Cuentas de Usuario y Computadora Server core 2008

Módulo 2 Página 1

CONTENIDO

CREANDO CUENTAS DE USUARIO ................................................................................................... 3 CUENTAS DE USUARIO ................................................................................................................... 3

COMANDO DSADD (Directory Services Add) ...................................................................................... 4

CREANDO CUENTAS DE COMPUTADORAS ................................................................................... 4 AGREGAR UNA COMPUTADORA AL DOMINIO ......................................................................... 4 CREACION DE CUENTA DE COMPUTADORA MEDIANTE EL COMANDO DSADD ............ 5

PROPIEDADES DE USUSARIOS Y COMPUTADORAS .................................................................... 5 EXPLICAR LAS PROPIEDADES DE LOS USUARIOS Y COMPUTADORAS. ........................... 5

RENOMBRAR UNA CUENTA .......................................................................................................... 5 ADMINISTRANDO CUENTAS DE USUARIO Y COMPUTADORAS .............................................. 5

HABILITAR O DESHABILITAR CUENTAS DE USUARIO........................................................... 5 BLOQUEO DE CUENTAS (LOCK OUT) .......................................................................................... 6 RESETEAR EL PASSWORD DEL USUARIO .................................................................................. 6 RESETEAR UNA CUENTA DE COMPUTADORA: ........................................................................ 6

Dsadd ........................................................................................................................................................ 7 dsadd computer ..................................................................................................................................... 7

Syntax.................................................................................................................................................... 7 Parameters ............................................................................................................................................. 7 Remarks ................................................................................................................................................ 7

Examples ............................................................................................................................................... 8 dsadd contact ......................................................................................................................................... 8

Syntax.................................................................................................................................................... 8

Parameters ............................................................................................................................................. 8

Remarks ................................................................................................................................................ 9 Examples ............................................................................................................................................... 9 dsadd group ........................................................................................................................................... 9

Syntax.................................................................................................................................................... 9 Parameters ............................................................................................................................................. 9

Remarks .............................................................................................................................................. 10 Examples ............................................................................................................................................. 10 dsadd ou .............................................................................................................................................. 10

Syntax.................................................................................................................................................. 11 Parameters ........................................................................................................................................... 11

Remarks .............................................................................................................................................. 11 Examples ............................................................................................................................................. 11

dsadd user ............................................................................................................................................ 11 Syntax.................................................................................................................................................. 11 Parameters ........................................................................................................................................... 12 Remarks .............................................................................................................................................. 13 Examples ............................................................................................................................................. 14

dsadd quota ......................................................................................................................................... 14 Syntax.................................................................................................................................................. 14 Parameters ........................................................................................................................................... 14 Remarks .............................................................................................................................................. 15

Módulo 2 Página 2

Examples ............................................................................................................................................. 15 Formatting legend ............................................................................................................................... 15

Módulo 2 Página 3

CREANDO CUENTAS DE USUARIO CUENTAS DE USUARIO

Las cuentas de usuario son credenciales que van a identificar a cada uno de los usuarios frente a una

computadora o una red. Estas cuentas pueden ser LOCALES si se crean en una computadora, o

cuentas de DOMINIO sin son creadas en el Active Directory. La diferencia entre una cuenta de

dominio y una cuenta local es que las cuentas locales solo se pueden utilizar en la computadora en la

cual fue creada. Mientras que las cuentas de Dominio pueden utilizarse en cualquier computadora que

pertenezca al Dominio.

Existen 5 nombres que están asociados a una misma cuenta de usuario. Todos identifican al mismo

objeto, el uso radica en la herramienta o función con la que estemos refiriéndonos al objeto.

1.- USER LOGON NAME: El usuario utiliza este nombre cuando ingresa a la red o a una maquina

local y utiliza:

Autenticación PreWindows 2000, username, password y Dominio.

El nombre debe de ser Único en todo el Bosque, tiene un tamaño máximo de 20 Caracteres.

No es sensible a mayúsculas y minúsculas, pero si retiene si el nombre se escribió en

mayúsculas o minúsculas

Ejemplo lperez

2.- PRE-WINDOWS 2000 LOGON NAME: Estos se forman de 2 partes que son “Nombre de

Dominio \ User Logon Name” ejemplo Corp\lperez, estos nombres son los que tradicionalmente se

utilizan al ingresar a Redes Microsoft.

