DSAdd - CMD

Overview

The DSAdd command is a part of the Directory Service command line tools used in Windows to add objects to an Active Directory. These objects can include user accounts, computers, organizational units, and groups. This command is particularly useful for administrators needing to automate tasks in a scripted environment or manage directory services without GUI interference.

Syntax

The general syntax for DSAdd varies depending on the type of object you want to add. Below are the main formats:

  • Add a user: 
    dsadd user UserDN [-samid SAMName] [options]
  • Add a computer: 
    dsadd computer ComputerDN [options]
  • Add a group: 
    dsadd group GroupDN [options]
  • Add an organizational unit (OU): 
    dsadd ou OUDN [options]

UserDN, ComputerDN, GroupDN, and OUDN represent the distinguished names of the user, computer, group, and organizational unit, respectively.

Options/Flags

  • -samid SAMName: Specifies the SAM account name of the user.
  • -desc: Adds a description to the user, computer, or group.
  • -memberof GroupDN [ …]: Specifies that the user or computer will be a member of one or more groups.
  • -upn UPN: Sets the user principal name.
  • -fn FirstName: User’s first name.
  • -ln LastName: User’s last name.
  • -display DisplayName: User’s display name.
  • -pwd Password: Password for the user account.
  • -mustchpwd {yes | no}: User must change password at next logon.
  • -acctexpires NumberOfDays: Number of days until account expires. Zero means never expires.
  • -disabled {yes | no}: If yes, the account is disabled.

Examples

  • Add a user: 
    dsadd user "cn=John Doe,ou=Users,dc=example,dc=com" -samid johnd -upn johnd@example.com -fn John -ln Doe -display "John Doe" -pwd Pa$$word -mustchpwd yes
  • Add a computer: 
    dsadd computer "cn=Workstation001,ou=Computers,dc=example,dc=com" -desc "Main office workstation"
  • Add a group: 
    dsadd group "cn=DevTeam,ou=Groups,dc=example,dc=com" -desc "Development Team"
  • Add an OU: 
    dsadd ou "ou=HR,dc=example,dc=com" -desc "Human Resources Department"

Common Issues

  • Permissions Error: Ensure you have the necessary permissions to add objects in Active Directory.
  • Invalid DN Format: Distinguished names must be in a proper LDAP format. Incorrect formatting often leads to errors.
  • Incorrect Syntax: Given the variety of options, it’s common to mistype or forget parameters. Always review your command for accuracy.

Integration

DSAdd when combined with other commands like dsquery, can be powerful. Here’s an example to add a user to a group using a chained command:

dsquery user -name John | dsmod group "cn=DevTeam,ou=Groups,dc=example,dc=com" -addmbr
  • dsquery: Finds objects in the directory according to criteria.
  • dsmod: Modifies an Active Directory object.
  • dsrm: Removes an object from the directory.
  • dsget: Displays properties of a directory object.

For further reading and detailed command options, visit the official Microsoft documentation.