The DSAdd utility adds new objects to Active
Directory. Each object requires different input to create the object.
The DSAdd utility supports the following common objects.
computer
contact
group
ou (organizational unit)
user
quota
|
Graphics and the Command Line Often Work Together
Just because you're
focusing on the command line doesn't mean you won't ever need to work
with a graphical utility. This book doesn't discuss the main graphical
utility for editing Active Directory, the Active Directory Services
Interface Editor (ADSIEdit). The ADSIEdit utility can come in quite
handy, though, even when you're working at the command line. For
example, you can use it when you're creating a script to ensure you get
the Lightweight Directory Access Protocol (LDAP) statement for selecting
an object correct. Instead of figuring out the LDAP by hand, you can
simply copy and paste it for the object you want to select from
ADSIEdit. Interestingly enough, ADSIEdit is another one of those
graphical tools that works for the most part in Server Core, so you can
use this graphical tool for management purposes by starting it from the
command line.
I've been using ADSIEdit for a wealth of needs over the years. For example, it appears in my book, .NET Development Security Solutions
(Sybex, 2003), because it's a necessary tool for developers. You can
find a number of articles, tutorials, and reference guides for ADSIEdit
online. For example, you can find a great overview of ADSIEdit on
Microsoft TechNet at http://technet2.microsoft.com/WindowsServer/en/Library/ebca3324-5427-471a-bc19-9aa1decd3d401033.mspx. You'll find a great tutorial article about ADSIEdit on the ExhangeIS Web site at http://exchangeis.com/blogs/exchangeis/archive/2005/08/09/48.aspx. If you're working with Windows 2003, make sure you check out the Windows 2003-specific information about ADSIEdit at http://www.computerperformance.co.uk/w2k3/utilities/adsi_edit.htm.
|
All of these
objects require some basic input to obtain the data. For example, you
can expect to provide a username. The following list provides the common
inputs for each of the objects.
ObjectDN
Specifies the
distinguished name for the object that you want to add. In most cases,
the command line syntax for the objects appear with the object name,
such as ComputerDN for the
computer object's distinguished name. Every object requires a
distinguished name so the distinguished name is one of the few pieces of
required information you must provide. If you don't supply the
distinguished name on the command line, the utility attempts to obtain
the distinguished name using the standard input (StdIn) device, which
can include the keyboard, a redirected file, or as piped output from
another command. Always end the standard input with the Ctrl+Z
character.
-desc
Description
Determines the
object description. Always enclose arguments that contain spaces within
quotes. Because most descriptions contain spaces, you can reduce errors
by always enclosing descriptions in quotes.
{-s Server | -d Domain}
Connects to
the specified remote server or domain (not both). You must have the
required rights to access the server or domain. The default settings
rely on the domain controller for the logon domain. If you aren't logged
into a domain, the utility attempts to use the logon server. When a
logon server isn't available, the utility uses the local machine or
registers an error that Active Directory isn't installed.
-u
UserName
Specifies the name of
the user account to use to log onto a remote server. The default setting
relies on the user account of the currently logged on user. The
username can take several forms, as shown in the following list.
UserName
The account name such as GeorgeS.
Domain\UserName
The domain name combined with the username, such as MyDomain\GeorgeS.
User Principal Name (UPN)
The UPN version of the username that includes the fully qualified domain, such as [email protected].
-p
{Password
| *}
Specifies the user
password. The utility prompts you for a password when you provide the
asterisk (*) in place of the actual password. Using this second option
is actually better from a security perspective because the prompt dialog
box replaces your password with asterisk. Using the command line option
displays your password in plaintext.
-q
Places the utility in quiet mode. The utility doesn't output any information to the command line.
{-uc | -uco | -uci}
Specifies that the input or output data is in Unicode format. The following list describes each of these Unicode options.
-uc
Specifies a Unicode format for both input and output when using a pipe (|).
-uco
Specifies a Unicode format for output when using a pipe (|) or file.
-uci
Specifies a Unicode format for input when using a pipe (|) or file.
1. computer
The computer object adds a new computer to Active Directory. This object uses the following syntax:
dsadd computer ComputerDN [-samid SAMName] [-desc Description]
[-locLocation] [-memberof GroupDN ...] [{-s Server | -d Domain}]
[-u UserName] [-p {Password | *}] [-q] [{-uc | -uco | -uci}]
The following list describes each of the command line arguments.
-samid
SAMName
Defines the SAM account name for the computer.
-loc
Location
Specifies the physical location of the computer.
-memberof
GroupDN
...
Defines the group
membership of the computer you want to add. The input argument is the
distinguished name of a group. You may specify more than one group.
Separate the group distinguished names with spaces.
2. contact
The contact object adds
a new contact to Active directory. A contact is someone who exists
outside of the company and doesn't have access to the network. This
object uses the following syntax:
dsadd contact ContactDN [-fn FirstName] [-mi Initial] [-ln LastName]
[-display DisplayName] [-desc Description] [-office Office]
[-tel PhoneNumber] [-email Email] [-hometel HomePhoneNumber]
[-pager PagerNumber] [-mobile CellPhoneNumber] [-fax FaxNumber]
[-iptel IPPhoneNumber] [-title Title] [-dept Department]
[-company Company] [{-s Server | -d Domain}] [-u UserName]
[-p {Password | *}] [-q ] [{-uc | -uco | -uci }]
The following list describes each of the command line arguments.
-fn
FirstName
Specifies the contact's first name.
-mi
Initial
Specifies the contact's middle initial.
-ln
LastName
Specifies the contact's last name.
-display
DisplayName
Determines the contact's display name (the name you see when you access the contact entry).
-office
Office
Defines the physical office location of the contact.
-tel
PhoneNumber
Specifies the contact's landline business telephone number.
-email
Email
Specifies the contact's email address.
-hometel
HomePhoneNumber
Specifies the
contact's home telephone number. Normally, this entry is for a landline
telephone, but could also contain a secondary cellular telephone number.
-pager
PagerNumber
Specifies the contact's pager telephone number and any required special codes.
-mobile
CellPhoneNumber
Specifies the contact's cellular telephone number.
-fax
FaxNumber
Specifies the contact's facsimile telephone number.
-iptel
IPPhoneNumber
Specifies the contact's Internet Protocol (IP) telephone number.
-title
Title
Specifies the contact's business title.
-dept
Department
Defines the department in which the contact works.
-company
Company
Specifies the contact's company name.