3.- USER PRINCIPAL LOGON NAME: Es un nuevo nombre que se utiliza a partir de Windows

2003 para poder ingresar al dominio. Se compone básicamente de 2 partes, la primera parte es el USER

LOGON NAME seguido por el carácter “@” y luego le sigue lo que se le conoce como Sufijo ejemplo

[email protected] normalmente el sufijo es el nombre del dominio, pero este puede ser cambiado y se

pueden agregar otros sufijos.

4.- LDAP DISTINGUISED NAME: Al igual que las OU los objetos también los podemos acceder

mediante el Protocolo LDAP lleva el siguiente formato CN+OU+DC

CN= Common Name del Objeto

OU= Empezando por la OU que se encuentra más cerca del Objeto o Usuario

DC= Nombre del Dominio

Ejemplo CN=luis, OU=ventas, DC=corp, DC=com

5.- LDAP RELATIVE DISTINGUISED NAME: Este es solo una porción de lo que es el nombre

completo del Distinguised Name, ejemplo CN= Luis,

Algo que debemos conocer es que internamente se utiliza lo que se conoce como el SID.

mailto:[email protected]

Módulo 2 Página 4

SID: Cada uno de los usuarios es representado por un Identificador Único que se llama SID. Este es el

que lo identifica en el Active Directory.

Para crear una cuenta de usuario de Dominio nos vamos a la herramienta Active Directory User and

Computers. Seleccionamos la Unidad Organizativa en la que va a residir el usuario, clic derecho a la

OU, New User, pregunta el nombre, el apellido, generando automáticamente el nombre completo,

después pregunta el User Logon Name, es bueno tener una política para crear estos nombre, ejemplo la

primera inicial del nombre seguida por el apellido, después pregunta el Sufijo, estos dos nos da el User

Principal Name, y podemos poner el Pre-Windows 2000 User Logon Name, le damos siguiente y nos

pregunta el password, estos se rigen por la política del active directory que podemos definir, luego

confirmamos el mismo password y tendremos diferentes opciones.

COMANDO DSADD (Directory Services Add) Dsadd user “cn=Hugo,ou=ventas,ou=Guatemala,ou=corp,dc=corp,dc=com” –samid hsing –upn

[email protected] –pwd p@ssw0r1 – display “Hugo Sing”

User: nos indica que vamos a agregar al Active Directory un objeto usuario

Luego escribimos el Distinguised Name entre comías. Empezando por la OU que se encuentra más

cerca del Objeto o Usuario, subiendo todos los niveles hasta llegar al dominio.

-samid = le decimos cual es el User Logon Name

-upn = (User Principal Name)

-pwd = Password

-display = Display Name

Ejecutamos el comando en la consola de comandos y este es creado al Active Directory.

CREANDO CUENTAS DE COMPUTADORAS Las cuentas de computadora sirven para poder autenticar y auditar a las computadoras que pertenecen a

un Dominio. Además de poder instalar software de forma remota, administrar el entorno de trabajo y

poder sacar un inventario tanto de hardware como de software, estas cuentas de computadora son

requeridas a partir de Windows Nt, como Windows XP, Windows 2003, Windows Vista, Windows 7,

Windows 2008.

Para que un usuario pueda tener ingreso a la red, es necesario que este cuente con una cuenta de usuario

valida y además en la computadora donde esté trabajando tenga una cuenta de computadora valida.

AGREGAR UNA COMPUTADORA AL DOMINIO

Las cuentas de computadora son creadas de forma automática al momento que se adhiere una

computadora al Dominio, esto se hace dando clic derecho a my pc, propiedades, en Computer name, le

damos Change y aquí escribimos el nombre de la computadora y el nombre del dominio a la que

pertenece, al momento de que fue pegada al dominio automáticamente se crea una cuenta de

computadora. Esto lo puede hacer cualquier usuario que pertenezca al dominio. El usuario puede

autenticar un máximo de 10 computadoras.

mailto:[email protected]

Módulo 2 Página 5

Al ir al Active Directory user and computer, buscamos la OU Computers, todas las cuentas de

computadoras que se crean automáticamente residen en esta OU automáticamente.

