date: “2016-12-01” draft: false title: “ds”

Commands

The ds family of commands perform operations on Active Directory objects. There are too many commands to show all the flags but they mostly follow the same structure. Here are the main links you want to have around.

Command	Link	ss64
`dsacls`	technet
`dsadd`	technet
`dsamain`	technet
`dsdbutil`	technet
`dsget`	technet
`dsmgmt`	technet
`dsmod`	technet	ss64
`dsmove`	technet
`dsquery`	technet	ss64
`dsrm`	technet	ss64

Examples

Command	Description
`dsquery computer`	get comptuer info
`dsquery * -limit 0 -filter "&(objectClass=User)(objectCategory=Person)" -attr *`	get all users metadata
`dsquery * "<DN>" -attr *`	get all attributes
`dsquery * -attr operatingSystem operatingSystemServicePack -filter "(\| (operatingSystem=*))`	service pack info
`dsquery user -name FILTER \| dsget user -memberof`	user group memberships
`dsquery group -name FILTER \| dsget group -members \| dsget user -upn`	all group members upns
`dsget group "<GROUP DN>" -members`	list members
`dsadd user "CN=userA,CN=users,DC=acme,DC=local" -samid usera -upn usera@acme.local -fn "user" -ln "a" -display "User A" -pwd abc123 -desc "user a" -disabled no`	create a user
`dsadd group "cn=acme admins,cn=users,dc=acme,dc=local"`	add a group (OU)
`dsmod group "<GROUP DN>" -addmbr "<MEMBER DN>"`	add member to group
`dsrm "<OBJECT DN>" -noprompt`	remove raw object
`dsquery computer -name <NAME>`	Determine if a computer name is on the domain
`dsquery ou -name *`	Find all OU’s
`dsquery user "OU=Acme Admins,DC=acme,DC=local" -desc "Acme Admin"`	Get all users belonging to an OU with a particular description
`dsquery user -samid <SAMID> \| dsrm -noprompt`	remove user by samid
`dsmove <DN> -newparent <PARENT_DN>`	move to new parent

Is this box a member of a domain?

nslookup -type=any %userdnsdomain%.
nltest /dclist:
systeminfo | findstr “Domain”

use variables for long OU names

set _usera="cn=userA,ou=users,dc=domain,dc=local
dsmod user %_usera% -disabled yes