63. ActiveDirectory module¶
Note
The below information is extensively based in information taken from the PowerShell® Notes for Professionals book. I plan to extend this information based on my day to day usage of the language.
This topic will introduce you to some of the basic cmdlets used within the Active Directory Module for PowerShell, for manipulating Users, Groups, Computers and Objects.
63.1: Users¶
Retrieve Active Directory User
1 | Get-ADUser -Identity JohnSmith |
Retrieve All Properties Associated with User
1 | Get-ADUser -Identity JohnSmith -Properties * |
Retrieve Selected Properties for User
1 | Get-ADUser -Identity JohnSmith -Properties * | Select-Object -Property sAMAccountName, Name, Mail |
New AD User
1 | New-ADUser -Name "MarySmith" - GivenName "Mary" - Surname "Smith" -DisplayName "MarySmith" -Path "CN=Users,DC=Domain,DC=Local" |
63.2: Module¶
1 2 | #Add the ActiveDirectory Module to current PowerShell Session Import-Module ActiveDirectory |
63.3: Groups¶
Retrieve Active Directory Group
1 | Get-ADGroup -Identity "My-First-Group" #Ensure if group name has space quotes are used |
Retrieve All Properties Associated with Group
1 | Get-ADGroup -Identity "My-First-Group" - Properties * |
Retrieve All Members of a Group
1 2 | Get-ADGroupMember -Identity "My-First-Group" | Select-Object -Property sAMAccountName Get-ADgroup "MY-First-Group" - Properties Members | Select -ExpandProperty Members |
Add AD User to an AD Group
1 | Add-ADGroupMember -Identity "My-First-Group" - Members "JohnSmith" |
New AD Group
1 | New-ADGroup -GroupScope Universal -Name "My-Second-Group" |
63.4: Computers¶
Retrieve AD Computer
1 | Get-ADComputer -Identity "JohnLaptop" |
Retrieve All Properties Associated with Computer
1 | Get-ADComputer -Identity "JohnLaptop" - Properties * |
Retrieve Select Properties of Computer
1 | Get-ADComputer -Identity "JohnLaptop" - Properties * | Select-Object -Property Name, Enabled |
63.5: Objects¶
Retrieve an Active Directory Object
1 2 | #Identity can be ObjectGUID, Distinguished Name or many more Get-ADObject -Identity "ObjectGUID07898" |
Move an Active Directory Object
1 2 | Move-ADObject -Identity "CN=JohnSmith,OU=Users,DC=Domain,DC=Local" - TargetPath "OU=SuperUser,DC=Domain,DC=Local" |
Modify an Active Directory Object
1 | Set-ADObject -Identity "CN=My-First-Group,OU=Groups,DC=Domain,DC=local" -Description "This is My First Object Modification" |