CREACION DE CUENTA DE COMPUTADORA MEDIANTE EL COMANDO DSADD

Nos vamos a la línea de comando y escribimos el comando

dsadd computer “cn=wks-ventas1,ou=ventas,ou=guatemala,ou=corp,dc=corp,dc=com” loc “area

ventas”

ver complemento de la 2da unidad.

PROPIEDADES DE USUSARIOS Y COMPUTADORAS Para un administrador es importante poder modificar las propiedades tanto de las cuentas de usuario

como de las cuentas de las computadoras, ya que estas pueden ser una fuente de información para los

usuarios dentro de la red. También poder hacer otro tipo de modificaciones que afecten el entorno de

los usuarios o computadoras.

EXPLICAR LAS PROPIEDADES DE LOS USUARIOS Y COMPUTADORAS.

Desde el Active Directory User and Computers, vemos los diferentes usuario y cuentas de

computadoras, simplemente vamos al usuario que queremos modificar y le damos doble clic, aquí nos

aparecen las diferentes propiedades que podemos estar modificando de este usuario.

Así mismo podemos modificar las cuentas de computadora, y al darle doble clic nos aparecerán las

propiedades, podemos agregar una descripción, poner un encargado de la computadora para

administrarla, poder escribir la localización de esta computadora etc.

RENOMBRAR UNA CUENTA

Otra de las características que podemos modificar en el Active Directory la podemos encontrar al

posicionarnos sobre un objeto en especial, simplemente dándole un clic derecho y escoger en el menú

lo que vayamos a realizar, ejemplo, deshabilitar una cuenta, Reset password, Renombrar etc.

Ejemplo, tenemos un usuario que ya no estará en la empresa, y en su lugar viene otra persona y

queremos que tenga las mismas propiedades, podemos renombrar la cuenta, al darle enter nos aparecerá

las propiedades personales, como el nombre, user logon name etc.

ADMINISTRANDO CUENTAS DE USUARIO Y

COMPUTADORAS HABILITAR O DESHABILITAR CUENTAS DE USUARIO.

Desde el Active Directory user and computer, ejemplo un usuario que salga de vacaciones y no

queremos que nadie pueda utilizarla por ese tiempo, la debemos deshabilitar, y cuando regrese la

podemos habilitar, para eso le damos un clic derecho sobre el usuario y le demos Disable Account, lo

mismo para habilitarla le damos Enable Account. Esta opción la podemos hacer al momento de crear

la cuenta donde pregunta el password podemos deshabilitar la cuenta.

Módulo 2 Página 6

BLOQUEO DE CUENTAS (LOCK OUT)

Esta característica es utilizada para definir el número de fallos de intento de ingreso a la red y también

como protección contra hackers que intentan averiguar la contraseña de una cuenta. Estos fallos de

intento de ingreso se contaran cuando el usuario no ingresa correctamente su contraseña, ya sea en la

ventana de logon cuando inicie su computadora o al intentar desproteger una computadora que tiene un

des cansador de pantalla protegido por contraseña.

Esta opción viene deshabilitada por default y para hacerlo hay que modificar la política Interactive

Logon: Require Domain controller authentication to unlcok Workstation o al acceder a un recurso en la

red. Debemos de tomar nota que la cuenta Pre-construida del administrador NUNCA será bloqueada,

por tanto una buena práctica es renombrar esta cuenta.

RESETEAR EL PASSWORD DEL USUARIO

Para cambiar el password de un usuario le damos clic derecho sobre el usuario y le damos Reset

Password, y nos pregunta el nuevo password del usuario. Así el usuario tendrá una nueva contraseña.

Hay que tomar en cuenta que si esta contraseña es utilizada por el algoritmo de encriptación y el

usuario tiene archivos o correos electrónicos protegidos o encriptados en este caso el usuario ya no

podrá tener acceso a esos archivos y emails, ya que el algoritmo como parte de encriptación utiliza el

password, y también si el usuario tenía guardado el password en el Internet Explorer también tendría

problemas.

RESETEAR UNA CUENTA DE COMPUTADORA:

Lo primero que debemos de conocer es cuando lo debemos de estar haciendo, esto lo hacemos por 2

razones

1.- Cuando la cuenta de la computadora falla en la autenticación hacia el dominio.

2.- Cuando la cuenta de la computadora haya perdido el password de sincronización.

