Easy PowerShell AD Commands

scottalanmiller

Disable a user account:

Disable-ADAccount username

Enable a user account"

Enable-ADAccount username

Unlock a user account:

 Unlock-ADAccount username

Delete a user account:

Remove-ADUser username

Find all empty groups:

Get-adgroup -filter * | where {-Not ($_ | get-adgroupmember)} | Select Name

Add a member to a group:

Add-adgroupmember “groupname” –username

Enumerate the members of a group:

Get-ADGroupMember “groupname”

See what groups a user account is a member of:

Get-aduser username -property Memberof | Select -ExpandProperty memberOf

Disable a computer account:

Disable-ADAccount -Identity “computername“

Find computers by type:

Get-ADComputer -Filter * -Properties OperatingSystem | Select OperatingSystem -unique | Sort OperatingSystem

Create an organizational unit:

New-ADOrganizationalUnit -Name OUname -Path “dc=domainname,dc=com”

Create a computer account:

New-ADComputer -Name username -Path “ou=OUname,dc=DCname,dc=com”

Create a user account:

New-ADUser -Name username -Path “ou=OUname,dc=DCname,dc=com”

Obsolesce

Also, in PowerShell, just type:

Get-Command -Module ActiveDirectory

Which should list all available AD commands.

jmoore

@scottalanmiller said in Easy PowerShell AD Commands:

New-ADUser -Name username -Path “ou=OUname,dc=DCname,dc=com”

Thanks, just added all that to my documentation for reference later

EddieJennings

One that I love

Get-ADPrincipalGroupMembership -Identity SOMEUSERNAME | Select name

List all of the groups in which the user is a member.