Dsadd user

TECHNET Home

TechNet
TechNet Library
Windows Server
Windows Server 2008 and Window ...
Windows Server Commands, Refer ...
Command-line Reference
A-Z List
Dsadd

Dsadd

Dsadd computer
Dsadd contact
Dsadd group
Dsadd ou
Dsadd user
Dsadd quota

Switch View :

Classic

Lightweight

ScriptFree

Feedback

Dsadd user

Updated: July 7, 2011

Applies To: Windows Server 2008

Adds a single user to the directory.

Dsadd is a command-line tool that is built into Windows Server 2008. It is available if you have the Active Directory Domain Services (AD DS) server role installed. To use dsadd, you must run the dsadd command from an elevated command prompt. To open an elevated command prompt, click Start, right-click Command Prompt, and then click Run as administrator.

For examples of how to use this command, see Examples.

Syntax

dsadd user <UserDN> [-samid <SAMName>] [-upn <UPN>] [-fn <FirstName>] [-mi <Initial>] [-ln <LastName>] [-display <DisplayName>] [-empid <EmployeeID>] [-pwd {<Password> | *}] [-desc <Description>] [-memberof <Group> ...] [-office <Office>] [-tel <PhoneNumber>] [-email <Email>] [-hometel <HomePhoneNumber>] [-pager <PagerNumber>] [-mobile <CellPhoneNumber>] [-fax <FaxNumber>] [-iptel <IPPhoneNumber>] [-webpg <WebPage>] [-title <Title>] [-dept <Department>] [-company <Company>] [-mgr <Manager>] [-hmdir <HomeDirectory>] [-hmdrv <DriveLetter>:][-profile <ProfilePath>] [-loscr <ScriptPath>] [-mustchpwd {yes | no}] [-canchpwd {yes | no}] [-reversiblepwd {yes | no}] [-pwdneverexpires {yes | no}] [-acctexpires <NumberOfDays>] [-disabled {yes | no}] [{-s <Server> | -d <Domain>}] [-u <UserName>] [-p {<Password> | *}] [-q] [{-uc | -uco | -uci}]

