There are a couple of tools for creating objects in AD:
CSVDE:
Export all users from specific OU:
csvde -m -f DomainUsers.csv -d "OU=Users,OU=UK,DC=domain,DC=local" -r "(&(objectClass=*)(mail=*))" -l displayName,userPrincipalName |
Replace: “OU=Users,OU=UK,DC=domain,DC=local” with an LDAP string for your domain.
Download this tool to generate the LDAP string: AD-Explorer
LDIFDE:
Export all users into .LDF file:
ldifde -f c:\Exportuser.ldf -s DCServerName -d "OU=Users,OU=UK,DC=domain,DC=local" -p subtree -r "(&(objectCategory=person)(objectClass=User)(givenname=*))" -l "cn,givenName,objectclass,samAccountName" |
Import all Users from .LDF file
ldifde -i -f c:\Exportuser.ldf -s DCServerName |
DSADD:
Create computer in AD:
DSADD computer cn=client01,OU=Computers,OU=UK,DC=domain,DC=local |
Create user in AD:
DSADD user cn=UserName,OU=Users,OU=UK,DC=domain,DC=local -display MyDisplayName -pwd Passw0rd -office "Marketing" -title "Marketing Manager" -dept Marketing -loscr LOGIN.BAT -mustchpwd yes -canchpwd yes -disabled yes |
Change user password in AD and prompt for change at login:
DSQUERY user -samid TTate | DSMOD user -pwd Passw0rd -mustchpwd yes DSMOD user TTate -mustchpwd no |
Set users password not to expire:
DSQUERY user -samid TTATE | DSMOD user -pwdneverexpires yes |
This is a great easy function, but what if you need to change 100+ user passwords? You wouldn’t want to type this out manually, to help with this I made use of this the DSQuery and an Excel “CONCATENATE” function.
1) List all users in AD and output to txt file:
dsquery user "OU=Users,OU=UK,DC=domain,DC=local" -limit 0 | dsget user -dn -upn > c:\DSQueryUsers.csv OR csvde -m -f c:\DSQueryUsers.csv -d "OU=Users,OU=UK,DC=domain,DC=localm" -r "(&(objectClass=*)(mail=*))" -l displayName,userPrincipalName |
2) The generated “c:\DSQueryUsers.csv” file can be manipulated in Excel and the usernames can be extracted, this example will place the “userPrincipalName” in “C3” into the value:
="dsquery user -samid "&C3&" | dsmod user -pwd Passw0rd -mustchpwd yes -disabled no" |
Output should look like this:
dsquery user -samid Jsmith | dsmod user -pwd Passw0rd -disabled yes
dsquery user -samid Wcarling | dsmod user -pwd Passw0rd -disabled yes
3) All the excel fields can then be selected and pasted directed into the CMD window.
NET USER
Change user password in AD: (if logged into DC using “net user”):
net user JSmith Passw0rd |
References:
http://technet.microsoft.com/en-us/library/cc754539.aspx
Problems with DSAdd command
Migrate File Server to new domain and export NTFS permission