Skip to content

63. ActiveDirectory module

Note

The below information is extensively based in information taken from the PowerShell® Notes for Professionals book. I plan to extend this information based on my day to day usage of the language.

This topic will introduce you to some of the basic cmdlets used within the Active Directory Module for PowerShell, for manipulating Users, Groups, Computers and Objects.

63.1: Users

Retrieve Active Directory User

1
Get-ADUser -Identity JohnSmith

Retrieve All Properties Associated with User

1
Get-ADUser -Identity JohnSmith -Properties *

Retrieve Selected Properties for User

1
Get-ADUser -Identity JohnSmith -Properties * | Select-Object -Property sAMAccountName, Name, Mail

New AD User

1
New-ADUser -Name "MarySmith" - GivenName "Mary" - Surname "Smith" -DisplayName "MarySmith" -Path "CN=Users,DC=Domain,DC=Local"

63.2: Module

1
2
#Add the ActiveDirectory Module to current PowerShell Session
Import-Module ActiveDirectory

63.3: Groups

Retrieve Active Directory Group

1
Get-ADGroup -Identity "My-First-Group" #Ensure if group name has space quotes are used

Retrieve All Properties Associated with Group

1
Get-ADGroup -Identity "My-First-Group" - Properties *

Retrieve All Members of a Group

1
2
Get-ADGroupMember -Identity "My-First-Group" | Select-Object -Property sAMAccountName
Get-ADgroup "MY-First-Group" - Properties Members | Select -ExpandProperty Members

Add AD User to an AD Group

1
Add-ADGroupMember -Identity "My-First-Group" - Members "JohnSmith"

New AD Group

1
New-ADGroup -GroupScope Universal -Name "My-Second-Group"

63.4: Computers

Retrieve AD Computer

1
Get-ADComputer -Identity "JohnLaptop"

Retrieve All Properties Associated with Computer

1
Get-ADComputer -Identity "JohnLaptop" - Properties *

Retrieve Select Properties of Computer

1
Get-ADComputer -Identity "JohnLaptop" - Properties * | Select-Object -Property Name, Enabled

63.5: Objects

Retrieve an Active Directory Object

1
2
#Identity can be ObjectGUID, Distinguished Name or many more
Get-ADObject -Identity "ObjectGUID07898"

Move an Active Directory Object

1
2
Move-ADObject -Identity "CN=JohnSmith,OU=Users,DC=Domain,DC=Local" - TargetPath
"OU=SuperUser,DC=Domain,DC=Local"

Modify an Active Directory Object

1
Set-ADObject -Identity "CN=My-First-Group,OU=Groups,DC=Domain,DC=local" -Description "This is My First Object Modification"