Parameters

Parameter	Description
<UserDN>	Required. Specifies the distinguished name of the user that you want to add. If you omit the distinguished name, dsadd takes the name from standard input (stdin).
-samid <SAMName>	Specifies the Security Accounts Manager (SAM) name as the unique SAM account name for this user, for example, Linda. If you do not specify the SAM name, dsadd attempts to create the SAM account name by using up to the first 20 characters from the common name (CN) value of UserDN.
-upn <UPN>	Specifies the user principal name of the user that you want to add, for example, Linda@widgets.contoso.com.
-fn <FirstName>	Specifies the first name of the user that you want to add.
-mi <Initial>	Specifies the middle initial of the user that you want to add.
-ln <LastName>	Specifies the last name of the user that you want to add.
-display <DisplayName>	Specifies the display name of the user that you want to add.
-empid <EmployeeID>	Specifies the employee ID of the user that you want to add.
-pwd {<Password>\| *}	Specifies that the password for the user be set to Password or an asterisk (). If you set the password to , dsadd prompts you for a user password.
-desc <Description>	Specifies the description of the user that you want to add.
-memberof <GroupDN>	Specifies the distinguished names of the groups of which you want the user to be a member.
-office <Office>	Specifies the office location of the user that you want to add.
-tel <PhoneNumbe>r	Specifies the telephone number of the user that you want to add.
-email <Email>	Specifies the e-mail address of the user that you want to add.
-hometel <HomePhoneNumber>	Specifies the home telephone number of the user that you want to add.
-pager <PagerNumber>	Specifies the pager number of the user that you want to add.
-mobile <CellPhoneNumber>	Specifies the cell phone number of the user that you want to add.
-fax <FaxNumber>	Specifies the fax number of the user that you want to add.
-iptel <IPPhoneNumber>	Specifies the IP phone number of the user that you want to add.
-webpg <WebPage>	Specifies the Web page URL of the user that you want to add.
-title <Title>	Specifies the title of the user that you want to add.
-dept <Department>	Specifies the department of the user that you want to add.
-company <Company>	Specifies the company information of the user that you want to add.
-mgr <ManagerDN>	Specifies the distinguished name of the manager of the user that you want to add.
-hmdir <HomeDirectory>	Specifies the home directory location of the user that you want to add. If you specify HomeDirectory as a Universal Naming Convention (UNC) path, then you must specify a drive letter for dsadd to map to this path using the -hmdrv parameter.
-hmdrv <DriveLetter> :	Specifies the home directory drive letter (for example, E:) of the user that you want to add.
-profile <ProfilePath>	Specifies the profile path of the user that you want to add.
-loscr <ScriptPath>	Specifies the logon script path of the user that you want to add.
-mustchpwd {yes \| no}	Specifies whether users must change their passwords when they next log on. The available values are yes and no. By default, users do not have to change their passwords (no).
-canchpwd {yes \| no}	Specifies whether users can change their passwords. The available values are yes and no. By default, users can change their passwords (yes). The value of this parameter must be yes if the value of the -mustchpwd parameter is yes.
-reversiblepwd {yes \| no}	Specifies whether to store user passwords using reversible encryption. The available values are yes and no. By default, users cannot use reversible encryption (no).
-pwdneverexpires {yes \| no}	Specifies whether the user password never expires. The available values are yes and no. By default, user passwords expire (no).
-acctexpires <NumberOfDays>	Specifies the number of days from today that the user account will expire. A value of 0 sets expiration at the end of today. A positive value sets expiration in the future. A negative value sets expiration in the past. The value never sets the account to never expire. For example, a value of 0 implies that the account expires at the end of today. A value of -5 implies that the account has already expired 5 days ago and sets an expiration date in the past. A value of 5 sets the account expiration date for 5 days in the future.
-disabled {yes \| no}	Specifies whether dsadd disables the user account for logon. The available values are yes or no. For example, the following command creates a Nicolettep user account in an enabled state: dsadd user CN=Nicolettep,CN=Users,DC=Widgets,DC=Contoso,DC=Com -pwd Password1 -disabled no By default, the user account is disabled for log on (yes). For example, the following command creates a Nathanp user account in a disabled state: dsadd user CN=Nathanp,CN=Users,DC=Widgets,DC=Contoso,DC=Com
{-s <Server> \| -d <Domain>}	Connects to a specified remote server or domain. By default, the computer is connected to the domain controller in the logon domain.
-u <UserName>	Specifies the user name with which the user logs on to a remote server. By default, -u uses the user name with which the user logged on. You can use any of the following formats to specify a user name: user name (for example, Linda) domain\user name (for example, widgets\Linda) user principal name (UPN) (for example, Linda@widgets.contoso.com)
-p {<Password> \| *}	Specifies to use either a password or a * to log on to a remote server. If you type *, you are prompted for a password.
-q	Suppresses all output to standard output (quiet mode).
{-uc \| -uco \| -uci}	Specifies that output or input data is formatted in Unicode. The following list explains each format. -uc: Specifies a Unicode format for input from or output to a pipe (\|). -uco : Specifies a Unicode format for output to a pipe (\|) or a file. -uci: Specifies a Unicode format for input from a pipe (\|) or a file.
/?	Displays help at the command prompt.

Remarks

If you do not supply a target object at the command prompt, dsadd obtains the target object from standard input (stdin). Dsadd can accept stdin from the keyboard, from a redirected file, or as piped output from another command. To mark the end of stdin data from the keyboard or in a redirected file, use the end-of-file character (CTRL+Z).
If a value that you supply contains spaces, use quotation marks around the text, for example, "CN=Mike Danseglio,CN=Users,DC=Contoso,DC=Com".
If you supply multiple values for a parameter, use spaces to separate the values, for example, a list of distinguished names.
Using strong passwords on all user accounts helps minimize security risks.
In order to set the Remote Desktop Services User Profile, you can use Group Policy. For more information, see Profiles (http://go.microsoft.com/fwlink/?LinkId=201495).

