Managing User Attributes with Dsmod and Dsget

Managing User Attributes with Dsmod

Dsmod modifies the attributes of one or more existing objects. DS commands were introduced earlier in the course. Like other DS commands, the Dsmod basic syntax is:
dsmod user UserDN … parameters

Use the buttons below to navigate through the lesson


The UserDN parameter specifies the distinguished name of the user to modify. The remaining parameters indicate the attribute to change and the new value. For example, the following command changes the Office attribute of Tony Krijnen:
Dsmod user “cn=Tony Krijnen,ou=Managers,dc=es-net,dc=co,dc=uk”
-office “Amsterdam”

Type DSMOD USER /? for usage information and a list of supported parameters.
A more sophisticated way to send DNs to the Dsmod command is by piping the results of a Dsquery command.
As an example, assume you want to assign all users a home folder on DC1. The following command changes the homeDirectory and homeDrive attributes of user objects in the Managers OU:
dsquery user “ou=Managers,dc=es-net,dc=co,dc=uk” | dsmod user
-hmdir “\\DC1\users\%username%\documents” -hmdrv “U:“

As mentioned in Lesson 1, the special %username% token can be used to represent the sAMAccountName of user objects when using DS commands to configure the value of the -email, -hmdir,
-profile, and -webpg parameters.

Managing User Attributes with Dsget

The Dsget command gets and outputs selected attributes of one or more objects. Its syntax, like that of Dsmod, is:
dsget user UserDN… parameters
You can supply the DNs of one or more user objects by specifying them on the command line, separated by spaces; by entering them in the console; or by piping the results of a DSQUERY USER command.

Unlike Dsadd and Dsmod, Dsget takes only a parameter and not an associated value. For example, Dsget takes the samid parameter like Dsadd does, but it does not take a value. Instead, it reports the current value of the attribute. For example, to display the pre- Windows 2000 logon name of Geoff Prior in the Managers OU, use the following command:
dsget user “cn=Geoff Prior,ou=Managers,dc=es-net,dc=co,dc=uk”
-samid

Example of using Dsget to pipe the results of a Dsquery, the following command will query Active Directory for all users in the Managers OU. The results will be piped by Dsget for the user’s samid, display name and office and saved to a text document.
Dsquery user “ou=managers,dc=es-net,dc=co,dc-uk” | dsget user
–samid –display –office >>c:\userinfo.txt

Type Dsget /? At the command prompt for further help.

Managing User Attributes with Windows PowerShell and VBScript

To read an attribute of a user object with Windows PowerShell or VBScript, you use the ADSI to connect to the user object, a process called binding. Earlier, you connected to an OU to create an object.

After the object exists, you connect directly to the object. One way to do so is with the Active Directory services path (aDSPath) of the object, which is the “LDAP://” protocol moniker followed by the distinguished name of the object. The Windows PowerShell command for connecting to the user account of Geoff Prior in the Managers OU is:
$objUser=[ADSI]”LDAP://cn=Geoff Prior,ou=Managers,dc=es-net,dc=co,dc=uk”
The VBScript equivalent is:
Set objUser=GetObject(“LDAP://cn=Geoff Prior,ou=Managers,dc=es-net,dc=co,dc=uk”
If you want to modify an attribute, you need to perform three steps:

  1. Connect to the user object.
  2. Modify an attribute.
  3. Commit the change.

You’ve already seen how to connect to the object. The second step is to change the attribute.
Most attributes are simple, single-valued attributes and can be changed with the Put method of the object. For example, in Windows PowerShell:
$objUser.put(“company”,“Es-net, Ltd.”)
and in VBScript:
objUser.put “company”,“Es-net, Ltd.”
You can set multiple attributes during the second step. After all attributes have been specified, you must commit the changes to the directory with SetInfo. The Windows PowerShell version is:
$objUser.SetInfo()
The VBScript version is identical, except for the variable name:
objUser.SetInfo()

Putting the three steps together, you have a Windows PowerShell script:
$objUser=[ADSI]”LDAP://cn=Geoff Prior,ou=Managers,dc=es-net,dc=co,dc=uk”
$objUser.put(“company”,“Es-net, Ltd.”)
$objUser.SetInfo()
Putting the three steps together, you have a Windows PowerShell script:
$objUser=[ADSI]”LDAP://cn=Geoff Prior,ou=Managers,dc=es-net,dc=co,dc=uk”
$objUser.put(“company”,“Es-net, Ltd.”)
$objUser.SetInfo()
In VBScript, the code is as follows:
Set objUser=GetObject(“LDAP://cn=Geoff Prior,ou=Managers,dc=es-net,dc=co,dc=uk”
objUser.put “company”,“Es-net, Ltd.”
objUser.SetInfo()