En estos momentos se necesitó resetear la cuenta de computadora, para hacerlo se le da botón derecho

y le damos Reset Account, que implicaciones tiene esto:

1.- Solo las cuentas que estén como Account Operator, Domain Admin o Enterprise Admin pueden

hacer el reset de una computadora. Algo importante es que cuando se resetea la cuenta es necesario

volver a pegar al dominio la máquina que era dueña de esta cuenta de computadora.

Módulo 2 Página 7

Dsadd Adds specific types of objects to the directory. The dsadd commands include:

• dsadd computer

• dsadd contact

• dsadd group

• dsadd ou

• dsadd user

• dsadd quota

dsadd computer Adds a single computer to the directory.

Top of page Syntax dsadd computer ComputerDN [-samid SAMName] [-desc Description] [-locLocation] [-memberof GroupDN ...]

[{-s Server | -d Domain}] [-uUserName] [-p {Password | *}] [-q] [{-uc | -uco | -uci}]

Parameters ComputerDN Required. Specifies the distinguished name of the computer you want to add. If the distinguished name is omitted, it will be taken from standard input (stdin). -samid SAMName Specifies to use the SAM name as the unique SAM account name for this computer (for example, TESTPC2$). If this parameter is not specified, then a SAM account name is derived from the value of the common name attribute used in ComputerDN. -desc Description Specifies the description of the computer you want to add.

-loc Location Specifies the location of the computer you want to add. -memberof GroupDN ... Specifies the groups in which you want the computer as a member. {-s Server | -d Domain} Connects the computer to either a specified server or domain. By default, the computer is connected to the domain controller in the logon domain. -u UserName Specifies the user name with which the user logs on to a remote server. By default, -u uses the user name with which the user logged on. You can use any of the following formats to specify a user name:user name (for example, Linda)domain\user name (for example, widgets\Linda)user principal name (UPN) (for example,

[email protected]) -p {Password| *} Specifies to use either a password or a * to log on to a remote server. If you type *, you are prompted for a password. -q Suppresses all output to standard output (quiet mode). {-uc | -uco | -uci} Specifies that output or input data is formatted in Unicode. The following table lists and describes each format.ValueDescription-uc Specifies a Unicode format for input from or output to a pipe (|).-uco Specifies a Unicode format for output to a pipe (|) or a file. -uci Specifies a Unicode format for input from a pipe (|) or a file. /? Displays help at the command prompt.

Remarks • If you do not supply a target object at the command prompt, the target object is obtained from standard input

(stdin). Stdin data can be accepted from the keyboard, a redirected file, or as piped output from another

command. To mark the end of stdin data from the keyboard or in a redirected file, use the end-of-file character

(CTRL+Z).

http://technet2.microsoft.com/WindowsServer/en/library/8d37ecb0-ac28-4e05-aa05-da82dc36b54b1033.mspx#BKMK_1






http://technet2.microsoft.com/WindowsServer/en/library/8d37ecb0-ac28-4e05-aa05-da82dc36b54b1033.mspx#top


Módulo 2 Página 8

• If a value that you supply contains spaces, use quotation marks around the text (for example,

"CN=DC 2,OU=Domain Controllers,DC=Microsoft,DC=Com").

• If you supply multiple values for a parameter, use spaces to separate the values (for example, a list of

distinguished names).

Examples To create a computer account named WorkstationA in the default Computers container of fabrikam.com, at a

command prompt, type the following command, and then press ENTER:

dsadd computer cn=WorkstationA,cn=computers,dc=fabrikam,dc=com

To create a computer account named WorkstationB in a top-level OU named Service Dept in the same domain, at a


dsadd computer "cn=WorkstationB,ou=service dept,dc=fabrikam,dc=com"

dsadd contact Adds a single contact to the directory.

Top of page Syntax dsadd contact ContactDN [-fn FirstName] [-mi Initial] [-ln LastName] [-display DisplayName] [-desc

Description] [-office Office] [-tel PhoneNumber] [-email Email] [-hometel HomePhoneNumber] [-pager

PagerNumber] [-mobile CellPhoneNumber] [-fax FaxNumber] [-iptel IPPhoneNumber] [-title Title] [-dept

Department] [-company Company] [{-s Server | -d Domain}] [-u UserName] [-p {Password | *}] [-q ] [{-uc | -

uco | -uci }]

Parameters ContactDN Required. Specifies the distinguished name of the contact you want to add. If the distinguished name is omitted, it will be taken from standard input (stdin). -fn FirstName Specifies the first name of the contact you want to add. -mi Initial Specifies the middle initial of the contact you want to add.

