Information Technology Reference
In-Depth Information
4. Type
DSQUERY user OU=Marketing,DC=w2k8adXX,DC=com | DSMOD group
CN=Marketing-G,OU=Marketing,DC=w2k8adXX,DC=com -addmbr
and press
Enter
.
5. If you get a message indicating that DSMOD was successful, open Active Directory Users
and Computers, if necessary. If you get an error, check the syntax and spelling, and make
sure there are no spaces between DN components.
6. In Active Directory Users and Computers, click the
Marketing-G
group in the Marketing
OU. (You might need to refresh the view before you can see this group. If so, click
Action,
Refresh
from the menu.) Open its Properties dialog box, and then click the
Members
tab.
You should see all the users the DSQUERY command displayed in Step 3.
7. At some point, the passwords of most users you have created will expire. To set their
passwords to never expire, enter the following command:
DSQUERY user | DSMOD user
-pwdneverexpires yes
8. Close all open windows.
Another feature of many command-line programs is redirecting output to a file instead of
displaying it onscreen. The syntax to redirect output is as follows:
command
>
outputfile
For example, you could use the DSQUERY command from the previous activity to send the
results to a file named MktgUsers.txt:
DSQUERY user OU=Marketing,DC=w2k8adXX,DC=com > MktgUsers.txt
Command-line programs such as DSADD work well when you have many objects to create,
especially when used with a batch file. DSQUERY is also useful for displaying a list of objects
based on particular criteria or piping the data to programs such as DSMOD for further pro-
cessing. What if you already have a database or spreadsheet of possibly hundreds of users to
create, however? When you have a file with Active Directory objects to create, two programs can
import that information into Active Directory: CSVDE and LDIFDE.
5
CSVDE and LDIFDE can bulk import or export Active Directory data; the difference between
them is mainly the format of files they use. CSVDE uses the comma-separated values (CSV)
format common in database and spreadsheet programs. LDIFDE uses LDAP Directory
Interchange Format (LDIF), which isn't as common but is useful when you're working with
LDAP applications. Another difference is that CSVDE can only create objects in Active
Directory, and LDIFDE can create or modify objects.
Neither program has a simple method for importing a list of people directly from a database
or spreadsheet, but with a little database or spreadsheet programming know-how, you can do it
without too much trouble. The easiest way to get an idea of the file format these programs use
is to use their export functions to create an output file. In CSVDE, the following command cre-
ates a file called MktUsers.csv that can be opened in Notepad, as shown in Figure 5-20:
csvde -m -f mktusers.csv -d "ou=marketing,dc=w2k8ad99,dc=com" -r
"(objectClass=user)"
Figure 5-20
An export file created by CSVDE
Search WWH ::
Custom Search