Windows AD {Active Directory} (PowerShell) samples

Posted on by VirtuallyThatGuy

You will need to have RSAT (Remote Server Administration Tools) installed For Windows 7 and above. This enables your local machine to remotely manage Windows Servers and Services via the usual MMC GUI’s (eg AD Users and Computers) and (most importantly) includes PowerShell modules in order to be able to do so as well.

Once installed go to Control Panel | Programs | Turn Windows features on or off and enable the PowerShell module, full path as follows…

  • Remote Server Administration Tools | Role Administration Tools | Active Directory Module for Windows PowerShell

In order to be able access the PowerShell Active Directory CmdLets, import the AD module into your PowerShell session…

## Active Directory
Import-Module ActiveDirectory

$cred = Get-Credential                                                        # Create a credential object, the command will ask for your user/pass
Add-ADGroupMember -Identity $Group -Members $Users -Credential $cred          # Add $users to $Group, using $cred credentials

# Alternatively do it all in the same command
Add-ADGroupMember -Identity $Group -Members $Users -Credential (Get-Credential)

## Group Policy
Import-Module GroupPolicy

## Get-ADUser examples
$users = Get-ADUser -Filter * -SearchBase "DC=domain,DC=com"                           # Get all users in domain.com
$user = Get-ADUser -Filter {SamAccountName -eq "username"}                             # Get user by logon/SAM account name
$user = Get-ADUser -Filter {SamAccountName -eq "username"} -Properties *               # Get all properties for user
$user = Get-ADUser -Filter {{Surname -eq "last" -and GivenName -eq "first"}}           # Get user by first and last names
$users = Get-ADUser -Filter * -SearchBase "OU=London,OU=Users,DC=EU,DC=domain,DC=com"  # Get users in London OU



## To create a CSV export of fields from AD...
$users = Get-ADUser -Filter * -SearchBase "DC=DOMAIN,DC=COM" -Properties Enabled, CanonicalName, Country, Created, LastLogonDate, mail
$users | Select-Object Name, Enabled, CanonicalName, Country, Created, LastLogonDate, mail | export-csv -Path users.csv

## Distinguished name 
$users = Get-ADUser -Filter * | Where-Object {$_.DistinguishedName -like "*,CN=OuFolder,*"}

## New-ADUser examples
# Create default new users password
$UsrPwd = ConvertTo-SecureString -String $BssUsrPassword -AsPlainText -Force

# Destination OU for new user
$DstPath = "OU=department,DC=domain,DC=com"

# Create new user
$Usr = New-ADUser -Name $LogonName -GivenName $firstname -Surname $lastname -Description $desc -AccountPassword $UsrPwd -ChangePasswordAtLogon $true -Path $DstPath  -PassThru

# Make user account active 
Set-ADUser $Usr -ChangePasswordAtLogon $true -Enabled $true

## Remove AD User 
Remove-ADUser -Identity $user -Confirm:$false                   # $user retrieved from Get-ADUser, -Confirm:$false prevents confirmation prompt

Leave a Reply

Your email address will not be published. Required fields are marked *