-ln LastName Specifies the last name of the contact you want to add. -display DisplayName Specifies the display name of the contact you want to add. -desc Description Specifies the description of the contact you want to add. -office Office Specifies the office location of the contact you want to add. -tel PhoneNumber Specifies the telephone number of the contact you want to add. -email Email

Specifies the e-mail address of the contact you want to add. -hometel HomePhoneNumber Specifies the home telephone number of the contact you want to add. -pager PagerNumber Specifies the pager number of the contact you want to add. -mobile CellPhoneNumber Specifies the mobile phone number of the contact you want to add. -fax FaxNumber Specifies the fax number of the contact you want to add. -iptel IPPhoneNumber Specifies the IP phone number of the contact you want to add. -title Title

Specifies the title of the contact you want to add. -dept Department



Módulo 2 Página 9

Specifies the department of the contact you want to add. -company Company Specifies the company information for the contact you want to add. {-s Server | -d Domain} Connects to a specified remote server or domain. By default, the computer is connected to the domain controller in the logon domain. -u UserName Specifies the user name with which the user logs on to a remote server. By default, the logged on user name is

used. You can specify a user name using one of the following formats:user name (for example, Linda)domain\user name (for example, widgets\Linda)user principal name (UPN) (for example, [email protected]) -p {Password | *} Specifies to use either a password or a * to log on to a remote server. If you type *, you are prompted for a password. -q Suppresses all output to standard output (quiet mode). {-uc | -uco | -uci} Specifies that output or input data is formatted in Unicode. The following table lists and describes each format.ValueDescription-uc Specifies a Unicode format for input from or output to a pipe (|).-uco Specifies a Unicode format for output to a pipe (|) or a file. -uci Specifies a Unicode format for input from a pipe (|) or a file. /?

Displays help at the command prompt.




(CTRL+Z).

• If the value that you supply contains spaces, use quotation marks around the text (for example,

"CN=Mike Danseglio,CN=Users,DC=Microsoft,DC=Com").

• This command only supports a subset of commonly used object class attributes.

Examples To create a contact named Jeff Hay in a top-level OU named Service Dept in the fabrikam.com domain, at a


dsadd contact "cn=Jeff Hay,ou=service dept,dc=fabrikam,dc=com"

To create a contact named Jun Cao in the default users container, at a command prompt, type the following

command, and then press ENTER:

dsadd contact "cn=Jun Cao,cn=users,dc=fabrikam,dc=com"

dsadd group Adds a single group to the directory.

Top of page Syntax dsadd group GroupDN [-secgrp {yes | no}] [-scope {l | g | u}] [-samid SAMName] [-desc Description] [-

memberof Group ...] [-members Member ...] [{-s Server | -d Domain}] [-u UserName] [-p {Password | *}] [-

q] [{-uc | -uco | -uci}]

Parameters GroupDN Required. Specifies the distinguished name of the group you want to add. If the distinguished name is omitted, it will be taken from standard input (stdin). -secgrp {yes | no} Specifies whether the group you want to add is a security group (yes) or a distribution group (no). By default, the group is added as a security group (yes).

-scope {l | g | u}



Módulo 2 Página 10

Specifies whether the scope of the group you want to add is domain local (l), global (g), or universal (u). If the domain is in mixed-mode, then the universal scope is not supported. By default, the scope of the group is set to global. -samid SAMName Specifies to use the SAM name as the unique SAM account name for this group (for example, operators). If this parameter is not specified, it is generated from the relative distinguished name. -desc Description Specifies the description of the group you want to add.