Examples

To create an enabled user account named MikeDan in the default Users container of northwindtraders.com, type:

dsadd user cn=MikeDan,cn=users,dc=northwindtraders,dc=com -disabled no

To create an enabled user account named John Smith with a password of C^h3Bdo9# that must be changed at first logon, in an organizational unit (OU) named SouthEmployees in a domain named northwindtraders.com, type:

dsadd user “cn=John Smith,ou=SouthEmployees,dc=northwindtraders,dc=com” -disabled no –pwd C^h3Bdo9# -mustchpwd yes

To create the same account, with a set it to never expire, and make it a member of the Janitors group in the same OU, type:

dsadd user “cn=John Smith,ou=SouthEmployees,dc=northwindtraders,dc=com” -disabled no –pwd C^h3Bdo9# -mustchpwd yes -memberof cn=janitors,ou=SouthEmployees,dc=northwindtraders,dc=com -acctexpires never

Additional references

Command-Line Syntax Key

Change History

Date	Revision
09/07/2010	New examples were added to show to set additional parameters

Tags :

Community Content

Dan Holme

$username$ documentation and functionality is BROKEN - BUG

MS documentation including DSADD USER /? suggests you can use $username$ as a token to represent the user's name for HMDIR and other parameters. This is INCORRECT. It is broken. Kind of makes sense, because you are creating a user so the user doesn't exist, so there is no user name to be had. You *can* use $username$ as documented with DSMOD. In other words, you can (as a second step) configure hmdir (and other properties) of an EXISTING user account with $username$. Sorry for the bad news.

Tags :

muzen

International characters in dsadd??

what shall i do to get swedish characters like Å Ä Ö in dsadd? dsadd user "cn=Åsa, Svensson,ou=Kontorssäljare,ou=Personal,ou=BM,dc=BM-jowi,dc=local" -fn Åsa -ln Svensson -samid ÅsaSve -pwd randompass -email åsa.svensson@bm.se -disabled no -memberof "cn=Kontorssäljare,ou=Kontorssäljare,ou=Personal,ou=BM,dc=BM-jowi,dc=local" and the result is Ä=Kontorssõljare Å=┼sa

Tags :

Thomas Lee

tried what suggested, not working

hi, could you please help me? i tried this version: dsadd user "cn=new35,cn=users,cn=Mashabey Enosh, cn=students, dc=mydomain.co.il" -samid new35 -fn new35 -display new35 -pwd {12ab99!} -memberof "class, data, davidgroup" -hmdrv z: -profile <mtps:InstrumentedLink NavigateUrl="" runat="server" xmlns:mtps="http://msdn2.microsoft.com/mtps">\\dfsf\dff</mtps:InstrumentedLink><mtps:InstrumentedLink NavigateUrl="" runat="server" xmlns:mtps="http://msdn2.microsoft.com/mtps">-loscr</mtps:InstrumentedLink> login.bat -mustchpwd {yes} -acctexpires never can't figure why this doesn't work. i got a "dsadd failed:The parameter is incorrect" message. Help would be appriciated. Hi, Thanks for your comments. The parameter -mustchpwd {yes} shoud be -mustchpwd yes The examples in this topic were updated to show that. Justin [MSFT] Active Directory Documentation Team

Tags :

