25 Responses to Using DSMod to update Active Directory

  1. Laurence says:

    Very useful page – thanks.
    Do you have a method where you can get the computer name if you only have the user name? Preferably on screen.
    Also I’m looking to populate the Computer Description with the users name (different problem to the above) – is this possible?
    Thanks again,

  2. Gab says:

    $username$ won’t work if a $ appears somewhere else in the parameter

  3. Pingback: Some helpful links for security checking! « rdpetti

  4. Mike says:

    Gab is right.. Any solution except renaming folder structure? (For example from \\server\userdata$\$username$ to \\server\userdata\$username$ ?

    • Adam Vero says:

      The approach I would probably take would be to use dsquery | dsget to get a list of the usernames and redirect the output to a text file (check them on screen first, then re-use the command with the redirect on the end) eg: dsquery user "OU=SomeOU,OU=RootOU,DC=MyDomain,DC=local" | dsget user -samid > c:\temp\SAMlist.txt

      Open the list in Excel or some other spreadsheet tool and delete any rows you don’t want to affect eg user templates or service accounts (hopefully they would be in a different OU anyway). Use a formula to construct the commands you need to do the modification without a wildcard for $username$, eg in cell B1 use: ="dsquery user -samid "&A1&" |dsmod user -hmdir "\\server\userdata$\"&A1

      Copy the formula all the way to the bottom so you have a unique line for each username. Copy and paste this into Notepad, save as a .cmd (or .bat if you prefer). Run this and every user gets updated.
      Of course you can refine the dsquery to only include certain users, or add more fields to the dsget to help you identify the right sets of users for each folder path you need, such as -office or -desc

      Not a direct way of doing it, but not too longwinded, certainly compared to doing them by hand.

      • Mike says:

        Yes, I agree.. This is the way I was going to use but only wanted to know if anyone knows a better solution (like using quotation marks or whatever).. Anyway, thanks for the responce.

  5. Rory says:

    Hi, is it possible to change the telephone number using DSMOD, I have a list of users that need to be updated so would like to use a CSV to do this.

    • ukcrmguru says:

      Open your csv in Excel and use a simple formula to construct a dsquery / dsmod around the user names (see above comment for an example). Depending on your data you may need to translate the names you have into samids (eg using first initial plus surname). Otherwise use -name and their full name in quotes: dsquery user -name “Eliza Doolittle”
      pipe this to a dsmod user -tel.
      To get the double quotes in the result you will need triple double-quotes in the middle, so overall you might have a formula in C1 downwards:
      =”dsquery user -name “”” &A1& “”” |dsmod user -tel “””&B1&””””
      Copy all of column C and simply paste into Notepad, save as a cmd file and run it.

      • Rory says:

        Thanks, I seem to get an error message DSMOD failed: ‘target object for this command’ is missing..

  6. Rory says:

    C:\>dsquery user -name “””username””” “OU=Systems,OU=Production,DC=XXXX,DC=XXXXX,DC=com” |dsmod user -tel “XXXX” -u XXX -p XXX

    • ukcrmguru says:

      Run the dsquery on its own to see any errors.

      Make sure you don’t actually have curly quotes in your command line (or in your Excel formula). I am assuming you are substituting “username” with a user’s full name. If you want to use their logon id, use -samid instead of -name and eg “elizad1” instead of “Eliza Doolittle”

      Note also that the -u and -p parameters will be per command, so if you don’t have admin rights to read the objects from that OU, you may need to do this for the dsquery part as well as for dsmod.

      • Rory says:

        thanks, there are no errors on the DSQUERY, seems to be the DSMOD, the users are in a sub ou called system in the prod OU

    • ukcrmguru says:

      Also another thought – are your user accounts in the OU called Production\Systems ? or does that have the computer accounts in?

      • ukcrmguru says:

        So dsquery brings back a FQDN for a given user? But dsmod claims there is no target for the command? what happens if you use the returned value explicitly (ie copy and paste it in)?
        I wonder if there is an issue using a pipe to pass the result of the dsquery if you are running dsquery and dsmod as different user accounts (as you are).
        You might be better off using runas to run a command line window with the required user account to get (domain) admin privileges, then run dsquery and dsmod without -u or -p options.

      • Rory says:

        What I’m doing at the min is throwing these commands into a dos window (as domain admin) on a w2k8R2 server. its driving me crazy, as it looks like there is a tiny syntax error..grr.

        I tried this command :

        DSQUERY USER -name “””myusername””” | DSGET USER -samid and get the following :

        dsget failed:’Target object for this command’ is missing.

      • ukcrmguru says:

        What about just:
        dsquery user -name “Your Name”
        dsquery user -samid “yourlogonname”

        You need to use name or samid depending on whether you are feeding it a user’s full name or logon account name.
        One of these should return a FQDN for a user, the other will not fail in the sense of an error message but will not return any results.

  7. Rory says:

    It works now! <B you are a genius. pint of virtual Guinness heading your way.

  8. Rory says:

    opps almost forgot the command I used was

    dsquery user -samid “me” “OU=Systems,OU=Production Services,DC=xxxx,DC=xxxx,DC=com” | dsmod user -tel “xxxx” -u xxxxx -p xxxxx

    It was a typo! I never put in Services..!

  9. Andy Owen says:

    Nice little tutorial.

    Question – I am using dsmod in conjunciton with dsquery to change the location of a bunch of Computers to their relevant departments, all good. BUT…

    dsquery doesn’t work to query on locaiton, in fact I can find no tool which will let me query by location…

    Wouldn’t it be nice if you could post to Department (a searchable field) rather than location…?

  10. Mark says:

    Thank you so much for this! The DSMOD command is amazing. I have been pulling what few hairs I have left out, trying to write vbcode to get the list of members in a group and then update their email addresses to match their name. Now I ended up with one easily scriptable line:

    dsquery group -name “mygroup” | dsget group -members -expand | dsmod user -email $username$@myschool.edu

    • ukcrmguru says:

      Mark, I’m very glad this old post helped you out, and thanks for sharing your command for others to see you far you can take this using the right pipes.

  11. Beepbeep says:

    Thanks a lot for this article.
    I’ve resolve my AD modification script issue!

  12. knych says:

    How do I modify an existing group(s) – particularly the Managedby and Description in AD?

    been trying to work with Powershell but i keep on receiving errors, really need to have it done the sooner so I am considering different options.

    Thanks in Advance!

    • Mark says:

      LOL, this thread is still going, 9 years later!

      I don’t think you can update the “ManagedBy” attribute in a group using DSMOD. You can add and remove users from a group easily, but I’ve never read about a way to change the “ManagedBy ” attibute.

      updating the description is easy:
      dsmod group -desc
      dsmod group “CN=TestGroup,OU=Group Accounts,DC=xxxxx” -desc “Test Group”

      remember you must be using an account with the necessary permissions or use the “-u” option to connect as a different user

Please feel free to join in the conversation below...

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: