• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Command line NT Domain Controller



Does anyone know of a tool that will allow you to add and remove users from domain groups from the command line? Basically i'm looking to be able to remove users from groups in the login scripts.

Thanks in advance.
You'll have to wait more than two hours for the answer to that one! :) It's not common knowledge. Personally I have no idea.
dsadd--Adds objects to the directory. For more information, see Dsadd.
dsget--Displays properties of objects in the directory. For more information, see Dsget.
dsmod--Modifies select attributes of an existing object in the directory. For more information, see Dsmod.
dsquery--Finds objects in the directory that match a specified search criteria. For more information, see Dsquery.
dsmove--Moves an object from its current location to a new parent location. For more information, see Dsmove.
dsrm--Removes an object, the complete subtree under an object in the directory, or both. For more information, see Dsrm.
The command line tools that may help you are here:


It will require a bit of scripting to get the results you want but these are the tools you need.


Thanks for the info, but this appears to be for use with Active Directory (Windows 2000), which unfortuntely we do not yet have implemented.

We are using the old NT4 'Domain' Structure.
Ah i see, sorry bud.

Erm... im betting on a tool from the resource kit but have never worked much with NT4 so cant help too much.

Maybe UPEDIT or ADDUSERS from the ResKit.

USRTOGRP.EXE can add users to local or global groups from a user specified input text file but i dont know about removing.

Ill see if i can get a solution this has my interest now :D
Automating the Addition of Users and Groups to a Server:


And a forum thread about USRTOGRP.EXE which i mentioned earlier:


USRTOGRP from the NT 4 Resource Kit:



Creates a local or global group IF it doesn't already exist and populates
the new or existing group according to information in the user specified
input text file. This requires admin access to the domain. Usrtogrp will
search the specified domain for the user accounts. If you are manipulating
a local group, usrtogrp will also search trusted domains, so the user
accounts should be specified as just "JohnDoe", not "DomainName\JohnDoe".
This tool is useful for granting users (1000 max per iteration)
membership to a group, especially if you don't know in which trusted domain the user
account is contained. This tool is meant for use with domains containing
Windows NT Advanced Servers. It will not populate groups on your local Windows NT client.

Usage: Usrtogrp.exe
Where: is a text file with the following format:

domain: domainname

localgroup(or globalgroup): groupname





Example: Usrtogrp file.txt
Also mentions net group so take a look at


NET GROUP adds, displays, or modifies global groups on servers. Used
without parameters, it displays the groupnames on the server.


Thanks for the help people, i'm not at work at the moment so I can't do any fiddling.

I'll give these methods a try tomorrow and let you know how I get on.


Members online

No members online now.

Latest posts

Latest profile posts

Hello, is there anybody in there? Just nod if you can hear me ...
What a long strange trip it's been. =)

Forum statistics

Latest member