PowerShell

ActiveDirectory module

Introduction#

This topic will introduce you to some of the basic cmdlets used within the Active Directory Module for PowerShell, for manipulating Users, Groups, Computers and Objects.

Remarks#

Please remember that PowerShell’s Help System is one of the best resources you can possibly utilize.

Get-Help Get-ADUser -Full
Get-Help Get-ADGroup -Full
Get-Help Get-ADComputer -Full
Get-Help Get-ADObject -Full

All of the help documentation will provide examples, syntax and parameter help.

Module

#Add the ActiveDirectory Module to current PowerShell Session
Import-Module ActiveDirectory

Users

Retrieve Active Directory User

Get-ADUser -Identity JohnSmith

Retrieve All Properties Associated with User

Get-ADUser -Identity JohnSmith -Properties *

Retrieve Selected Properties for User

Get-ADUser -Identity JohnSmith -Properties * | Select-Object -Property sAMAccountName, Name, Mail

New AD User

New-ADUser -Name "MarySmith" -GivenName "Mary" -Surname "Smith" -DisplayName "MarySmith" -Path "CN=Users,DC=Domain,DC=Local"

Groups

Retrieve Active Directory Group

Get-ADGroup -Identity "My-First-Group" #Ensure if group name has space quotes are used

Retrieve All Properties Associated with Group

Get-ADGroup -Identity "My-First-Group" -Properties *

Retrieve All Members of a Group

Get-ADGroupMember -Identity "My-First-Group" | Select-Object -Property sAMAccountName
Get-ADgroup "MY-First-Group" -Properties Members | Select -ExpandProperty Members

Add AD User to an AD Group

Add-ADGroupMember -Identity "My-First-Group" -Members "JohnSmith"

New AD Group

New-ADGroup -GroupScope Universal -Name "My-Second-Group"

Computers

Retrieve AD Computer

Get-ADComputer -Identity "JohnLaptop"

Retrieve All Properties Associated with Computer

Get-ADComputer -Identity "JohnLaptop" -Properties *

Retrieve Select Properties of Computer

Get-ADComputer -Identity "JohnLaptop" -Properties * | Select-Object -Property Name, Enabled

Objects

Retrieve an Active Directory Object

#Identity can be ObjectGUID, Distinguished Name or many more
Get-ADObject -Identity "ObjectGUID07898"

Move an Active Directory Object

Move-ADObject -Identity "CN=JohnSmith,OU=Users,DC=Domain,DC=Local" -TargetPath "OU=SuperUser,DC=Domain,DC=Local"

Modify an Active Directory Object

Set-ADObject -Identity "CN=My-First-Group,OU=Groups,DC=Domain,DC=local" -Description "This is My First Object Modification"
This modified text is an extract of the original Stack Overflow Documentation created by the contributors and released under CC BY-SA 3.0 This website is not affiliated with Stack Overflow