DSRM - CMD

Overview

dsrm (Directory Service Remove) is a command-line tool used for deleting objects from the directory service of Active Directory (AD). It simplifies the process of removing user accounts, group accounts, computer accounts, and other directory objects within an AD environment. The command is highly effective in automated scripts and batch operations where multiple deletions are required.

Syntax

The basic syntax of the dsrm command is:

dsrm <ObjectDN> [Options]
  • <ObjectDN>: Specifies the distinguished name of the object to delete.

Additional syntax variations include:

dsrm <ObjectDN> [...] [-noprompt] [-subtree] [-exclude] [-c]
dsrm -?

Options/Flags

  • -noprompt: Suppresses confirmation prompts before deleting the object.
  • -subtree, -s: Deletes the object and its entire subtree.
  • -exclude, -e: With -subtree, does not delete the object but deletes the entire subtree under this object.
  • -c: Continues with the next object if an error occurs during the deletion of a multi-object batch.
  • -q: Operates in quiet mode; suppresses most of the output.
  • -?, -help: Displays help at the command prompt.

Examples

  1. Delete a Single User:

    dsrm "CN=John Doe,OU=Users,DC=example,DC=com" -noprompt

    This command deletes the user John Doe without prompting for confirmation.

  2. Delete an Entire Group and Its Members:

    dsrm "CN=DevTeam,OU=Groups,DC=example,DC=com" -subtree -noprompt

    Removes the ‘DevTeam’ group and all objects within that group recursively.

  3. Delete Multiple Objects:

    dsrm "CN=User1,OU=Sales,DC=example,DC=com" "CN=User2,OU=Sales,DC=example,DC=com" -c

    Attempts to delete User1 and User2 in the Sales OU, continuing even if errors occur.

Common Issues

Users might encounter errors related to insufficient permissions or incorrect object names. Check the following before executing dsrm:

  • Permissions: Ensure you have adequate permissions to delete the specified objects.
  • Object Existence: Verify that the object names and paths are correct to avoid errors.

Integration

The dsrm command can be combined with other Active Directory command-line tools for more complex operations, like querying for objects with dsquery and then deleting them:

for /f "delims=" %i in ('dsquery user -name "TempUser*"') do dsrm -noprompt %i

This script finds and deletes all users whose names start with ‘TempUser’.

  • dsquery: Finds objects in the directory that match a given search criterion.
  • dsadd: Adds objects to the directory.
  • dsmod: Modifies existing directory objects.

For more comprehensive information, consider checking the official Microsoft documentation or Windows command-line reference guides.