-memberof Group ... Specifies the groups to which this new group should be added. -members Member ... Specifies the members to add to the new group. {-s Server | -d Domain} Connects to a specified remote server or domain. By default, the computer is connected to the domain controller in the logon domain. -u UserName Specifies the user name with which the user logs on to a remote server. By default, -u uses the user name with which the user logged on. You can use any of the following formats to specify a user name: user name (for example, Linda)domain\user name (for example, widgets\Linda)user principal name (UPN) (for example, [email protected])

-p {Password | *} Specifies to use either a password or a * to log on to a remote server. If you type *, you are prompted for a password. -q Suppresses all output to standard output (quiet mode). {-uc | -uco| -uci} Specifies that output or input data is formatted in Unicode. The following table lists and describes each format. ValueDescription-uc Specifies a Unicode format for input from or output to a pipe (|).-uco Specifies a Unicode format for output to a pipe (|) or a file. -uci Specifies a Unicode format for input from a pipe (|) or a file. /? Displays help at the command prompt.




(CTRL+Z).






Examples To create a group account named Techs in an OU named Repairs, which is subordinate to the top-level OU

Service Dept of the domain fabrikam.com, at a command prompt, type the following command, and then press

ENTER:

dsadd group "cn=Techs,ou=Repairs,ou=Service Dept,dc=fabrikam,dc=com"

To create a group account named Support in the default Users container of fabrikam.com, at a command prompt,

type the following command, and then press ENTER:

dsadd group cn=Support,cn=Users,dc=fabrikam,dc=com

dsadd ou Adds a single organizational unit (OU) to the directory.

Top of page




Syntax dsadd ou OrganizationalUnitDN [-desc Description] [{-s Server | -d Domain}][-u UserName] [-p {Password | *}]

[-q] [{-uc | -uco | -uci}]

Parameters OrganizationalUnitDN Required. Specifies the distinguished name of the organizational unit you want to add. If the distinguished name is omitted, it will be taken from standard input (stdin). -desc Description Specifies the description of the organizational unit you want to add. {-s Server | -d Domain} Connects to a specified remote server or domain. By default, the computer is connected to the domain controller in the logon domain. -u UserName

Specifies the user name with which the user logs on to a remote server. By default, the logged on user name is used. You can specify a user name using one of the following formats: user name (for example, Linda)domain\user name (for example, widgets\Linda)user principal name (UPN) (for example, [email protected]) -p {Password | *} Specifies to use either a password or a * to log on to a remote server. If you type *, you are prompted for a password. -q Suppresses all output to standard output (quiet mode). {-uc | -uco | -uci} Specifies that output or input data is formatted in Unicode. The following table lists and describes each format. ValueDescription-uc Specifies a Unicode format for input from or output to a pipe (|).-uco Specifies a Unicode

format for output to a pipe (|) or a file. -uci Specifies a Unicode format for input from a pipe (|) or a file. /? Displays help at the command prompt.




(CTRL+Z).


"OU=Domain Controllers,DC=Microsoft,DC=Com").


Examples To create an OU named Service Dept in a domain named fabrikam.com, at a command prompt, type the following


dsadd ou "ou=Service Dept,dc=fabrikam,dc=com"

To create an OU subordinate to the Service Dept named Repairs, at a command prompt, type the following


dsadd ou "ou=Repairs,ou=Service Dept,dc=fabrikam,dc=com"

dsadd user Adds a single user to the directory.

Top of page Syntax dsadd user UserDN [-samid SAMName] [-upn UPN] [-fn FirstName] [-mi Initial] [-ln LastName] [-display

DisplayName] [-empid EmployeeID] [-pwd {Password | *}] [-desc Description] [-memberof Group ...] [-office

Office] [-tel PhoneNumber] [-email Email] [-hometel HomePhoneNumber] [-pager PagerNumber] [-mobile

CellPhoneNumber] [-fax FaxNumber] [-iptel IPPhoneNumber] [-webpg WebPage] [-title Title] [-dept




Department] [-company Company] [-mgr Manager] [-hmdir HomeDirectory] [-hmdrv DriveLetter:][-profile

ProfilePath] [-loscr ScriptPath] [-mustchpwd {yes | no}] [-canchpwd {yes | no}] [-reversiblepwd {yes |

no}] [-pwdneverexpires {yes | no}] [-acctexpires NumberOfDays] [-disabled {yes | no}] [{-s Server | -d

Domain}] [-u UserName] [-p {Password | *}] [-q] [{-uc | -uco | -uci}]

Parameters UserDN Required. Specifies the distinguished name of the user you want to add. If the distinguished name is omitted, it will

be taken from standard input (stdin). -samid SAMName Specifies the SAM name as the unique SAM account name for this user (for example, Linda). If not specified, dsadd will attempt to create SAM account name using up to the first 20 characters from the common name (CN) value of UserDN. -upn UPN Specifies the user principal name of the user you want to add, (for example, [email protected]). -fn FirstName Specifies the first name of the user you want to add. -mi Initial Specifies the middle initial of the user you want to add.

