| dsmod | new in WS2003 |
Modifies the properties of objects in Active Directory.
dsmod command switches [{-s Server|-d Domain}] [-u UserName]
[-p {Password|*}] [-q] [-c] [-desc Description]
command
Any dsmod command (see below).
switches
Various switches that go with each command (see below).
{-s Server | -d Domain}
Connects to a specified server or domain to run the command (if omitted, defaults to domain controller in logon domain).
[-u UserName] [-p {Password | *}]
Credentials for running the command. Specify
UserName as domain\user or user@domain. If -p *, prompts for password.
-q
Runs in quiet mode to suppress standard output of command.
-c
Reports errors and then continues with next object in argument list if multiple objects are specified; otherwise, exits upon error.
-desc Description
Modifies the description for the object.
Here is a list of supported dsmod commands together with a brief description of their syntax (only the most commonly used switches are described):
dsmod computer ComputerDN... [-disabled {yes | no}] [-reset]
Modifies properties of one or more computer accounts identified by their distinguished names. Options include:
-disabled {yes | no}
Enables (yes) or disables (no) the computer account
-reset
Resets the computer account
dsmod contact ContactDN... [-fn] [-ln] [-email] ...
Modifies the first name, last name, email address, and other attributes of one or more contacts identified by their distinguished names
dsmod group GroupDN... [-secgrp {yes | no}] [-scope {l | g | u}] [-samid SAMName] [{-addmbr | -rmmbr | -chmbr} MemberDN...]
Modifies the properties of one or more groups identified by their distinguished names. See dsadd group earlier in this chapter for info about -secgrp and -scope options. The -samid SAMName option specifies the SAM account name, and the last option specifies members that should be added to, removed from, or replaced in the group.
dsmod ou OrganizationalUnitDN...
Modifies properties of one or more organizational units specified by their distinguished names. The only thing you can modify is the description of the group.
dsmod server ServerDN... [-isgc {yes | no}]
Modifies properties of one or more domain controllers specified by their distinguished names. The -isgc option specifies whether the server is a global catalog server (yes) or not (no).
dsmod user UserDN... [-upn UserPrincipalName] [-fn FirstName] [-ln LastName][-display DisplayName] [-pwd {Password | *}] [-tel PhoneNumber] [-email Email] [-title Title] [-company Company] [-hmdir HomeDirectory] [-profile ProfilePath] [-pwdneverexpires {yes | no}] ...
Modifies the properties of one or more user accounts specified by their distinguished names. See dsadd user earlier in this chapter for information on some of the switches here.
dsmod quota QuotaDN... [-qlimit Value]
Specifies the distinguished names of one or more quota specifications to modify. Here -qlimit Value indicates the number of Active Directory objects that can be owned by the security principal to which the quota object is assigned.
dsmod partition PartitionDN... [-qdefault Value] [-qtmbstnw Percent]
Specifies distinguished names of one or more directory partitions you want to modify, with -qdefault Value specifiying the default quota for the partition and -qtmbstnwt Percent specifying the percentage by which the tombstone object count should be reduced when calculating quota usage.
Use dsget to check whether computer account DESK157 in Sales OU of
mtit.local domain is enabled or disabled:
dsget computer CN=DESK157,OU=Sales,DC=mtit,DC=local -disabled disabled yes dsget succeeded
The account is disabled, so use dsmod to enable it:
dsmod computer CN=DESK157,OU=Sales,DC=mtit,DC=local -disabled no dsmod succeeded:CN=DESK157,OU=Sales,DC=mtit,DC=local
Verify the result:
dsget computer CN=DESK157,OU=Sales,DC=mtit,DC=local -disabled disabled no dsget succeeded
Active Directory , dsadd, dsget, dsmove, dsquery, dsrm,
Groups ,
Users