dsquery and dsmodify

puertorico123puertorico123 Member Posts: 95 ■■□□□□□□□□
in Off-Topic
i making a use group in a active directory of server 2003. the active directory have grown, each day via LDAP, disable by default to enable and configure a exchange account, how to make a dsquery for disable account, for then, use dsmodify for enable, change property to (never password expire)? and is possible to make a script to configure exchange later? thanks in advanced.
HOLD:
Comptia A+
Comptia Network+

2009 Plan:
MCSA...75%
CCENT....0%
70-648..0%

2010 Plan:
MCITP
ORACLE
· Share on FacebookShare on Twitter

Comments

  • brad-brad- Member Posts: 1,218
    An incredibly useful way to use piping is to query for all inactive user accounts and immediately disable them. Want to disable any user account that’s gone inactive for at least half a year? It's done like this:

    dsquery user domainroot -inactive 26 | dsmod user -disabled yes

    Microsoft Certified Professional Magazine Online | Column: Piping with DSQUERY

    I dont think you can change the password expiration properties with a DS command...I would do that in group policy.
    · Share on FacebookShare on Twitter
  • puertorico123puertorico123 Member Posts: 95 ■■□□□□□□□□
    brad- wrote: »
    Microsoft Certified Professional Magazine Online | Column: Piping with DSQUERY

    I dont think you can change the password expiration properties with a DS command...I would do that in group policy.

    dsquery user -disable | dsmod user -enable yes

    this command generate a list of all user disable in the server for pipe to dsmod and automatic enable account?
    HOLD:
    Comptia A+
    Comptia Network+

    2009 Plan:
    MCSA...75%
    CCENT....0%
    70-648..0%

    2010 Plan:
    MCITP
    ORACLE
    · Share on FacebookShare on Twitter
  • blargoeblargoe Member Posts: 4,174 ■■■■■■■■■□
    I think the -disable and -enable switches are for Account expiration, not password expiration
    IT guy since 12/00

    Recent: 11/2019 - RHCSA (RHEL 7); 2/2019 - Updated VCP to 6.5 (just a few days before VMware discontinued the re-cert policy...)
    Working on: RHCE/Ansible
    Future: Probably continued Red Hat Immersion, Possibly VCAP Design, or maybe a completely different path. Depends on job demands...
    · Share on FacebookShare on Twitter
  • puertorico123puertorico123 Member Posts: 95 ■■□□□□□□□□
    blargoe wrote: »
    I think the -disable and -enable switches are for Account expiration, not password expiration

    the switches are about account, because the LDAP make account but disable, to avoid one to one enable account (manualy) i need a batch proccesor, that get all disable account and enable automatic.
    HOLD:
    Comptia A+
    Comptia Network+

    2009 Plan:
    MCSA...75%
    CCENT....0%
    70-648..0%

    2010 Plan:
    MCITP
    ORACLE
    · Share on FacebookShare on Twitter
  • undomielundomiel Member Posts: 2,818
    You almost have it.

    dsquery user -disable | dsmod user -disabled no

    This one liner will pipe all the disabled users through dsmod which will enable the users. Enable is not a valid switch for dsmod.
    Jumping on the IT blogging band wagon -- http://www.jefferyland.com/
    · Share on FacebookShare on Twitter
Sign In or Register to comment.