Dsmod

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Dsmod

Modifies an existing object of a specific type in the directory. The dsmod commands include:

  • dsmod computer

  • dsmod contact

  • dsmod group

  • dsmod ou

  • dsmod server

  • dsmod user

  • dsmod quota

  • dsmod partition

dsmod computer

Modifies attributes of one or more existing computers in the directory.

Syntax

dsmod computer ComputerDN ... [-desc Description] [-loc Location] [-disabled {yes | no}] [-reset] [{-s Server | -d Domain}] [-u UserName] [-p {Password | *}] [-c] [-q] [{-uc | -uco | -uci}]

Parameters
  • ComputerDN ...
    Specifies the distinguished names of one or more computers to modify. If values are omitted, they are obtained through standard input (stdin) to support piping of output from another command to input of this command.
  • -desc Description
    Specifies the description of the computer you want to modify.
  • -loc Location
    Specifies the location of the computer object you want to modify.
  • -disabled {yes | no}
    Specifies if the computer account is disabled for log on (yes) or not (no).
  • -reset
    Resets computer accounts.
  • {-s Server | -d Domain}
    Connects to a specified remote server or domain. By default, the computer is connected to the domain controller in the logon domain.

  • -u UserName
    Specifies the user name with which the user logs on to a remote server. By default, -u uses the user name with which the user logged on. You can use any of the following formats to specify a user name:

    • user name (for example, Linda)

    • domain\user name (for example, widgets\Linda)

    • user principal name (UPN) (for example, Linda@widgets.microsoft.com)

  • -p {Password | *}
    Specifies to use either a password or a * to log on to a remote server. If you type *, you are prompted for a password.
  • -c
    Reports errors, but continues with the next object in the argument list when multiple target objects are specified (continuous operation mode). Without this option, the command exits on the first error.
  • -q
    Suppresses all output to standard output (quiet mode).

  • {-uc | -uco | -uci}
    Specifies that output or input data is formatted in Unicode. The following table lists and describes each format.

    Value Description

    -uc

    Specifies a Unicode format for input from or output to a pipe (|).

    -uco

    Specifies a Unicode format for output to a pipe (|) or a file.

    -uci

    Specifies a Unicode format for input from a pipe (|) or a file.
  • /?
    Displays help at the command prompt.
Remarks

  • This command only supports a subset of commonly used object class attributes.

  • If a value that you supply contains spaces, use quotation marks around the text (for example, "CN=DC2,OU=Domain Controllers,DC=Microsoft,DC=Com").

  • If you supply multiple values for a parameter, use spaces to separate the values (for example, a list of distinguished names).

  • Dsmod does not support the addition of security principals in one forest to groups that are located in another forest when both forests are joined by a forest trust. You can use the Active Directory Users & Computers snap-in to add security principals across a forest trust.

Examples

To disable multiple computer accounts, type:

dsmod computer CN=MemberServer1,CN=Computers,DC=Microsoft,DC=Com CN=MemberServer2,CN=Computers,DC=Microsoft,DC=Com -disabled yes

To reset multiple computer accounts, type:

dsmod computer CN=MemberServer1,CN=Computers,DC=Microsoft,DC=Com CN=MemberServer2,CN=Computers,DC=Microsoft,DC=Com -reset

dsmod contact

Modifies attributes of one or more existing contacts in the directory.

Syntax

dsmod contact ContactDN ... [-fn FirstName] [-mi Initial] [-ln LastName] [-display DisplayName] [-desc Description] [-office Office] [-tel PhoneNumber] [-email Email] [-hometel HomePhoneNumber] [-pager PagerNumber] [-mobile CellPhoneNumber] [-fax FaxNumber] [-iptel IPPhoneNumber] [-title Title] [-dept Department] [-company Company] [{-s Server | -d Domain}] [-u UserName][-p {Password | *}] [-c] [-q] [{-uc | -uco | -uci}]

