Windows Server 2003 features a command-line tool for modifying the properties of Active Directory (AD) objects called DSMod.exe. This is most useful for quick user password resets and other similar tasks. The GUI interface does the same thing, but being able to change these items from the command line opens up a host of options.
Say a user forgets the password for his Windows account. You can reset his password to a given default and set the password to require a change at the next logon. Follow these steps:
1. Open a command prompt on a Windows Server 2003 machine by entering cmd.exe in the Run box.
2. To reset a user’s password to the default of password, enter the following:Dsmod user
This tells DSMod to set the password for the user object referenced by the distinguished name to password, and to set the User Must Change Password At Next Logon value to True. This will require the user to select a new password when he logs on. When the command succeeds, a message will display on the command line that lets you know the modification was successful. This process is much faster than sifting through the AD Users And Computers snap-in to find the user.
Bonus tip: For a list of attributes and other items associated with DSMod, enter DSMod.exe ? in the Run box.
If you do not know a user’s distinguished name, you can look it up using two commands: DSQuery and DSget. Enter the following command on one line to get the user’s distinguished name:
DSQuery user -name Derek | DSGet user -distinguishedname
No comments:
Post a Comment