Windows IT Pro is the authoritative and independent resource for windows nt, windows 2000, windows 2003, windows xp. Features a collection of resources and magazines for windows IT professionals.
  
  
  Advanced Search 


December 2006

Using Dsmod To Update a Large Number of User Records at One Time


From the December 2006 Edition
of Windows IT Pro
John Savill
Ask the Experts
InstantDoc #93639
Windows IT Pro
Email this Article
Printer Friendly
Reader Comments
Digg This
Del.icio.us
RSS
Subscribe to Windows IT Pro | See More Active Directory (AD) Articles Here | Reprints | Or get the Monthly Online Pass—only $5.95 a month!
Main Article    Ask the Experts

I'm using Windows Server 2003's Dsmod command to modify user accounts in Active Directory (AD). Can I use a wildcard character as part of the target object?

No you can't use wildcard characters with Dsmod. But I can show you a way to work around this. Ordinarily when using the Dsmod utility, you pass one or more target objects, separated by a space. So for example to update the passwords for Bruce Wayne and Clark Kent, I would type the command

 dsmod user “cn=bruce wayne,
  ou=JusticeLeague,dc=r2demo,
  dc=test” “cn=clark kent,
  ou=JusticeLeague,dc=r2demo,
  dc=test” -pwd Pa55word

And the system should return

dsmod succeeded:cn=bruce wayne,
  ou=JusticeLeague,dc=r2demo,
  dc=test
dsmod succeeded:cn=clark kent,
  ou=JusticeLeague,dc=r2demo,
  dc=test

Now, lets say that I have 500 objects in an organizational unit (OU) and I want to update all of them. Instead of passing 500 distinguished names (DNs), one for each object, it would be much easier to pass a wildcard character as part of the target object name (e.g., *,ou=JusticeLeague,dc=r2demo,dc=test), but unfortunately, Dsmod doesn't support it. However, Windows does support the concept of piping output from one command as the input of another command, which you denote by using the pipe (|) character. Therefore, you can use another command whose output is a list of the DNs of the objects in the specified OU, as the equivalent of the wildcard. For example, to return a lis of all user type objects in the JusticeLeague OU, use the Dsquery command as follows:

dsquery user ou=JusticeLeague,
  dc=r2demo,dc=test

and the system would return

“CN=Bruce Wayne,OU=JusticeLeague,
  DC=r2demo,DC=test”
“CN=Clark Kent,OU=JusticeLeague,
  DC=r2demo,DC=test”
“CN=Diana Prince,OU=JusticeLeague,
  DC=r2demo,DC=test”
“CN=Hal Jordan,OU=JusticeLeague,
  DC=r2demo,DC=test”
“CN=Arthur Curry,OU=JusticeLeague,
  DC=r2demo,DC=test”
“CN=Wally West,OU=JusticeLeague,
  DC=r2demo,DC=test”

Now if you combine the Dsmod and Dsquery commands, as the following example shows, you can perform modifications on all the users in the OU.

dsquery user ou=JusticeLeague,
  dc=r2demo,dc=test| dsmod user
  -pwd Pa55word

Now suppose you want to update only users in a certain group. For that task, you'd use the Dsget command to list all members of a given group and then pipe the output to the Dsmod command, as the following command shows:

dsget group “cn=members,
  ou=JusticeLeague,dc=r2demo,
  dc=test” -members| dsmod user
  -pwd Pa55word

When you combine the power of Dsquery and Dsget, you can do far more than with a wildcard character, leading to very granular search outputs that you can use as input to your modification requirements. You're limited only by your skill with the Dsquery and Dsget commands.

End of Article

Reader Comments

You must log on before posting a comment.

If you don't have a username & password, please register now.




Top Viewed ArticlesView all articles
PsExec

This freeware utility lets you execute processes on a remote system and redirect output to the local system. ...

Command Prompt Tricks

One reader shares his tip for setting up the command prompt to reflect a remote path. ...

How can I stop and start services from the command line?

...
Active Directory (AD) Whitepapers Sustainable Compliance: How to reconnect compliance, security and business goals

Managing Unix/Linux with Microsoft System Center Operations Manager 2007 Cross Platform Extensions Beta

Addressing the Insider Threat with NetIQ Security and Administration Solutions
Related Events Concrete Ways to Make Sure Your SharePoint Deployment Doesn't Blow Up

PCI Requirements for Windows and Active Directory: Straight from a Certified Auditor

Check out our list of Free Email Newsletters!
Active Directory (AD) eBooks Keeping Your Business Safe from Attack: Monitoring and Managing Your Network Security

Keeping Your Business Safe from Attack: Encryption and Certificate Services

Windows 2003: Active Directory Administration Essentials
Related Active Directory (AD) Resources Become a VIP member of the Windows IT Pro community!
Get it all with the VIP CD and VIP access. A $500+ value for only $279!

Subscribe to Windows IT Pro!
Solve your toughest technical problems with our experts and access 10,000 + articles online. 30% off

Monthly Online Pass - Only $5.95!
Get instant access to 10,000+ articles from Windows IT Pro Magazine!

TechNet Virtual Labs
Evaluate and test Microsoft's newest products.



ADS BY GOOGLE

Job Openings in IT SPONSORED LINKS FEATURED LINKS
Register for Orion NPM v9 - Evaluation
Affordable, easy-to-use network performance management with SolarWinds Orion – Free Trial!

Want a Hardware-Independent Image?
Binary Research, the Ghost people, shows you how to clone with 1!

Order Your Fundamentals CD Today!
Register today for your in-depth copy of one of three Fundamental CDs on the following topics – Exchange, SQL, and SharePoint.
Windows IT Pro Home Register FAQ for Windows WinInfo News
Europe Edition About Us Contact Us/Customer Service Media Kit Affiliates / Licensing  
SQL Server Magazine Office & SharePoint Pro Windows Dev Pro IT Job Hound ITTV
IT Library Technology Resource Directory Connected Home Windows Excavator Windows SuperSite 
 
 Windows IT Pro is a Division of Penton Media Inc.
 Copyright © 2008 Penton Media, Inc., All rights reserved. Terms and Use | Privacy Statement | Reprints and Licensing