Tip: Essential Command-Line Tools for Managing Active Directory

Follow Our Daily Tips

facebook.com/TechNetTips
twitter.com/TechNetTips
blogs.technet.com/tnmag

Windows Server 2008 R2 includes several tools that let you manage Active Directory from the command line. Here’s a look at the key tools and what they do.

Adprep Prepares a Windows forest or domain for installation of Windows domain controllers (DCs). To prepare a forest or a domain, use adprep /forestprep and adprep /domainprep, respectively. (Note that for Windows Server 2003 SP1 or later, a domain’s Group Policy isn’t automatically updated. To prepare Group Policy for the domain, you must use the command adprep /domainprep /gpprep. This modifies the access control entries (ACEs) for all Group Policy object (GPO) folders in the SYSVOL directory to grant read access to all enterprise domain controllers. This level of access is required to support RSoP for site-based policy. Because this security change causes the NT File Replication Service (NTFRS) to resend all GPOs to all domain controllers, you should use adprep /domainprep /gpprep only after careful planning.)

Dsadd Adds computers, contacts, groups, organizational units, and users to Active Directory. Type dsadd objectname /? at a command prompt to display help information about using the command, such as dsadd computer /?.

Dsget Displays properties of computers, contacts, groups, organizational units, users, sites, subnets, and servers registered in Active Directory. Type dsget objectname /? at a command prompt to display help information about using the command, such as dsget subnet /?.

Dsmod Modifies properties of computers, contacts, groups, organizational units, users, and servers that exist in Active Directory. Type dsmod objectname /? at a command prompt to display help information about using the command, such as dsmod server /?.

Dsmove Moves a single object to a new location within a single domain or renames the object without moving it. Type dsmove /? at a command prompt to display help information about using the command.

Dsquery Uses search criteria to find computers, contacts, groups, organizational units, users, sites, subnets, and servers in Active Directory. Type dsquery /? at a command prompt to display help information about using the command.

Dsrm Removes objects from Active Directory. Type dsrm /? at a command prompt to display help information about using the command.

Ntdsutil Allows the user to view site, domain, and server information; manage operations masters; and perform database maintenance of Active Directory. Type ntdsutil /? at a command prompt to display help information about using the command.

From the Microsoft Press book Windows Server 2008 Administrator’s Pocket Consultant, Second Edition by William R. Stanek.

Looking for More Tips?

For more tips on Microsoft products and technologies, visit the TechNet Tips library.