AD Objects via CL | CSVDE | DSADD | LDIFDE

There are a couple of tools for creating objects in AD:


Export all users from specific OU:

csvde -m -f DomainUsers.csv -d "OU=Users,OU=UK,DC=domain,DC=local" -r "(&(objectClass=*)(mail=*))" -l displayName,userPrincipalName

Replace: “OU=Users,OU=UK,DC=domain,DC=local” with an LDAP string for your domain.
Download this tool to generate the LDAP string: AD-Explorer


Export all users into .LDF file:

ldifde -f c:\Exportuser.ldf -s DCServerName -d "OU=Users,OU=UK,DC=domain,DC=local" -p subtree -r "(&(objectCategory=person)(objectClass=User)(givenname=*))" -l "cn,givenName,objectclass,samAccountName"

Import all Users from .LDF file

ldifde -i -f c:\Exportuser.ldf -s DCServerName


Create computer in AD:

DSADD computer cn=client01,OU=Computers,OU=UK,DC=domain,DC=local

Create user in AD:

DSADD user cn=UserName,OU=Users,OU=UK,DC=domain,DC=local -display MyDisplayName -pwd Passw0rd -office "Marketing" -title "Marketing Manager" -dept Marketing -loscr LOGIN.BAT -mustchpwd yes -canchpwd yes -disabled yes

Change user password in AD and prompt for change at login:

DSQUERY user -samid TTate | DSMOD user -pwd Passw0rd -mustchpwd yes
DSMOD user TTate -mustchpwd no

Set users password not to expire:

DSQUERY user -samid TTATE | DSMOD user -pwdneverexpires yes

This is a great easy function, but what if you need to change 100+ user passwords? You wouldn’t want to type this out manually, to help with this I made use of this the DSQuery and an Excel “CONCATENATE” function.

1) List all users in AD and output to txt file:

dsquery user "OU=Users,OU=UK,DC=domain,DC=local" -limit 0 | dsget user -dn -upn > c:\DSQueryUsers.csv
csvde -m -f c:\DSQueryUsers.csv -d "OU=Users,OU=UK,DC=domain,DC=localm" -r "(&(objectClass=*)(mail=*))" -l displayName,userPrincipalName

2) The generated “c:\DSQueryUsers.csv” file can be manipulated in Excel and the usernames can be extracted, this example will place the “userPrincipalName” in “C3” into the value: 

="dsquery user -samid "&C3&" | dsmod user -pwd Passw0rd -mustchpwd yes -disabled no"

Output should look like this:

dsquery user -samid Jsmith | dsmod user -pwd Passw0rd -disabled yes

dsquery user -samid Wcarling | dsmod user -pwd Passw0rd -disabled yes

3) All the excel fields can then be selected and pasted directed into the CMD window.

Change user password in AD: (if logged into DC using “net user”):

net user JSmith Passw0rd

Problems with DSAdd command
Migrate File Server to new domain and export NTFS permission

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.