Parameters
  • ContactDN ...
    Required. Specifies the distinguished names of the contacts that you want to modify. If values are omitted, they are obtained through standard input (stdin) to support piping of output from another command to input of this command.
  • -fn FirstName
    Specifies the first name of the contact you want to modify.
  • -mi Initial
    Specifies the middle initial of the contact you want to modify.
  • -ln LastName
    Specifies the last name of the contact you want to modify.
  • -display DisplayName
    Specifies the display name of the contact you want to modify.
  • -desc Description
    Specifies the description of the contact you want to modify.
  • -office Office
    Specifies the office location of the contact you want to modify.
  • -tel PhoneNumber
    Specifies the telephone number of the contact you want to modify.
  • -email Email
    Specifies the e-mail address of the contact you want to modify.
  • -hometel HomePhoneNumber
    Specifies the home telephone number of the contact you want to modify.
  • -pager PagerNumber
    Specifies the pager number of the contact you want to modify.
  • -mobile CellPhoneNumber
    Specifies the mobile number of the contact you want to modify.
  • -fax FaxNumber
    Specifies the fax number of the contact you want to modify.
  • -iptel IPPhoneNumber
    Specifies the IP phone number of the contact you want to modify.
  • -title Title
    Specifies the title of the contact you want to modify.
  • -dept Department
    Specifies the department of the contact you want to modify.
  • -company Company
    Specifies the company information of the contact you want to modify.
  • {-s Server | -d Domain}
    Connects to a specified remote server or domain. By default, the computer is connected to the domain controller in the logon domain.

  • -u UserName
    Specifies the user name with which the user logs on to a remote server. By default, -u uses the user name with which the user logged on. You can use any of the following formats to specify a user name:

    • user name (for example, Linda)

    • domain\user name (for example, widgets\Linda)

    • user principal name (UPN) (for example, Linda@widgets.microsoft.com)

  • -p {Password | *}
    Specifies to use either a password or a * to log on to a remote server. If you type *, you are prompted for a password.
  • -c
    Reports errors, but continues with the next object in the argument list when multiple target objects are specified (continuous operation mode). Without this option, the command exits on the first error.
  • -q
    Suppresses all output to standard output (quiet mode).

  • {-uc | -uco | -uci}
    Specifies that output or input data is formatted in Unicode. The following table lists and describes each format.

    Value Description

    -uc

    Specifies a Unicode format for input from or output to a pipe (|).

    -uco

    Specifies a Unicode format for output to a pipe (|) or a file.

    -uci

    Specifies a Unicode format for input from a pipe (|) or a file.
  • /?
    Displays help at the command prompt.
Remarks

  • If a value that you supply contains spaces, use quotation marks around the text (for example, "CN=Mike Danseglio,OU=Contacts,DC=Microsoft,DC=Com").

  • If you supply multiple values for a parameter, use spaces to separate the values (for example, a list of distinguished names).

  • Dsmod does not support the addition of security principals in one forest to groups that are located in another forest when both forests are joined by a forest trust. You can use the Active Directory Users & Computers snap-in to add security principals across a forest trust.

Examples

To set the company information of multiple contacts, type:

dsmod contact "CN=Mike Danseglio,OU=Contacts,DC=Microsoft,DC=Com" "CN=Denise Smith,OU=Contacts,DC=Microsoft,DC=Com" -company Microsoft

dsmod group

Modifies attributes of one or more existing groups in the directory.

Syntax

dsmod group GroupDN ... [-samid SAMName] [-desc Description] [-secgrp {yes | no}] [-scope {l | g | u}] [{-addmbr | -rmmbr | -chmbr} MemberDN ...] [{-s Server | -d Domain}] [-u UserName] [-p {Password | *}] [-c] [-q] [{-uc | -uco | -uci}]

Parameters
  • GroupDN ...
    Required. Specifies the distinguished names of the groups you want to modify. If values are omitted, they are obtained through standard input (stdin) to support piping of output from another command to input of this command. If GroupDN ... and Member ... are used together then only one parameter can be taken from standard input, requiring that at least one parameter be specified at the command line.
  • -samid SAMName
    Specifies that the SAM account names of the groups you want to modify.
  • -desc Description
    Specifies the descriptions of the groups you want to modify.
  • -secgrp {yes | no}
    Sets the group types to security group (yes) or distribution group (no).
  • -scope {l | g | u}
    Sets the scope of the groups to local, global, or universal. If the domain is in mixed mode, then the universal scope will not be supported. Also, it is not possible to convert a domain local group to global group or vice versa.
  • {-addmbr | -rmmbr | -chmbr} MemberDN ...
    Specifies that members specified by MemberDN ... are to be added, removed, or replaced to, from or in the group. Only one of these parameters can be specified in any single command invocation. MemberDN ... specifies the distinguished names of one or more members to be added to, deleted from, or replaced in the group specified by GroupDN. Each member must given as a distinguished name (for example, CN=Mike Danseglio,OU=Users,DC=Microsoft,DC=Com). The list of members must follow the -addmbr, -rmmbr, and -chmbr parameters. If values are omitted, they are obtained through standard input (stdin) to support piping of output from another command to input of this command. If GroupDN ... and Member ... are used together then only one parameter can be taken from standard input, requiring that at least one parameter be specified at the command line.
  • {-s Server | -d Domain}
    Connects to a specified remote server or domain. By default, the computer is connected to the domain controller in the logon domain.

  • -u UserName
    Specifies the user name with which the user logs on to a remote server. By default, -u uses the user name with which the user logged on. You can use any of the following formats to specify a user name:

    • user name (for example, Linda)

    • domain\user name (for example, widgets\Linda)

    • user principal name (UPN) (for example, Linda@widgets.microsoft.com)

  • -p {Password | *}
    Specifies to use either a password or a * to log on to a remote server. If you type *, you are prompted for a password.
  • -c
    Reports errors, but continues with the next object in the argument list when multiple target objects are specified (continuous operation mode). Without this option, the command exits on the first error.
  • -q
    Suppresses all output to standard output (quiet mode).

  • {-uc | -uco | -uci}
    Specifies that output or input data is formatted in Unicode. The following table lists and describes each format.

    Value Description

    -uc

    Specifies a Unicode format for input from or output to a pipe (|).

    -uco

    Specifies a Unicode format for output to a pipe (|) or a file.

    -uci

    Specifies a Unicode format for input from a pipe (|) or a file.
  • /?
    Displays help at the command prompt.
Remarks

  • If a value that you supply contains spaces, use quotation marks around the text (for example, "CN=USA Sales,OU=Distribution Lists,DC=Microsoft,DC=Com").

  • If you supply multiple values for a parameter, use spaces to separate the values (for example, a list of distinguished names).

  • Dsmod does not support the addition of security principals in one forest to groups that are located in another forest when both forests are joined by a forest trust. You can use the Active Directory Users & Computers snap-in to add security principals across a forest trust.

Examples

To add the user Mike Danseglio to all administrator distribution list groups, type:

dsquery group "OU=Distribution Lists,DC=microsoft,DC=com" -name adm* | dsmod group -addmbr "CN=Mike Danseglio,CN=Users,DC=microsoft,DC=com"

To add all members of the US Info group to the Cananda Info group, type:

dsget group "CN=US INFO,OU=Distribution Lists,DC=microsoft,DC=com" -members | dsmod group "CN=CANADA INFO,OU=Distribution Lists,DC=microsoft,DC=com" -addmbr

To convert the group type of several groups from security to non-security, type:

dsmod group "CN=US Info,OU=Distribution Lists,DC=Microsoft,DC=Com" "CN=Canada Info,OU=Distribution Lists,DC=Microsoft,DC=Com" "CN=Mexico Info,OU=Distribution Lists,DC=Microsoft,DC=Com" -secgrp no

To add two new members to the group "CN=US Info,OU=Distribution Lists,DC=Microsoft,DC=Com", type:

dsmod group "CN=US Info,OU=Distribution Lists,DC=Microsoft,DC=Com" -addmbr "CN=Mike Danseglio,CN=Users,DC=Microsoft,DC=Com" "CN=Legal,OU=Distribution Lists,DC=Microsoft,DC=Com" "CN=Denise Smith,CN=Users,DC=Microsoft,DC=Com"

To add all users from the Marketing organization unit to the existing group called Marketing Staff, type:

dsquery user OU=Marketing,DC=Microsoft,DC=Com | dsmod group "CN=Marketing Staff,OU=Marketing,DC=Microsoft,DC=Com" -addmbr

To delete two members from the existing group "CN=US Info,OU=Distribution Lists,DC=Microsoft,DC=Com", type:

dsmod group "CN=US Info,OU=Distribution Lists,DC=Microsoft,DC=Com" -rmmbr "CN=Mike Danseglio,CN=Users,DC=Microsoft,DC=Com" "CN=Legal,OU=Distribution Lists,DC=Microsoft,DC=Com"

dsmod ou

Modifies attributes of one or more existing organizational units in the directory.

Syntax

dsmod ou OrganizationalUnitDN ... [-desc Description] [{-s Server | -d Domain}] [-u UserName] [-p {Password | *}][-c] [-q] [{-uc | -uco | -uci}]

Parameters
  • OrganizationalUnitDN ...
    Required. Specifies the distinguished names of the organizational units you want to modify. If values are omitted, they are obtained through standard input (stdin) to support piping of output from another command to input of this command.
  • -desc Description
    Specifies the description of the organizational unit you want to modify.
  • {-sServer | -dDomain}
    Connects to a specified remote server or domain. By default, the computer is connected to the domain controller in the logon domain.

  • -u UserName
    Specifies the user name with which the user logs on to a remote server. By default, -u uses the user name with which the user logged on. You can use any of the following formats to specify a user name:

    • user name (for example, Linda)

    • domain\user name (for example, widgets\Linda)

    • user principal name (UPN) (for example, Linda@widgets.microsoft.com)

  • -p{Password | *}
    Specifies to use either a password or a * to log on to a remote server. If you type *, you are prompted for a password.
  • -c
    Reports errors, but continues with the next object in the argument list when multiple target objects are specified (continuous operation mode). Without this option, the command exits on the first error.
  • -q
    Suppresses all output to standard output (quiet mode).

  • {-uc | -uco | -uci}
    Specifies that output or input data is formatted in Unicode. The following table lists and describes each format.

    Value Description

    -uc

    Specifies a Unicode format for input from or output to a pipe (|).

    -uco

    Specifies a Unicode format for output to a pipe (|) or a file.

    -uci

    Specifies a Unicode format for input from a pipe (|) or a file.
  • /?
    Displays help at the command prompt.
Remarks

  • If a value that you supply contains spaces, use quotation marks around the text (for example, "OU=Domain Controllers,DC=Microsoft,DC=Com").

  • If you supply multiple values for a parameter, use spaces to separate the values (for example, a list of distinguished names).

  • Dsmod does not support the addition of security principals in one forest to groups that are located in another forest when both forests are joined by a forest trust. You can use the Active Directory Users & Computers snap-in to add security principals across a forest trust.

Examples

To change the description of several organizational units at the same time, type:

dsmod ou "OU=Domain Controllers,DC=Microsoft,DC=Com" "OU=Resources,DC=Microsoft,DC=Com" "OU=Troubleshooting,DC=Microsoft,DC=Com" -desc "This is a test OU"

dsmod server

Modifies properties of a domain controller.

Syntax

dsmod server ServerDN ... [-desc Description] [-isgc {yes | no}] [{-s Server | -d Domain}] [-u UserName] [-p {Password | *}] [-c] [-q] [{-uc | -uco | -uci}]

Parameters
  • ServerDN ...
    Required. Specifies the distinguished names of one or more servers that you want to modify. If values are omitted, they are obtained through standard input (stdin) to support piping of output from another command to input of this command.
  • -desc Description
    Specifies the description of the server you want to modify.
  • -isgc {yes | no}
    Sets this server as a global catalog (yes) or disables it (no).
  • {-s Server | -d Domain}
    Connects to a specified remote server or domain. By default, the computer is connected to the domain controller in the logon domain.

  • -u UserName
    Specifies the user name with which the user logs on to a remote server. By default, -u uses the user name with which the user logged on. You can use any of the following formats to specify a user name:

    • user name (for example, Linda)

    • domain\user name (for example, widgets\Linda)

    • user principal name (UPN) (for example, Linda@widgets.microsoft.com)

  • -p {Password | *}
    Specifies to use either a password or a * to log on to a remote server. If you type *, you are prompted for a password.
  • -c
    Reports errors, but continues with the next object in the argument list when multiple target objects are specified (continuous operation mode). Without this option, the command exits on the first error.
  • -q
    Suppresses all output to standard output (quiet mode).

  • {-uc | -uco | -uci}
    Specifies that output or input data is formatted in Unicode. The following table lists and describes each format.

    Value Description

    -uc

    Specifies a Unicode format for input from or output to a pipe (|).

    -uco

    Specifies a Unicode format for output to a pipe (|) or a file.

    -uci

    Specifies a Unicode format for input from a pipe (|) or a file.
  • /?
    Displays help at the command prompt.
Remarks

  • If a value that you supply contains spaces, use quotation marks around the text (for example, "CN=My Server,CN=Servers,CN=Site10,CN=Sites,CN=Configuration,DC=Microsoft,DC=Com").

  • If you supply multiple values for a parameter, use spaces to separate the values (for example, a list of distinguished names).

  • Dsmod does not support the addition of security principals in one forest to groups that are located in another forest when both forests are joined by a forest trust. You can use the Active Directory Users & Computers snap-in to add security principals across a forest trust.

Examples

To enable the domain controllers CORPDC1 and CORPDC9 to become global catalog servers, type:

dsmod server "CN=CORPDC1,CN=Servers,CN=Site1,CN=Sites,CN=Configuration,DC=Microsoft,DC=Com" "CN=CORPDC9,CN=Servers,CN=Site2,CN=Sites,CN=Configuration,DC=Microsoft,DC=Com" -isgc yes

dsmod user

Modifies attributes of one or more existing users in the directory.

Syntax

dsmod user UserDN ... [-upn UPN] [-fn FirstName] [-mi Initial] [-ln LastName] [-display DisplayName] [-empid EmployeeID] [-pwd (Password | *)] [-desc Description] [-office Office] [-tel PhoneNumber] [-email E-mailAddress] [-hometel HomePhoneNumber] [-pager PagerNumber] [-mobile CellPhoneNumber] [-fax FaxNumber] [-iptel IPPhoneNumber] [-webpg WebPage] [-title Title] [-dept Department] [-company Company] [-mgr Manager] [-hmdir HomeDirectory] [-hmdrv DriveLetter**:] [-profile** ProfilePath] [-loscr ScriptPath] [-mustchpwd {yes | no}] [-canchpwd {yes | no}] [-reversiblepwd {yes | no}] [-pwdneverexpires {yes | no}] [-acctexpires NumberOfDays] [-disabled {yes | no}] [{-s Server | -d Domain}] [-u UserName] [-p {Password | *}][-c] [-q] [{-uc | -uco | -uci}]

Parameters
  • UserDN ...
    Required. Specifies the distinguished names of the users you want to modify. If values are omitted, they are obtained through standard input (stdin) to support piping of output from another command to input of this command.
  • -upn UPN
    Specifies the user principal names of the user objects you want to modify (for example, Linda@widgets.microsoft.com)
  • -fn FirstName
    Specifies the first names of the user objects you want to modify.
  • -mi Initial
    Specifies the middle initials of the user objects you want to modify.
  • -ln LastName
    Specifies the last names of the user objects you want to modify.
  • -display DisplayName
    Specifies the display names of the user objects you want to modify.
  • -empid EmployeeID
    Specifies the employee IDs of the user objects you want to modify.
  • -pwd {Password | *}
    Resets the passwords for the user objects as Password or *. If * is specified, then you are prompted for a user password.
  • -desc Description
    Specifies the descriptions of the user objects you want to modify.
  • -office Office
    Specifies the office locations of the user objects you want to modify.
  • -tel PhoneNumber
    Specifies the telephone numbers of the user objects you want to modify.
  • -email E-mailAddress
    Specifies the e-mail addresses of the user objects you want to modify.
  • -hometel HomePhoneNumber
    Specifies the home telephone numbers of the user objects you want to modify.
  • -pager PagerNumber
    Specifies the pager numbers of the user objects you want to modify.
  • -mobile CellPhoneNumber
    Specifies the cell numbers of the user objects you want to modify.
  • -fax FaxNumber
    Specifies the fax numbers of the user objects you want to modify.
  • -iptel IPPhoneNumber
    Specifies the IP phone numbers of the user objects you want to modify.
  • -webpg WebPage
    Specifies the Web page URLs of the user objects you want to modify.
  • -title Title
    Specifies the titles of the user objects you want to modify.
  • -dept Department
    Specifies the departments of the user objects you want to modify.
  • -company Company
    Specifies the company information of the user objects you want to modify.
  • -mgr Manager
    Specifies the distinguished names of the managers of the user objects you want to modify.
The manager can only be specified using the distinguished name format.
  • -hmdir HomeDirectory
    Specifies the home directory locations of the user objects you want to modify. If HomeDirectory is given as a UNC name, you must specify a mapped drive to this path by using the -hmdrv parameter.
  • -hmdrv DriveLetter :
    Specifies the home directory drive letters (for example, E:) of the user objects you want to modify.
  • -profile ProfilePath
    Specifies the profile paths of the user objects you want to modify.
  • -loscr ScriptPath
    Specifies the logon script paths of the user objects you want to modify.
  • -mustchpwd{ yes| no}
    Specifies if users must change their passwords at the time of next logon (yes) or not (no).
  • -canchpwd {yes | no}
    Specifies if users can change their passwords at all (yes) or not (no). The value of this parameter must be yes if the value of the -mustchpwd parameter is yes.
  • -reversiblepwd {yes | no}
    Specifies if user passwords should be stored using reversible encryption (yes) or not (no).
  • -pwdneverexpires {yes | no}
    Specifies if user accounts never expires (yes) or not (no).
  • -acctexpires NumberOfDays
    Specifies the number of days from today that the user accounts will expire. A value of 0 sets expiration at the end of today. A positive value sets expiration in the future. A negative value sets expiration in the past. The value of never sets the account to never expire. For example, a value of 0 implies that the account expires at the end of today. A value of -5 implies that the account has already expired 5 days ago and sets an expiration date in the past. A value of 5 sets the account expiration date for 5 days in the future.
  • -disabled {yes | no}
    Specifies if the user account is disabled for log on (yes) or not (no).
  • {-s Server | -d Domain}
    Connects to a specified remote server or domain. By default, the computer is connected to the domain controller in the logon domain.

  • -u UserName
    Specifies the user name with which the user logs on to a remote server. By default, -u uses the user name with which the user logged on. You can use any of the following formats to specify a user name:

    • user name (for example, Linda)

    • domain\user name (for example, widgets\Linda)

    • user principal name (UPN) (for example, Linda@widgets.microsoft.com)

  • -p {Password | *}
    Specifies to use either a password or a * to log on to a remote server. If you type *, you are prompted for a password.
  • -c
    Reports errors, but continues with the next object in the argument list when multiple target objects are specified (continuous operation mode). Without this option, the command exits on the first error.
  • -q
    Suppresses all output to standard output (quiet mode).

  • {-uc | -uco | -uci}
    Specifies that output or input data is formatted in Unicode. The following table lists and describes each format.

    Value Description

    -uc

    Specifies a Unicode format for input from or output to a pipe (|).

    -uco

    Specifies a Unicode format for output to a pipe (|) or a file.

    -uci

    Specifies a Unicode format for input from a pipe (|) or a file.
  • /?
    Displays help at the command prompt.
Remarks

  • If a value that you supply contains spaces, use quotation marks around the text (for example, "CN=Mike Danseglio,CN=Users,DC=Microsoft,DC=Com").

  • If you supply multiple values for a parameter, use spaces to separate the values (for example, a list of distinguished names).

  • The special token $username$ (case insensitive) may replace the SAM account name in the value of the -webpg, -profile, -hmdir, and -email parameters. For example, if a SAM account name is "Denise," the -hmdir location parameter can be written in either of the following formats:

    -hmdir \users\Denise\home

    -hmdir \users\$username$\home

  • This command only supports a subset of commonly used object class attributes.

  • Dsmod does not support the addition of security principals in one forest to groups that are located in another forest when both forests are joined by a forest trust. You can use the Active Directory Users & Computers snap-in to add security principals across a forest trust.

Examples

To reset Don Funk's password and force him to change his password the next time he logs on to the network, type:

dsmod user "CN=Don Funk,CN=Users,DC=Microsoft,DC=Com" -pwd A1b2C3d4 -mustchpwd yes

To reset multiple user passwords to a common password and force users to change their passwords the next time they log on to the network, type:

dsmod user "CN=Don Funk,CN=Users,DC=Microsoft,DC=Com" "CN=Denise Smith,CN=Users,DC=Microsoft,DC=Com" -pwd A1b2C3d4 -mustchpwd yes

To disable multiple user accounts at the same time, type:

dsmod user "CN=Don Funk,CN=Users,DC=Microsoft,DC=Com" "CN=Denise Smith,CN=Users,DC=Microsoft,DC=Com" -disabled yes

To modify the profile path of multiple users to a common path using the $username$ token, type:

dsmod user "CN=Don Funk,CN=Users,DC=Microsoft,DC=Com" "CN=Denise Smith,CN=Users,DC=Microsoft,DC=Com" -profile \users\$username$\profile

dsmod quota

Modifies attributes of one or more existing quota specifications in the directory.

Syntax

dsmod quota QuotaDN ... [-qlimit Value] [-desc Description] [{-s Server | -d Domain}] [-u UserName] [-p {Password | *}] [-c] [-q] [{-uc | -uco | -uci}]

Parameters
  • QuotaDN...
    Specifies the distinguished names of one or more quota specifications to modify. If values are omitted, they are obtained through standard input (stdin) to support piping of output from another command to input of this command.
  • -qlimit Value
    Specifies the number of objects within the directory partition that can be owned by the security principal to which the quota object is assigned. To specify an unlimited quota, use -1.
  • -desc Description
    Specifies the description of the quota specification you want to modify.
  • {-s Server | -d Domain}
    Connects to a specified remote server or domain. By default, the computer is connected to a domain controller in the logon domain.

  • -u UserName
    Specifies the user name with which the user logs on to a remote server. By default, -u uses the user name with which the user logged on. You can use any of the following formats to specify a user name:

    • user name (for example, Linda)

    • domain\user name (for example, widgets\Linda)

    • user principal name (UPN) (for example, Linda@widgets.microsoft.com)

  • -p {Password | *}
    Specifies to use either a password or a * to log on to a remote server. If you type *, you are prompted for a password.
  • -c
    Specifies continuous operation mode. Errors are reported, but the process continues with the next object in the argument list when you specify multiple target objects. If you do not use -c, the command quits after the first error occurs.
  • -q
    Suppresses all output to standard output (quiet mode).

  • {-uc | -uco | -uci}
    Specifies that output or input data is formatted in Unicode. The following table lists and describes each format.

    Value Description

    -uc

    Specifies a Unicode format for input from or output to a pipe (|).

    -uco

    Specifies a Unicode format for output to a pipe (|) or a file.

    -uci

    Specifies a Unicode format for input from a pipe (|) or a file.
  • /?
    Displays help at the command prompt.
Remarks

  • Dsmod quota only supports a subset of commonly used object class attributes.

  • If a value that you use contains spaces, use quotation marks around the text (for example, "CN=DC2,OU=Domain Controllers,DC=Microsoft,DC=Com").

  • If you use multiple values for an option, use spaces to separate the values (for example, a list of distinguished names).

  • Dsmod does not support the addition of security principals in one forest to groups that are located in another forest when both forests are joined by a forest trust. You can use the Active Directory Users & Computers snap-in to add security principals across a forest trust.

