Active Directory with PowerShell
passthru parameter is used to return the user object after creation of the account. dom
If this parameter is not specified, the cmdlet will not show any output after successful creation of the object ide
Import-Module ActiveDirectoryoop
(Get-Command -Module ActiveDirectory).Countthis
Installing the Active Directory module
New-ADUser -Name gan
Get-Help New-ADUser -Detailed
$Password = Read-Host "Enter the password that you want to set" - AsSecureString
New-ADUser -Name James -Surname "Tang" -GivenName "James" - EmailAddress james@afd.ink -SamAccountName "james" - AccountPassword $password -DisplayName "James Tang" -Department "Sales" -Country "CN" -City "Ningbo" -Path "OU=NOS,DC=afd,DC=ink" -Enabled $true -PassThru
Get-ADUser -Identity James -Properties *
Creating bulk user accounts
$Password = Read-Host "Enter the password that you want to set" - AsSecureStringspa
1..100 | foreach { New-ADUser -Name "Labuser$_" -AccountPassword $password -Path "OU=LAB,DC=afd,DC=ink"}code
$Users = Import-CSV <path of the saved CSV file> $Users | Format-Table
foreach($User in $Users) {
New-ADUser -Name $User.LoginName -Surname $User.LastName - GivenName $User.FirstName -EmailAddress $User.Email - SamAccountName $User.LoginName -AccountPassword $Password - DisplayName $User.DisplayName -Country $User.Country -City $User.City -Path "OU=LAB,DC=afd,DC=ink" -Enabled $true -PassThru
}
Modifying user properties
Get-ADUser -Filter {Name -eq "gazh" }orm
Get-ADUser -Filter {Name -eq "gazh" } -Property *server
Get-ADUser -Filter {Name -like "ga*" }blog
Get-ADUser -Filter * -SearchBase "OU=LAB,dc=afd,dc=ink"ip
Get-ADUser -Filter * -SearchBase "OU=NIPC Users,OU=Managed Users,OU=Nipc Lan,DC=nipc,DC=com,DC=cn"
Get-ADUser -Filter * -SearchBase "OU=NIPC Users,OU=Managed Users,OU=Nipc Lan,DC=nipc,DC=com,DC=cn" |foreach {Set-ADUser -Identity $_.SamAccountName -UserPrincipalName($_.SamAccountName+"@nip.com.cn")}
$UserObj = Get-ADUser -Filter {Name -eq "zhiyan gan" } -Properties *
$UserObj.Description
$userObj.Description.GetType()
Set-ADUser -Identity $UserObj -Description "Added new description via PowerShell"
$UserName = "ChrisB"
$NewDescription = "Delete this account after November"
$UserObj = Get-ADUser -Filter {Name -eq $UserName} -Properties *
Write-Host "Current description is : $($UserObj.Description)"
Set-ADUser -Identity $UserObj -Description $NewDescription
$UserObj = Get-ADUser -Filter {Name -eq $UserName} -Properties *
Write-Host "New description is : $($UserObj.Description)"
Get-ADUser -Identity ChrisB -Properties * | select HomePhone, OfficePhone, mobile
$OfficeNumber = "+65 12345678" $HomeNumber = "+65 87654321" $MobileNumber = "+65 13578642"
Set-ADUser -Identity ChrisB -OfficePhone $OfficeNumber -HomePhone $HomeNumber -MobilePhone $MobileNumber
Set-ADUser -Identity ChrisB -Clear telephonenumber, homephone, mobile
Set-ADUser -Identity ChrisB -Add @{telephonenumber = $OfficeNumber; homephone = $HomeNumber ; mobile = $MobileNumber }
Set-ADUser cmdlet has parameters that can set these phone numbers. If the attribute that you are trying to set is not available as a parameter to the cmdlet then you can use the -Add parameter to directly specify the attribute name and the value. Similarly, you can use other parameters such as -Replace and -Clear to work with attributes directly.
Set-ADUser -Identity ChrisB -Clear telephonenumber, homephone, mobile
Set-ADUser -Identity ChrisB -Add @{telephonenumber = $OfficeNumber; homephone = $HomeNumber ; mobile = $MobileNumber }
we can extend this logic to multiple users using a for loop in PowerShell. Before doing this, store the user names and numbers
you want to set in a CSV file and import it into PowerShell. The following screenshot shows how the contents of the CSV look:
$Users = Import-CSV c:\temp\usersPhoneNumbers.csv
foreach($User in $Users) {
Set-ADUser -Identity $User.UserName -OfficePhone $User.OfficeNumber -HomePhone $User.HomeNumber -MobilePhone $User.MobileNumber
}
Enabling or disabling user accounts
Enable-ADAccount: This cmdlet is used for enabling Active Directory user, computer, or service account objectsDisable-ADAccount: This cmdlet is used for disabling Active Directory user, computer, or service account objects
Disable-ADAccount -Identity ChrisB -Passthru
Get-ADUser -SearchBase "OU=LAB,DC=techibee,DC=AD" -Filter * | Disable-ADAccount
Get-Content C:\temp\users.txt | % { Disable-ADAccount -Identity $_ }
Get-ADUser -Filter 'Department -eq "sales"' | Disable-ADAccount
Moving user accounts to another OU
Move-ADObject -Identity "CN=ChrisB,OU=LAB,DC=techibee,DC=ad" - TargetPath "OU=Singapore,OU=LAB,DC=Techibee,DC=ad"
Moving all users from LAB OU to PROD OU
Get-ADUser -Filter * -SearchBase "OU=LAB,DC=techibee,DC=ad" | Move-ADObject -TargetPath "OU=Prod,DC=techibee,DC=ad"
Get-ADUser -Filter 'department -eq "Sales"' | Move-ADObject -TargetPath "OU=Sales,OU=PROD,DC=techibee,DC=AD"
Deleting user accounts
Remove-ADUser -Identity ChrisB
Remove-ADUser -Identity ChrisB -Confirm:$false
Get-Content C:\temp\users.txt | % { Remove-ADUser -Identity $_ - Confirm:$false}
Managing computer accounts
Creating computer accounts
Get-Help New-ADComputer -Full
New-ADComputer -Name SRVMEM2 -PassThru
New-ADComputer -Name SRVMEM2 -Path "OU=Computers,OU=PROD,DC=techibee,DC=AD" -PassThru
New-ADComputer -Name SRVMEM2 -Path "OU=Computers,OU=PROD,DC=techibee,DC=AD" -Enabled $false -PassThru
Set-ADComputer –identity SRVMEM1 –description "Member Server"
Moving computer accounts to a different OU
Move-ADObject -Identity "CN=SRVMEM1,CN=Computers,DC=techibee,DC=ad" - TargetPath "OU=Computers,OU=PROD,DC=techibee,DC=ad" -PassThru
Get-ADComputer -Filter "name -eq 'SRVMEM1'" | Move-ADObject - TargetPath "OU=Computers,OU=PROD,DC=techibee,DC=ad" -PassThru
Get-ADComputer -Filter "description -like '*server*'" | Move-ADObject -TargetPath "OU=Computers,OU=PROD,DC=techibee,DC=ad" -PassThru
Get-ADComputer -Identity COMP1 | Enable-ADAccount
Get-ADComputer -Filter "*" -SearchBase "OU=Computers,OU=PROD,DC=techibee,DC=ad" | Enable-ADAccount - PassThru
you can use filters in conjunction with the Get-ADComputer or Search-ADAccount cmdlets
Get-ADComputer -Filter "*" -SearchBase "OU=Computers,OU=PROD,DC=techibee,DC=ad" | Disable-ADAccount - PassThru
Deleting computer accounts
Remove-ADComputer -Identity COMP1
most common use case is searching for computers older than x days and removing them. You can achieve this using the following command:
$Computers = Get-ADComputer -Filter * -Properties LastLogonDate | ? {$_.LastLogonDate -lt (get-date).Adddays(-10) }
$Computers | Remove-ADComputer
Get-ADComputer –filter 'Location –eq "OFFICE1"' | Remove-ADComputer – confirm:$false
Get-ADComputer –SearchBase "OU=DisabledComp,DC=techibee,DC=ad" | Remove-ADComputer –confirm:$false
Creating different types of security groups
New-ADGroup -Name "Test Group1" -Path "OU=Groups,OU=Prod,DC=techibee,DC=ad" -groupScope domainlocal
New-ADGroup -Name "Test Group Global" -Path "OU=Groups,OU=Prod,DC=techibee,DC=ad" -groupScope global
New-ADgroup -Name "Test Group Universal" -Path "OU=Groups,OU=Prod,DC=techibee,DC=ad" -groupScope universal
Searching and modifying group object information
Get-ADGroup -Filter * | select Name
Get-ADGroup -Filter "Name -eq 'Test Group1'"
Get-ADGroup -LDAPFilter "(Name=Test Group1)"
Get-ADGroup -Filter {Name -like '*test*'}
Get-ADGroup -Filter {Name -like '*test*' -or Name -like '*Domain*'}
$Groups = Get-Content c:\temp\Groups.txt
foreach($Group in $Groups) {
$GroupObj = Get-ADGroup -Filter {Name -eq $Group}
if($GroupObj) {
"{0} : Group Found" -f $Group
} else {
"{0} : Group NOT Found" -f $Group
}
}
Get-ADGroup -Filter {Name -eq "TestGroup" } | Set-ADGroup - Description "This Group Created for testing purpose only"
Get-ADGroup -Filter {Name -like "*Test*" } | Set-ADGroup - Description "This Group is created for testing purpose"
Get-ADGroup -Filter {Name -eq "TestGroup" } | Set-ADGroup
Get-ADGroup -Identity TestGroup | select Name, GroupCategory, GroupScope
Get-ADGroup -Filter {Name -like "*Test*" } | Set-ADGroup - GroupCategory Distribution
Adding members to a group
Add-ADGroupMember –Identity "Group1-Read" –Members LabUser1
Add-ADGroupMember –Identity "Group1-Read" –Members LabUser1,LabUser2,LabUser3
"TestGroup","Group1-Read" | % {Add-ADGroupMember -Identity $_ - Members LabUser3 }
$Users = Get-Content C:\temp\users.txt Add-ADGroupMember -Identity TestGroup -Members $Users
$Users = Get-ADUser -SearchBase "OU=LAB,DC=techibee,dc=ad" -Filter {objectclass -eq "User" }
Add-ADGroupMember -Identity TestGroup -Members $Users
$members = Get-ADGroupMember -Identity TestGroup Add-ADGroupMember -Identity TestGroup-Copy -Members $members
Adding computer accounts to groups
- 1. active directory powershell
- 2. WindowsServer 2008 R2 Active Directory PowerShell
- 3. AD-Powershell for Active Directory Administrators
- 4. Active Directory PowerShell模塊收集AD信息
- 5. Active Directory回收站
- 6. Managing an Active Directory Environment With Thousands of Subnets
- 7. Active Directory管理
- 8. Active Directory: SYSVOL and NETLOGON
- 9. Remove CA from Active Directory
- 10. 查詢Active Directory
- 更多相關文章...
- • PHP 5 Directory 函數 - PHP參考手冊
- • XSLT
- • 爲了進字節跳動,我精選了29道Java經典算法題,帶詳細講解
- • 算法總結-股票買賣
-
每一个你不满意的现在,都有一个你没有努力的曾经。
- 1. active directory powershell
- 2. WindowsServer 2008 R2 Active Directory PowerShell
- 3. AD-Powershell for Active Directory Administrators
- 4. Active Directory PowerShell模塊收集AD信息
- 5. Active Directory回收站
- 6. Managing an Active Directory Environment With Thousands of Subnets
- 7. Active Directory管理
- 8. Active Directory: SYSVOL and NETLOGON
- 9. Remove CA from Active Directory
- 10. 查詢Active Directory