Active DirectoryMicrosoft TechnologiesWindows Server

The DS Commands – DSRM

In today post lets look in to another DS command which we can use to administer active directory. Today command is "DSRM". This command is using to delete object/objects from active directory. when use this command need to be extra careful because when it deletes the object. The new dsrm utility (server 2012) ask for the confirmation before it delete objects. but before it was very dangerous before as it doesnt ask for confirmations.

The command syntax for the command is

dsrm objectDN

Note that dsrm command doesn't takes the object type. it need full DN path for the object. it is actually good as it prevent the data lose that can happen, if we take dsquery if you just enter the command with object type it will list all the records related to that object type. if its same with dsrm it may delete all the objects related to given type. but still we need to be careful when using the DN even specially when you define the containers. if you submit the command with container (OU) it will also delete all the objects inside it and OU it self as well. there for double check the command before you press enter.

DSRM command help file can open using dsrm /? This commands needs to run as administrator in DC server.

dsrm1

Lets look in to some sample commands to use with this command.

As demo i will use dsrm "CN=Sales A,OU=Sales Department,DC=contoso,DC=com" This will remove the User account called "Sales A". lets confirm the object is there before execute the command for verifications.

dsrm2

Lets run the command

dsrm3

As you can see it ask if you are wish to delete this object. type "y" and enter to accept the object removal.

dsrm4

It confirms the object removal. lets go and see if the object is gone from AD.

dsrm5

This confirms its been removed from AD.

DSRM also can pipe with other DS command such as DSquery to run a query and deletes its outcome. for example if i do not know the DN path i can query for user account using dsquery command and then tell it to remove the result objects it gives.

This is the end of this post and lets look in to another DS command in next post.

Related posts
Cyber SecurityMicrosoft Entra IDMicrosoft Technologies

Microsoft Entra lifecycle workflows Part 02 - How to synchronize value for employeeHireDate attribute from on-premises Active Directory ?

In my previous blog post, I explained how we can automate JML (Joiners/Movers/Leavers) process by…
Read more
Azure servicesMicrosoft Entra IDMicrosoft Technologies

Step-by-Step Guide : Automate JML(Joiners/Movers/Leavers) process with Microsoft Entra lifecycle workflows

JML (Joiners/Movers/Leavers) process of an organization has a major impact on its security and…
Read more
Cyber SecurityMicrosoft DefenderMicrosoft Technologies

Microsoft Defender for Identity Part 02 – Create Directory Service Account

In Part 01 of Microsoft Defender for Identity blog series, I have explained about Microsoft Defender…
Read more
Newsletter
Become a Trendsetter

Sign up and get the best of RebelAdmin, tailored for you.

Leave a Reply

Your email address will not be published. Required fields are marked *