifies the telephone number of the user that you want to add.
-email Specifies the e-mail address of the user that you want to add.
-hometel
Specifies the home telephone number of the user that you want to add.
-
6/4/2014 I am busy changing the world: Windows Active Directory Domain Services - All "dsadd" parameters
http://iambusychangingtheworld.blogspot.com/2013/12/windows-active-directory-domain.html 2/3
-pager
Specifies the pager number of the user that you want to add.
-mobile
Specifies the cell phone number of the user that you want to add.
-fax Specifies the fax number of the user that you want to add.
-iptel
Specifies the IP phone number of the user that you want to add.
-webpg Specifies the Web page URL of the user that you want to add.
-title Specifies the title of the user that you want to add.
-dept
Specifies the department of the user that you want to add.
-company
Specifies the company information of the user that you want to add.
-mgr Specifies the distinguished name of the manager of the user that you wantto add.
-hmdir
Specifies the home directory location of the user that you want to add. Ifyou specifyHomeDirectory as a Universal Naming Convention (UNC) path, then
you must specify a drive letter for dsadd to map to this path using the -
hmdrv parameter.
-hmdrv :
Specifies the home directory drive letter (for example, E:) of the userthat you want to add.
-profile
Specifies the profile path of the user that you want to add.
-loscr
Specifies the logon script path of the user that you want to add.
-mustchpwd {yes |no}
Specifies whether users must change their passwords when they next log on.
The available values are yes and no. By default, users do not have to
change their passwords (no).
-canchpwd {yes |no}
Specifies whether users can change their passwords. The available values
are yes and no. By default, users can change their passwords (yes). The
value of this parameter must beyes if the value of the -mustchpwd parameter
is yes.
-reversiblepwd{yes | no}
Specifies whether to store user passwords using reversible encryption. The
available values are yes and no. By default, users cannot use reversible
encryption (no).
-pwdneverexpires{yes | no}
Specifies whether the user password never expires. The available values
are yes and no. By default, user passwords expire (no).
-acctexpires
Specifies the number of days from today that the user account will expire.A value of 0 sets expiration at the end of today. A positive value setsexpiration in the future. A negative value sets expiration in the past. The
value never sets the account to never expire. For example, a value
of 0 implies that the account expires at the end of today. A value
of -5 implies that the account has already expired 5 days ago and sets an
expiration date in the past. A value of 5 sets the account expiration datefor 5 days in the future.
-disabled {yes |no}
Specifies whether dsadd disables the user account for logon. The available
values are yesor no. For example, the following command creates aNicolettep user account in an enabled state:
dsadd user CN=Nicolettep,CN=Users,DC=Widgets,DC=Contoso,DC=Com -pwd Password1 -disabled no
By default, the user account is disabled for log on (yes). For example, thefollowing command creates a Nathanp user account in a disabled state:
dsadd user CN=Nathanp,CN=Users,DC=Widgets,DC=Contoso,DC=Com
{-s | -d}
Connects to a specified remote server or domain. By default, the computeris connected to the domain controller in the logon domain.
-u
Specifies the user name with which the user logs on to a remote server. By
default, -uuses the user name with which the user logged on. You can useany of the following formats to specify a user name:
user name (for example, Linda)
domain\user name (for example, widgets\Linda)
user principal name (UPN) (for example,
-
6/4/2014 I am busy changing the world: Windows Active Directory Domain Services - All "dsadd" parameters
http://iambusychangingtheworld.blogspot.com/2013/12/windows-active-directory-domain.html 3/3
-p { |*}
Specifies to use either a password or a * to log on to a remote server. If
you type *, you are prompted for a password.
-q Suppresses all output to standard output (quiet mode).
{-uc | -uco | -uci}
Specifies that output or input data is formatted in Unicode. The followinglist explains each format.
-uc: Specifies a Unicode format for input from or output to a
pipe (|).
-uco : Specifies a Unicode format for output to a pipe (|) or
a file.
-uci: Specifies a Unicode format for input from a pipe (|) or
a file.
/? Displays help at the command prompt.