Quick Outline:
PowerShell Active Directory Commands
- Get-ADComputer
- Remove-ADComputer
- Get-ADUser
- Search-ADAccount
- Disable-ADAccount
- Enable-ADAccount
- Unlock-ADAccount
- Set-ADUser
- Get-ADDomain
- Get-ADGroupMember
- Get-ADGroup
- Add-ADGroupMember
- Get-Command
PowerShell Active Directory Commands
An Active Directory permits the users to get access to resources available on a computer.PowerShell has a list of dedicated commands that are designed to manage Active Directory.
1. Get-ADComputer
The Get-AdComputer command gets computers from the Active Directory. It can get an individual or list of computers from the Active Directory.
Example:
This example will select and display all computers in the Active Directory:
To get the list of all computers in the domain, first, place the Get-AdComputer command and specify the asterisk * alongside it.
2. Remove-ADComputer
The Remove-ADComputer command deletes computers from the Active Directory domain. To delete a computer from Active Directory, simply specify that computer using the -Identity parameter.
Example 1:
This example will remove the computer on Active Directory:
According to the above code:
- First, use the Remove-ADComputer cmdlet.
- Then, specify the computer to be deleted using the -Identity parameter.
Example 2:
This example will delete more than one computer:
To delete multiple computers,
- First, utilize the Get-Content cmdlet.
- Then, specify the text file that contains the list of computers to be deleted using the -Path parameter.
- Lastly, pipe the previous code to the Remove-ADComputer cmdlet.
3. Get-ADUser
The Get-ADUser command gets Active Directory users from the domain. It can get specific or all users at once. It displays comprehensive details about the specified Active Directory user.
Example:
This example will select and display the Active Directory users in the domain:
To get the list of all Active Directory users, first, specify the Get-ADUser cmdlet and place an asterisk * along with it.
4. Search-ADAccount
The Search-ADAccount command searches for Active Directory accounts. It can search specified or all Active Directory accounts at once. These accounts include users, computers, or groups.
Example:
This example will search and display all the locked user accounts in the Active Directory domain:
To find the locked user accounts, first, specify the SearchADAccount cmdlet and then specify the -LockedOut parameter.
5. Disable-ADAccount
The Disable-ADAccount command disables one or more Active Directory accounts. It can disable user accounts, computer accounts, or service accounts.
Example:
This example will disable a single Active Directory user account:
To disable a user account, first, place the Disable-ADAccount cmdlet. Then, specify the -Identity cmdlet and assign a username.
6. Enable-ADAccount
The Enable-ADAccount command enables the Active Directory accounts.
Example:
This example will enable an Active Directory user account:
To enable the user account, first, specify the Enable-ADAccount cmdlet. Then, provide the user account to the -Identity flag.
7. Unlock-ADAccount
The Unlock-ADAccount command unlocks the Active Directory accounts. Its core purpose is to restore access to the locked account.
Example:
This example will unlock the specified Active Directory user account:
To unlock an individual user account, first, use the Unlock-ADAccount cmdlet and specify the username to the -Identity parameter.
8. Set-ADUser
The Set-ADUser command configures an Active Directory user. Additionally, it modifies the Active Directory user properties.
Example:
This example will prompt the user to change the password on the next system login:
According to the above code:
- First, use the Set-ADUser cmdlet.
- Then, specify the computer username by using the -Identity parameter.
- After that, use the -ChangePasswordAtLogon parameter and specify the value $true.
9. Get-ADDomain
The Get-ADDomain command displays the Active Directory domain. It gets all the information related to the specified Active Directory domain.
Active Directory Domain: It is a set of connected computers that exchange data with each other.
Example:
This example will get the Active Directory domain and domain information:
10. Get-ADGroupMember
The Get-ADGroupMember command gets the Active Directory group members. These members could be users, computers, or groups.
Example:
This example will get all members of the specified security group in the console:
11. Get-ADGroup
The Get-ADGroup command gets an individual or list of Active Directory groups. It can perform a search to retrieve more than one group from the Active Directory domain.
Example:
This example will get all security groups in an Active Directory domain:
12. Add-ADGroupMember
The Add-ADGroupMember command adds one or more Active Directory members to the group.
Example:
This example will add multiple users to an Active Directory group:
13. Get-Command
The Get-Command command gets the commands associated with the specified modules. It is particularly not an Active Directory command, but it gets the commands associated with the ActiveDirectory module.
Example:
This example will get the Active Directory commands using the Get-Command command:
In the above code:
- First, we placed the Get-Command cmdlet to get the list of commands associated with the module.
- Then, specify the ActiveDirectory value using the -Module parameter.
Conclusion
An Active Directory refers to a database comprising services and processes. Active Directory allows the management of multiple computers from one computer. System admins prefer PowerShell to manage Active Directory operations. PowerShell has a dedicated set of commands to manage the Active Directory operations effectively. Some of the commands include Get-ADComputer, Get-ADUser, Set-ADUser, or Get-ADGroup.