-ln LastName Specifies the last name of the user you want to add. -display DisplayName Specifies the display name of the user you want to add. -empid EmployeeID Specifies the employee ID of the user you want to add. -pwd {Password| *} Specifies the password for the user to be set to Password or *. If set to *, you are prompted for a user password. -desc Description Specifies the description of the user you want to add. -memberof GroupDN ... Specifies the distinguished names of the groups in which you want the user to be a member.

-office Office Specifies the office location of the user you want to add. -tel PhoneNumber Specifies the telephone number of the user you want to add. -email Email Specifies the e-mail address of the user you want to add. -hometel HomePhoneNumber Specifies the home telephone number of the user you want to add. -pager PagerNumber Specifies the pager number of the user you want to add. -mobile CellPhoneNumber Specifies the cell phone number of the user you want to add.

-fax FaxNumber Specifies the fax number of the user you want to add. -iptel IPPhoneNumber Specifies the IP phone number of the user you want to add. -webpg WebPage Specifies the Web page URL of the user you want to add. -title Title Specifies the title of the user you want to add. -dept Department Specifies the department of the user you want to add. -company Company

Specifies the company information of the user you want to add. -mgr ManagerDN Specifies the distinguished name of the manager of the user you want to add. -hmdir HomeDirectory Specifies the home directory location of the user you want to add. If HomeDirectory is given as a Universal Naming Convention (UNC) path, then you must specify a drive letter to be mapped to this path using the -hmdrv parameter.


-hmdrv DriveLetter : Specifies the home directory drive letter (for example, E:) of the user you want to add.. -profile ProfilePath Specifies the profile path of the user you want to add. -loscr ScriptPath Specifies the logon script path of the user you want to add. -mustchpwd {yes | no} Specifies if users must change their passwords at the time of next logon (yes) or not (no). By default, the user

does not need to change the password (no). -canchpwd {yes | no} Specifies if users can change their passwords at all (yes) or not (no). By default, the user is allowed to change the password (yes). The value of this parameter must be yes if the value of the -mustchpwd parameter is yes. -reversiblepwd {yes | no} Specifies if the user password should be stored using reversible encryption (yes) or not (no). By default, the user cannot use reversible encryption (no). -pwdneverexpires {yes | no} Specifies if the user password never expires (yes) or not (no). By default, the user password does expire (no). -acctexpires NumberOfDays Specifies the number of days from today that the user account will expire. A value of 0 sets expiration at the end of today. A positive value sets expiration in the future. A negative value sets expiration in the past. The value never

sets the account to never expire. For example, a value of 0 implies that the account expires at the end of today. A value of -5 implies that the account has already expired 5 days ago and sets an expiration date in the past. A value of 5 sets the account expiration date for 5 days in the future. -disabled {yes | no} Specifies if the user account is disabled for log on (yes) or enabled (no). For example, the command dsadd user CN=Nicolettep,CN=Users,DC=Widgets,DC=Microsoft,DC=Com -pwd Password1 -disabled no creates a Nicolettep user account in an enabled state. By default, the user account is disabled for log on (yes). For example, the command dsadd user CN=Nathanp,CN=Users,DC=Widgets,DC=Microsoft,DC=Com creates a Nathanp user account in a disabled state. {-s Server | -d Domain} Connects to a specified remote server or domain. By default, the computer is connected to the domain controller in the logon domain.

-u UserName Specifies the user name with which the user logs on to a remote server. By default, -u uses the user name with which the user logged on. You can use any of the following formats to specify a user name: user name (for example, Linda)domain\user name (for example, widgets\Linda)user principal name (UPN) (for example, [email protected]) -p {Password | *} Specifies to use either a password or a * to log on to a remote server. If you type *, you are prompted for a password. -q Suppresses all output to standard output (quiet mode). {-uc | -uco | -uci}

Specifies that output or input data is formatted in Unicode. The following table lists and describes each format. ValueDescription-uc Specifies a Unicode format for input from or output to a pipe (|).-uco Specifies a Unicode format for output to a pipe (|) or a file. -uci Specifies a Unicode format for input from a pipe (|) or a file. /? Displays help at the command prompt.




