BLOGS

/

ACTIVE DIRECTORY

ACTIVE DIRECTORY

ACTIVE DIRECTORY

Useful PowerShell Commands for Active Directory Management

Explore essential PowerShell cmdlets for efficient Active Directory management, automating tasks, & enforcing policies.

Explore essential PowerShell cmdlets for efficient Active Directory management, automating tasks, & enforcing policies.

Wednesday, 14 August, 2024

Active Directory - Cyberware Hub
Active Directory - Cyberware Hub
Active Directory - Cyberware Hub

Active Directory (AD) management using PowerShell is a critical capability for system administrators, particularly in large and complex environments. PowerShell offers a wide array of cmdlets that simplify and automate the management of AD objects such as users, groups, computers, and organizational units (OUs). With these cmdlets, administrators can efficiently perform tasks, enforce security policies, and maintain consistency across the network.

Below is a comprehensive breakdown of key PowerShell commands and their applications in Active Directory management:

1. Get-ADUser
Get-ADUser -Identity username
Get-ADUser -Filter * -Property DisplayName, EmailAddress | Select-Object DisplayName, EmailAddress

2. Get-ADGroup
Get-ADGroup -Identity "GroupName"

3. Get-ADComputer
Get-ADComputer -Filter *

4. Get-ADOrganizationalUnit
Get-ADOrganizationalUnit -Filter *

5. New-ADUser
New-ADUser -Name "John Doe" -GivenName "John" -Surname "Doe" -SamAccountName jdoe -UserPrincipalName jdoe@domain.com -Path "OU=Users,DC=domain,DC=com"
6. Set-ADUser
Set-ADUser -Identity jdoe -Title "Manager"

7. Remove-ADUser
Remove-ADUser -Identity jdoe

8. Add-ADGroupMember
Add-ADGroupMember -Identity "GroupName" -Members jdoe

9. Remove-ADGroupMember
Remove-ADGroupMember -Identity "GroupName" -Members jdoe

10. Get-ADDomainController
Get-ADDomainController -Filter


11. Get-ADGroupMember
Get-ADGroupMember -Identity "GroupName"

12. Unlock-ADAccount
Unlock-ADAccount -Identity jdoe

13. Enable-ADAccount
Enable-ADAccount -Identity jdoe

14. Disable-ADAccount
Disable-ADAccount -Identity jdoe

15. Search-ADAccount
Search-ADAccount -LockedOut
16. Get-ADReplicationPartnerMetadata
Get-ADReplicationPartnerMetadata -Target "DCName"

17. New-ADGroup
New-ADGroup -Name "NewGroup" -GroupScope Global -GroupCategory Security -Path "OU=Groups,DC=domain,DC=com"

18. Set-ADGroup
Set-ADGroup -Identity "GroupName" -Description "Updated description"

19. Get-ADObject
Get-ADObject -Filter 'Name -like "*John*"'

20. Move-ADObject
Move-ADObject -Identity "CN=John Doe,OU=OldOU,DC=domain,DC=com" -TargetPath "OU=NewOU,DC=domain,DC=com"
21. Get-ADSite
Get-ADSite -Filter *

22. Get-ADUser -LockedOut
Get-ADUser -Filter {LockedOut -eq $True}

23. Get-ADFineGrainedPasswordPolicy
Get-ADFineGrainedPasswordPolicy -Filter *

24. New-ADOrganizationalUnit
New-ADOrganizationalUnit -Name "NewOU" -Path "DC=domain,DC=com"

25. Get-ADUserResultantPasswordPolicy
Get-ADUserResultantPasswordPolicy -Identity jdoe

Happy Hunting !!