Active DirectoryMicrosoft TechnologiesWindows Server

The DS Commands – DSRM

In today post lets look in to another DS command which we can use to administer active directory. Today command is "DSRM". This command is using to delete object/objects from active directory. when use this command need to be extra careful because when it deletes the object. The new dsrm utility (server 2012) ask for the confirmation before it delete objects. but before it was very dangerous before as it doesnt ask for confirmations.

The command syntax for the command is

dsrm objectDN

Note that dsrm command doesn't takes the object type. it need full DN path for the object. it is actually good as it prevent the data lose that can happen, if we take dsquery if you just enter the command with object type it will list all the records related to that object type. if its same with dsrm it may delete all the objects related to given type. but still we need to be careful when using the DN even specially when you define the containers. if you submit the command with container (OU) it will also delete all the objects inside it and OU it self as well. there for double check the command before you press enter.

DSRM command help file can open using dsrm /? This commands needs to run as administrator in DC server.

dsrm1

Lets look in to some sample commands to use with this command.

As demo i will use dsrm "CN=Sales A,OU=Sales Department,DC=contoso,DC=com" This will remove the User account called "Sales A". lets confirm the object is there before execute the command for verifications.

dsrm2

Lets run the command

dsrm3

As you can see it ask if you are wish to delete this object. type "y" and enter to accept the object removal.

dsrm4

It confirms the object removal. lets go and see if the object is gone from AD.

dsrm5

This confirms its been removed from AD.

DSRM also can pipe with other DS command such as DSquery to run a query and deletes its outcome. for example if i do not know the DN path i can query for user account using dsquery command and then tell it to remove the result objects it gives.

This is the end of this post and lets look in to another DS command in next post.

Related posts
Azure servicesMicrosoft Entra IDMicrosoft Technologies

Step-by-Step Guide: Configure Entra ID lifecycle workflow to trigger mover task on user profile changes

The Entra ID lifecycle workflow is a feature of Microsoft Entra ID identity governance and Microsoft…
Read more
Cyber SecurityMicrosoft Entra IDMicrosoft Technologies

Step-by-Step Guide: How to setup Entra ID Restricted management Administrative Units ?

In my previous blog post, I discussed what Entra ID Administrative Units are and how they can be…
Read more
Microsoft Entra IDMicrosoft Technologies

Step-by-Step Guide: How to setup Entra ID Administrative Units ?

If you have worked with Microsoft Active Directory before, you may be familiar with…
Read more
Newsletter
Become a Trendsetter

Sign up and get the best of RebelAdmin, tailored for you.

Leave a Reply

Your email address will not be published. Required fields are marked *