Active Directory Domain Services - Command Reference

Applies To: Windows Server 2008

   Active Directory Domain Services (AD DS) command-line tools are built into Windows Server 2008. They are available if you have the AD DS or Active Directory Lightweight Directory Services (AD LDS) server role installed. To use these tools, you must run them from an elevated command prompt. To open an elevated command prompt, click Start, right-click Command Prompt, and then click Run as administrator.

• Adprep - Extends the Active Directory schema and updates permissions as necessary to prepare a forest and domain for a domain controller that runs the Windows Server 2008 operating system.
• Csvde - Imports and exports data from Active Directory using files that store data in the comma-separated value (CSV) format. You can also support batch operations based on the CSV file format standard.
• Dcdiag - Analyzes the state of domain controllers in a forest or enterprise and reports any problems to help in troubleshooting.
• Dcpromo - Installs and removes Active Directory Domain Services (AD DS).
• Dsacls - Displays and changes permissions (access control entries) in the access control list (ACL) of objects in AD DS.
• Dsadd - Adds specific types of objects to the directory.
• Dsamain - Exposes Active Directory data that is stored in a snapshot or backup as a Lightweight Directory Access Protocol (LDAP) server.
• Dsdbutil - Provides database utilities for Active Directory Lightweight Directory Services (AD LDS).
• Dsget - Displays the selected properties of a specific object in the directory.
• Dsmgmt - Provides management facilities for Active Directory Lightweight Directory Services (AD LDS).
• Dsmod - Modifies an existing object of a specific type in the directory.
• Dsmove - Moves a single object in a domain from its current location in the directory to a new location or renames a single object without moving it in the directory tree.
• Dsquery - Queries AD DS according to specified criteria.
• Dsrm - Deletes an object of a specific type or any general object from the directory.
• Ldifde - Creates, modifies, and deletes directory objects on computers running Windows Server 2003 or Windows XP Professional operating systems.
• Ldp - Makes it possible for users to perform operations against an LDAP-compatible directory, such as AD DS. These operations include connect, bind, search, modify, add, and delete.
• Netdom - Makes it possible for administrators to manage Windows Server 2003 and Windows 2000 domains and trust relationships from a command prompt.
• Net computer - Adds or deletes a computer from a domain database.
• Net group - Adds, displays, or modifies global groups in domains.
• Net user - Adds or modifies user accounts, or displays user account information.
• Nltest - Performs network administrative tasks.
• Ntdsutil - Provides management facilities for AD DS.
• Redircmp - Redirects the default container for newly created computers to a specified target organizational unit (OU) so that newly created computer objects are created in the specific target OU instead of in CN=Computers.
• Redirusr - Redirects the default container for newly created users to a specified target OU so that newly created user objects are created in the specific target OU instead of in CN=Users.
• Repadmin - Makes it possible for administrators to diagnose Active Directory replication problems between domain controllers running Windows operating systems.
• Setspn - Makes it possible for administrators to read, modify, and delete the Service Principal Names (SPN) directory property for an Active Directory service account.

Ref: http://technet.microsoft.com/en-us/library/cc771131%28WS.10%29.aspx