Thomas Lee

Create a User with the Dsadd Command from MCTS microsoft

NOTE:put in one line in command prompt working sample: dsadd user "cn=Mike Fitzmaurice,ou=People,dc=contoso,dc=com" -samid mike.fitz -pwd * -mustchpwd yes -hmdir \\server01\users\%username%\documents -hmdrv U: //check profile path it was set to administrator cause I'm loggen in as admin now, it //should be mike.fitz so I change ds command to //how come no user logon name, it only have user logon name (pre2000) //anyways I won't be using dsadd better to use LDIFDE of CSVDE dsadd user "cn=Mike Fitzmaurice,ou=People,dc=contoso,dc=com" -samid mike.fitz -pwd * -mustchpwd yes -hmdir \\server01\users\mike.fitz\documents -hmdrv U: ------------------- //U: is the cmdline version of the connect option button in GUI //U: network drive ---------------- working sample: dsadd user CN=John,CN=Users,DC=it,DC=uk,DC=savilltech,DC=com -samid John -pwd Pa55word source:(http://windowsitpro.com) ---------------------- //how come no user logon name, it only have user logon name (pre2000) just add these sintaxes and it will be fixed: -samid &lt;username&gt; -upn &lt;username&gt; Exsample -samid mike.fitz -upn mike.fitz

Tags :

Thomas Lee

Create a User with the Dsadd Command from MCTS microsoft

Hi I have tried to get this to work but can't and need help, I am logged in as administrator, Type this line out exactly but the dsadd seems to fail every time. dsadd user "cn=Mike Fitzmaurice,ou=People,dc=contoso,dc=com" -samid mike.fitz -pwd * -mustchpwd yes -hmdir \\server01\users\%username%\documents -hmdrv U: enter user password <password entered> confirm user password <password entered> dsadd failed:'Thomas\Documents' is an unknown parameters. type dsadd /? for help. I also tried replacing the %username% with mike.fitz and the response I got was : enter user password <password entered> confirm user password <password entered> dsadd failed:cn=Mike Fitzmaurice,ou=People,dc=contoso,dc=com:Access is denied. type dsadd /? for help. C:\Users\Thomas> Any help with this problem would be greatly appreciated. Hi, You will have this problem if your domain controller is not the same. computer name=Mike Fitzmaurice organizationalunit=People domain controller=contoso domain controller=com If your not in the domain Contoso.com you wont have permission to do anything If your not in the Organisaitonal Unit People you wont have permission. Hope this helps Doug (IT Support Specialist)

Tags :

pleaseToHelpMe

dsadd with -hmdir does not work!

Ok, so here's an example: dsadd user "cn=testuser1,ou=TestOU,ou=Users,dc=TestDomain,dc=com" -ln testuser1 -pwd p#Ssw0rd -hmdir \\fileserver\home\$username$ -hmdrv U: It clearly states to use the $ and NOT the % sign when entering the "-hmdir"; however, this DOES NOT work. If I enter as stated, I get the following: Connect U: to <mtps:InstrumentedLink NavigateUrl="file://\\fileserver\home\$username$" runat="server" xmlns:mtps="http://msdn2.microsoft.com/mtps">\\fileserver\home\$username$</mtps:InstrumentedLink> and if I use the %username%, I get the username I am logged in as (i.e. <mtps:InstrumentedLink NavigateUrl="file://\\filieserver\home\admin" runat="server" xmlns:mtps="http://msdn2.microsoft.com/mtps">\\filieserver\home\admin</mtps:InstrumentedLink>). If I manually enter in a homefolder as <mtps:InstrumentedLink NavigateUrl="file://\\fileserver\home\%username%" runat="server" xmlns:mtps="http://msdn2.microsoft.com/mtps">\\fileserver\home\%username%</mtps:InstrumentedLink> then hit "apply", I get the desired result, why oh why hasn't this been fixed (apparently hasn't worked in >5 years). Below is quoted text from this webpage: You can use the special token $username$, which is case insensitive, to replace the SAM account name in the value of the -email, -hmdir, -profile, and -webpg parameters. For example, if a SAM account name is Denise, you can write the -hmdir parameter in either of the following formats: -hmdir \\users\Denise\home -hmdir \\users\$username$\home

Tags : not working dsadd hmdir

Justinha

dsadd -terminalprofile

hi, is there a version of dsadd which can create terminalserverprofiles? do you have any answer for this question? Hi, Thanks for you question. No there is no version of dsadd that can set the Remote Desktop Services user profile. In the Remarks section, I added a link to another topic that explains how to set Remote Desktop Services user profile by using Group Policy. Justin [MSFT] Active Directory Documentation Team

Tags :