DSMove - CMD

Overview

DSMove is a command-line tool used in Windows environments to move or rename directory service objects such as Active Directory user accounts or computer accounts. This command is particularly useful in large organizations for automated script-based management or bulk operations on directory service entries. It supports various Active Directory services and is typically used by system administrators to manage and reorganize Active Directory objects efficiently.

Syntax

The general syntax for DSMove is as follows:

dsmove <ObjectDN> [-newname <NewName>] [-newparent <NewParentDN>] [-server <ServerName>] [-domain <Domain>] [-u <UserName>] [-p <{Password|*}>] [-q] [-c]
  • <ObjectDN>: Distinguished Name of the object to move or rename.
  • [Options]: Additional flags or options that modify the behavior of the command.

Options/Flags

  • -newname : Specifies the new name for the object. This option is used if you want to rename the object instead of moving it.
  • -newparent : Specifies the new location for the object within the Active Directory hierarchy.
  • -server : Connects to a specific Active Directory domain controller. Default is the domain controller in the user’s logon domain.
  • -domain : Specifies the domain where the operation will be performed, useful in multi-domain environments.
  • -u : Runs the command under the context of the specified user account. This is useful for operations that require specific administrative privileges.
  • -p <{Password|*}>: Supplies the password for the user account specified with the -u option. Use * to prompt for the password.
  • -q: Suppresses all output except for prompt and error messages.
  • -c: Continues moving the next object after an error occurs.

Examples

Example 1: Rename a user in Active Directory

dsmove "CN=John Doe,OU=Users,DC=example,DC=com" -newname "John Smith"

This command renames a user named John Doe to John Smith.

Example 2: Move a user to a new organizational unit

dsmove "CN=Jane Doe,OU=Users,DC=example,DC=com" -newparent "OU=HR,DC=example,DC=com"

This command moves Jane Doe from the Users OU to the HR OU.

Common Issues

  • Permission Errors: Ensure that the account used has adequate rights to perform the move or rename operations in Active Directory.
  • Incorrect Distinguished Names: Errors are common when the distinguished names are incorrectly specified. Always verify the names before execution.
  • Network Issues: Problems with network connectivity or domain controller availability can disrupt command execution. Ensure network stability before issuing the command.

Integration

DSMove can be integrated with other commands for more complex scripts. For instance, extracting user data with dsquery and then moving objects based on this data:

for /F "tokens=*" %i in ('dsquery user -name "John*" -limit 0') do dsmove %i -newparent "OU=HR,DC=example,DC=com"

This script moves all users whose names start with John to the HR organizational unit.

  • dsadd: Adds objects to the directory.
  • dsrm: Removes objects from the directory.
  • dsquery: Queries for objects in the directory.
  • dsmod: Modifies objects in the directory.

For more information, you can visit Microsoft’s official documentation for DSMove.