Modify AD object properties thru CLI

Modify AD object properties thru CLI

We can change AD object properties thru cli. It is necessary if we need to modify the properties of a multiple objects. If you use gui, you need to click the object, select the properties, select the respective tab etc. etc...

Anyway, windows has a command to make it easy. Some of the commands are listed below:

dsadd /? - help for adding objects.
dsget /? - help for displaying objects.
dsmod /? - help for modifying objects.
dsmove /? - help for moving objects.
dsquery /? - help for finding objects matching search criteria.
dsrm /? - help for deleting objects.

I would like to use one of it as an example. For the rest, you need to explore it yourself.

I want to change a password of ahmad to become "abcdef1234" and set it to be required to change at the next logon. ahmad is under OU: manager, and its domain is shazmi.blogspot.com.my

the syntax is:

dsmod user user_dn -pwd abcdef1234 -mustchpwd yes

the command is:

dsmod user "CN=ahmad,OU=manager,DC=shazmi,DC=blogspot,DC=com,DC=my" -pwd abcdef1234 -mustchpwd yes

please make sure that password never expires are not enable. Otherwise, it won't work. anyway you can add -pwdneverexpires no at the end of this command.

If you want to modify properties of multiple user (eg: ahmad under OU Manager and asamaliza under OU Engineer), you can issue this command:

dsmod user "CN=ahmad,OU=manager,DC=shazmi,DC=blogspot,DC=com,DC=my" "CN=asamaliza,OU=engineer,DC=shazmi,DC=blogspot,DC=com,DC=my"-pwd abcdef1234 -mustchpwd yes

But, how if you want to modify a properties of 100 users??

batch file can help you out....