Using Dsmod To Update a Large Number of User Records at One Time

Use this method to update a large number of accounts without the use of a wildcard character.

John Savill

November 27, 2006

2 Min Read
ITPro Today logo in a gray background | ITPro Today

I'm using Windows Server 2003's Dsmod command to modify user accounts in Active Directory (AD). Can I use a wildcard character as part of the target object?

No you can't use wildcard characters with Dsmod. But I can show you a way to work around this. Ordinarily when using the Dsmod utility, you pass one or more target objects, separated by a space. So for example to update the passwords for Bruce Wayne and Clark Kent, I would type the command

 dsmod user “cn=bruce wayne,  ou=JusticeLeague,dc=r2demo,  dc=test” “cn=clark kent,  ou=JusticeLeague,dc=r2demo,  dc=test” -pwd Pa55word

And the system should return

dsmod succeeded:cn=bruce wayne,  ou=JusticeLeague,dc=r2demo,  dc=testdsmod succeeded:cn=clark kent,  ou=JusticeLeague,dc=r2demo,  dc=test

Now, lets say that I have 500 objects in an organizational unit (OU) and I want to update all of them. Instead of passing 500 distinguished names (DNs), one for each object, it would be much easier to pass a wildcard character as part of the target object name (e.g., *,ou=JusticeLeague,dc=r2demo,dc=test), but unfortunately, Dsmod doesn't support it. However, Windows does support the concept of piping output from one command as the input of another command, which you denote by using the pipe (|) character. Therefore, you can use another command whose output is a list of the DNs of the objects in the specified OU, as the equivalent of the wildcard. For example, to return a lis of all user type objects in the JusticeLeague OU, use the Dsquery command as follows:

dsquery user ou=JusticeLeague,  dc=r2demo,dc=test

and the system would return

“CN=Bruce Wayne,OU=JusticeLeague,  DC=r2demo,DC=test”“CN=Clark Kent,OU=JusticeLeague,  DC=r2demo,DC=test”“CN=Diana Prince,OU=JusticeLeague,  DC=r2demo,DC=test”“CN=Hal Jordan,OU=JusticeLeague,  DC=r2demo,DC=test”“CN=Arthur Curry,OU=JusticeLeague,  DC=r2demo,DC=test”“CN=Wally West,OU=JusticeLeague,  DC=r2demo,DC=test”

Now if you combine the Dsmod and Dsquery commands, as the following example shows, you can perform modifications on all the users in the OU.

dsquery user ou=JusticeLeague,  dc=r2demo,dc=test| dsmod user  -pwd Pa55word

Now suppose you want to update only users in a certain group. For that task, you'd use the Dsget command to list all members of a given group and then pipe the output to the Dsmod command, as the following command shows:

dsget group “cn=members,  ou=JusticeLeague,dc=r2demo,  dc=test” -members| dsmod user  -pwd Pa55word

When you combine the power of Dsquery and Dsget, you can do far more than with a wildcard character, leading to very granular search outputs that you can use as input to your modification requirements. You're limited only by your skill with the Dsquery and Dsget commands.

About the Author

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like