I'm using Windows Server 2003's Dsmod command to modify user accounts in Active Directory (AD). Can I use a wildcard character as part of the target object?
No you can't use wildcard characters with Dsmod. But I can show you a way to work around this. Ordinarily when using the Dsmod utility, you pass one or more target objects, separated by a space. So for example to update the passwords for Bruce Wayne and Clark Kent, I would type the command
And the system should return
Now, lets say that I have 500 objects in an organizational unit (OU) and I want to update all of them. Instead of passing 500 distinguished names (DNs), one for each object, it would be much easier to pass a wildcard character as part of the target object name (e.g., *,ou=JusticeLeague,dc=r2demo,dc=test), but unfortunately, Dsmod doesn't support it. However, Windows does support the concept of piping output from one command as the input of another command, which you denote by using the pipe (|) character. Therefore, you can use another command whose output is a list of the DNs of the objects in the specified OU, as the equivalent of the wildcard. For example, to return a lis of all user type objects in the JusticeLeague OU, use the Dsquery command as follows:
and the system would return
Now if you combine the Dsmod and Dsquery commands, as the following example shows, you can perform modifications on all the users in the OU.
Now suppose you want to update only users in a certain group. For that task, you'd use the Dsget command to list all members of a given group and then pipe the output to the Dsmod command, as the following command shows:
When you combine the power of Dsquery and Dsget, you can do far more than with a wildcard character, leading to very granular search outputs that you can use as input to your modification requirements. You're limited only by your skill with the Dsquery and Dsget commands.