Please wait,
Processing your request...

  Business logo
  ... | Selecteer de Nederlandse taal |
Sharing is caring
| Print this page. | Linkedin page of Johan van Soest

React: Postcard image. Click this to mail to Johan


ICT-Hotlist Topic

DSADD group
DSADD user

DSMOD group
DSMOD user

DSRM group
DSRM user

With Windows 2000 the most flexible way to add a bulk of users to the Active Directory was using VBScript (WSH actually) with the ADSI interface or use expensive third party tools. With the introduction of Windows 2003 a great command line tool was introduced to add Active Directory objects. This tool DSADD can add OU's, groups, users and computers to an Active Directory tree.

Supported versions:
  • Windows Server 2003 (r2),
  • Windows Server 2008 (r2),
  • Windows Server 2012(r2),
  • Windows Server 2016,
  • Windows Server 2019,
  • Windows Server 2022

Use these samples to build the following Active Directory structure:
Directory structure build by the examples.
Directory structure build by the examples.

Add an Active Directory Organizational Unit.

Adding an Organizational Unit "OU-Development" with description to the domain "" use:
dsadd ou "OU=OU-Development, DC=van_soest, DC=it" -desc "Organizational unit for Development groups"
Warning: A Windows domain name can not contain an underscore "_" according to these standards. The underscore is used in these examples as a spam counter measure.

Add an Active Directory Group.

Adding a group "Gsg-Development" with a description to the "OU-Development" container can be done by:
dsadd group "cn=Gsg-Development, OU=OU-Development, DC=van_soest, DC=it" -desc "Software development department"
Default it creates a global security group (Gsg)

Add an Active Directory User.

Adding an User to the "Users" container with the following properties:
  • First name = "Johan"
  • Last name = "Soest van"
  • Login Name = "Johanvs"
  • Description = "Johan van Soest"
  • Password = "V3ry S3cr3t!"
  • Title = "Job Title"
  • Department ="ICT-department"
  • Company name = ""
  • E-mail =
  • Home drive = "G:\"
  • Home Directory = "\\dc1\$username$"
can be done by:
dsadd user "cn=Johan van Soest, cn=Users, DC=van_soest, DC=it" -upn "" -samid "johanvs" -desc "Johan van Soest" -pwd " V3ry S3cr3t!"" -fn "Johan" -ln "Soest van" -display "Johan van Soest" -title "Job Title" -dept "ICT-department" -company "" -email "" -hmdrv G: -hmdir "\\dc1\$username$"

Hidden user folder

A hidden folder can not be added by using the $username$ variable. Use the actual user name instead. So for a hidden share the statement becomes:
dsadd user "cn=Johan van Soest, cn=Users, DC=van_soest, DC=it" -upn "" -samid "johanvs" -desc "Johan van Soest" -pwd " V3ry S3cr3t!"" -fn "Johan" -ln "Soest van" -display "Johan van Soest" -title "Job Title" -dept "ICT-department" -company "" -email "" -hmdrv G: -hmdir "\\dc1\johanvs$"

Active Directory Group Membership

You may also set group membership of a user by adding the tag -memberof followed by multiple group distinguished names separated by spaces:
dsadd user "cn=Johan van Soest, cn=Users, DC=van_soest, DC=it" -upn "" -samid "johanvs" -desc "Johan van Soest" -pwd " V3ry S3cr3t!"" -fn "Johan" -ln "Soest van" -display "Johan van Soest" -title "Job Title" -dept "ICT-department" -company "" -email "" -hmdrv G: -hmdir "\\dc1\johanvs$" -memberof "cn=Gsg-Development, OU=OU-Development, DC=van_soest, DC=it"

Add an Active Directory User to an Active Directory Group.

To add an user "Johan van Soest" to the group "Gsg-Development" after the creation of both, you can use:
dsmod group "cn=Gsg-Development, OU=OU-Development, DC=van_soest, DC=it" -addmbr "cn=Johan van Soest, cn=Users, DC=van_soest, DC=it"

To see more possibilities about these commands, use the following:
    dsadd ou /?
    dsadd group /?
    dsadd user /?
    dsget group /?
    dsget user /?
    dsmod ou /?
    dsmod group /?
    dsmod user /?

Example of a dsget command to get all the users of a group sorted.

dsget group "cn=Gsg-Development, OU=OU-Development, DC=van_soest, DC=it" -members | sort
The same command used to show all the domain users in NotePad (Notice the Active Directory container Users is not an OU)
dsget group "cn=Domain Users,cn=Users,dc=van_soest,dc=it" -members | sort >> DomainUsers.txt && NotePad DomainUsers.txt

Removing an Active Directory object.

An object and all the nodes below can be removed with the dsrm command. To see all the possible options type:
dsrm /?
Changes : 2014 During testing on Windows 2012 r2 server noticed some HTML conversion errors in the DSADD/DSMOD commando's and added DSGET example.
Now you can find an article about the PowerShell equivalents here.

You may vote your opinion about this article:

Scripts and programming examples disclaimer

Unless stated otherwise, the script sources and programming examples provided are copyrighted freeware. You may modify them, as long as a reference to the original code and hyperlink to the source page is included in the modified code and documentation. However, it is not allowed to publish (copies of) scripts and programming examples on your own site, blog, vlog, or distribute them on paper or any other medium, without prior written consent.
Many of the techniques used in these scripts, including but not limited to modifying the registry or system files and settings, impose a risk of rendering the Operating System inoperable and loss of data. Make sure you have verified full backups and the associated restore software available before running any script or programming example. Use these scripts and programming examples entirely at your own risk. All liability claims against the author in relation to material or non-material losses caused by the use, misuse or non-use of the information provided, or the use of incorrect or incomplete information, are excluded. All content is subject to change and provided without obligation.
Generated by WebHalla™ Version 0.1.e.7 : Sunday 23-6-2024 © Copyright 1995-2024 ing. Johan P.G. van Soest CIPM Certified Privacy Information Manager
Response Form    Cookie- and Privacy statement    Responsible Disclosure procedure
Weather in Waalre by OpenWeatherMap logo mist
Temperature 12.95 °C mist
Wind chill 12.18 °C mist
Humidity 72 % mist
Air pressure 1015 hPa mist
Wind speed 1.03 m/s mist
Wind direction South West South West mist
Sun Rise 5:22 Sun Rise
Sun Set 21:58 Sun Set
Updated:2024-06-23 03:39:06 mist
| Current user: Guest | Login |