(CTRL+Z).





• The special token $username$ (case insensitive) may replace the SAM account name in the value of the -email ,


-hmdir , -profile , and -webpg parameters. For example, if a SAM account name is "Denise," the -hmdir

parameter can be written in either of the following formats:

-hmdir\users\Denise\home

-hmdir\users\$username$\home

• Using strong passwords on all user accounts can help minimize security risks. For more information about strong

passwords, see Related Topics.

Examples To create a disabled user account named OCox in the top-level OU named Service Dept in the fabrikam.com

domain, at a command prompt, type the following command, and then press ENTER:

dsadd user cn=OCox,ou=Service Dept,dc=fabrikam,dc=com -disabled yes

To create a user account named ACon with a password of $erVice41 in the default users container of the same

domain, at a command prompt, type the following command, and then press ENTER:

Dsadd user "cn=ACon,cn=users,dc=fabrikam,dc=com" -pwd $erVice41

dsadd quota Adds a quota specification to a directory partition. A quota specification determines the maximum number of

directory objects a given security principal can own in a specified directory partition.

Top of page Syntax dsadd quota -part PartitionDN [-rdn RelativeDistinguishedName] -acct Name -qlimit Value [-desc Description]

[{-s Server | -d Domain}] [-u UserName][-p {Password | *}] [-q] [{-uc | -uco | -uci}]

Parameters -part PartitionDN Required. Specifies the distinguished name of the directory partition on which you want to create a quota. If you do not specify the distinguished name, it is taken from standard input (stdin). -rdn RelativeDistinguishedName Specifies the relative distinguished name of the quota specification being created. If you do not specify -rdn , it is set to Domain_AccountName, using the domain and account name of the security principal specified by the -acct parameter.

-acct Name Required. Specifies the security principal (user, group, computer, or InetOrgPerson) to whom the quota specification applies. You can use any of the following forms for Name: Distinguished name (also known as DN) of the security principalDomain\SAMAccountName of the security principal -qlimit Value Required. Specifies the number of objects within the directory partition that can be owned by the security principal. To specify an unlimited quota, use -1. -desc Description Specifies a description for the quota specification that you want to add. {-s Server | -d Domain} Connects the computer to either a specified server or domain. By default, the computer is connected to a domain

controller in the logon domain. -u UserName Specifies the user name with which user will log on to a remote server. By default, -u uses the user name with which the user logged on. You can use any of the following formats to specify a user name: user name (for example, Linda)domain\user name (for example, widgets\Linda)user principal name (UPN) (for example, [email protected]) -p {Password| *} Specifies use of a specific password or a * to log on to a remote server. If you type *, you are prompted for a password. -q Suppresses all output to standard output (quiet mode). {-uc | -uco | -uci}




Specifies that output or input data is formatted in Unicode. The following table lists and describes each format. ValueDescription-uc Specifies a Unicode format for input from or output to a pipe (|).-uco Specifies a Unicode format for output to a pipe (|) or a file. -uci Specifies a Unicode format for input from a pipe (|) or a file. /? Displays help at the command prompt.

Remarks • If you do not specify a target object at the command prompt, the target object is obtained from standard input


command. To mark the end of stdin data from the keyboard or in a redirected file, use CTRL+Z for End of File

(EOF).

• If a value that you use contains spaces, use quotation marks around the text (for example,

"CN=DC 2,OU=Domain Controllers,DC=Microsoft,DC=Com").

Examples To specify a quota of 1000 objects for the configuration partition for user account AConn, which is in the default

Users container of the fabrikam.com domain, at a command prompt, type the following command, and then press

ENTER:

dsadd quota -part cn=configuration,dc=fabrikam,dc=com -acct

cn=aconn,cn=users,dc=fabrikam,dc=com

Formatting legend

Format Meaning

Italic Information that the user must supply

Bold Elements that the user must type exactly as shown

Ellipsis (...) Parameter that can be repeated several times in a

command line

Between brackets ([]) Optional items

Between braces ({}); choices separated by pipe (|).

Example: {even|odd}

Set of choices from which the user must choose only

one

Courier font Code or program output

Documents

Cuentas de Usuario y Computadora Server core 2008