Examples

To change the quota limit for a quota called DN1 to a value of 100, type:

dsmod quota DN1 -qlimit 100

dsmod partition

Modifies attributes of one or more existing partitions in the directory.

Syntax

dsmod partition PartitionDN ... [-qdefault Value] [-qtmbstnwt Percent] [{-s Server | -d Domain}] [-u UserName] [-p {Password | *}] [-c] [-q] [{-uc | -uco | -uci}]

Parameters
  • PartitionDN...
    Specifies the distinguished names of one or more directory partitions to modify. If values are omitted, they are obtained through standard input (STDIN) to support piping of output from another command to input of this command.
  • -qdefault Value
    Specifies that the default quota for the directory partition be set to Value. The default quota will apply to any security principal (user, group, computer or inetOrgPerson) who owns an object in the directory partition, if no quota specification exists that covers the security principal. Enter -1 to specify an unlimited quota.
  • -qtmbstnwt Percent
    Required. Sets the percentage by which tombstone object count should be reduced when calculating quota usage. The percentage is specified by Percent and must be between 0 and 100. For example, a value of 25 means that a tombstone object counts as 25% of a normal object when calculating quota usage. If a user were assigned a quota of 100, the user could own a maximum of 100 normal objects or 400 tombstone objects in Active Directory.
  • {-s Server | -d Domain}
    Connects to a specified remote server or domain. By default, the computer is connected to a domain controller in the logon domain.

  • -u UserName
    Specifies the user name with which the user logs on to a remote server. By default, -u uses the user name with which the user logged on. You can use any of the following formats to specify a user name:

    • user name (for example, Linda)

    • domain\user name (for example, widgets\Linda)

    • user principal name (UPN) (for example, Linda@widgets.microsoft.com)

  • -p {Password | *}
    Specifies to use either a password or a * to log on to a remote server. If you type *, you are prompted for a password.
  • -c
    Reports errors, but continues with the next object in the argument list when multiple target objects are specified (continuous operation mode). Without this option, the command exits on the first error.
  • -q
    Suppresses all output to standard output (quiet mode).

  • {-uc | -uco | -uci}
    Specifies that output or input data is formatted in Unicode. The following table lists and describes each format.

    Value Description

    -uc

    Specifies a Unicode format for input from or output to a pipe (|).

    -uco

    Specifies a Unicode format for output to a pipe (|) or a file.

    -uci

    Specifies a Unicode format for input from a pipe (|) or a file.
  • /?
    Displays help at the command prompt.
Remarks

  • This command only supports a subset of commonly used object class attributes.

  • If a value that you use contains spaces, use quotation marks around the text (for example, "CN=DC2,OU=Domain Controllers,DC=Microsoft,DC=Com").

  • The default quota applies to any security principal (for example, user, group, computer, or InetOrgPerson) that creates an object in the directory partition when no quota specification exists that covers the security principal.

  • The default quota for a given directory partition is an attribute (that is, ms-DS-Default-Quota) of a special container of class ms-DS-Quota-Container, as specified by CN=NTDS Quotas,<DirectoryParitionRootDN>.

  • The tombstone quota weight for a given directory partition (set with the -qtmbstnwt option) is an attribute (that is, ms-DS-Tombstone-Quota-Factor) of a special container of class (that is, ms-DS-Quota-Container), as specified by CN=NTDS Quotas,<DirectoryPartitionRootDN>.

  • Dsmod does not support the addition of security principals in one forest to groups that are located in another forest when both forests are joined by a forest trust. You can use the Active Directory Users & Computers snap-in to add security principals across a forest trust.

Examples

To change the default quota limit for a directory partition named NC1 to a value of 1000, type:

dsmod partition NC1 -qdefault 1000

Formatting legend

Format Meaning

Italic

Information that the user must supply

Bold

Elements that the user must type exactly as shown

Ellipsis (...)

Parameter that can be repeated several times in a command line

Between brackets ([])

Optional items

Between braces ({}); choices separated by pipe (|). Example: {even|odd}

Set of choices from which the user must choose only one

Courier font

Code or program output

See Also

Concepts

Directory service command-line tools
Command-line reference A-Z
Command shell overview