Active Directory Powershell Quick Reference
ADVERTISEMENT
1
2Active Directory PowerShell Quick Reference
Active Directory PowerShell Quick Reference
Getting Started
User Account Tasks
Other Cmdlets
Recycle Bin
Add-ADComputerServiceAccount
To enable the ‘AD Recycle Bin’ feature:
To add the Active Directory module:
Get-ADComputerServiceAccount
To see user account details:
Remove-ADComputerServiceAccount
Enable-ADOptionalFeature
'Recycle
Import-Module
activedirectory
Remove-ADServiceAccount
Get-ADUser -Identity
'Joe Bloggs'
Bin Feature'
-Scope
Set-ADServiceAccount
Get a list of AD Commands:
ForestOrConfigurationSet
-Target
To search for a user:
'test.local'
Add-ADDomainControllerPasswordReplicationPolicy
Get-Command -Module
Get-ADAccountResultantPasswordReplicationPolicy
Get-ADUser -Filter
'Name -like
activedirectory
Get-ADDomainControllerPasswordReplicationPolicy
To restore an AD Account from the Recycle Bin
Get-ADDomainControllerPasswordReplicationPolicyUsage
"Joe Bloggs"'
Remove-ADDomainControllerPasswordReplicationPolicy
For help with a cmdlet, type:
Get-ADObject -Filter
Or search for users in a particular OU:
Remove-ADFineGrainedPasswordPolicy
'samaccountname -eq "JoeBloggs"'
Get-Help
Get-ADUser
-Full
Remove-ADFineGrainedPasswordPolicySubject
-IncludeDeletedObjects
|
Restore-
Get-ADUser -Filter
*
-SearchBase
Set-ADFineGrainedPasswordPolicy
ADObject
"OU=Sales,OU=Users,DC=test,DC=loc
Add-ADPrincipalGroupMembership
al"
Forests and Domains
Get-ADPrincipalGroupMembership
Service Accounts
Remove-ADPrincipalGroupMembership
To see Forest details:
To see additional properties, not just the default set:
To see AD Service Accounts:
Disable-ADOptionalFeature
Get-ADForest
test.local
Get-ADUser -Identity
'JoeBlogs'
-
Get-ADOptionalFeature
Get-ADServiceAccount -Filter
*
Properties
Description,Office
To see Domain details:
Get-ADObject
Move-ADObject
To create a new AD Service Account:
To see all the user properties, not just default set:
Get-ADDomain
test.local
New-ADObject
Get-ADUser -Identity
'JoeBloggs'
New-ADServiceAccount -Name
Remove-ADObject
To raise the Forest functional level:
Rename-ADObject
"Service1"
-SamAccountName
-Properties
*
Set-ADObject
"Service1"
-DisplayName
Set-ADForestMode -Identity
To create a new user:
"Service1"
-AccountPassword
test.local
-ForestMode
Set-ADOrganizationalUnit
(Read-Host -AsSecureString
Remove-ADOrganizationalUnit
Windows2008R2Forest
New-ADUser -Name
"Joe Bloggs"
-
"AccountPassword")
-Enabled
$true
SamAccountName
"JoeBloggs"
-
Get-ADUserResultantPasswordPolicy
To raise the Domain functional level:
GivenName
"Joe"
-Surname
"Bloggs"
Remove-ADUser
Install an existing AD service account on the local
-DisplayName
"Joe Bloggs"
-Path
Set-ADDomainMode -Identity
computer and make the required changes so that the
Get-ADAccountAuthorizationGroup
'OU=Users,OU=Sales,DC=test,DC=loc
test.local
-DomainMode
password can be periodically reset by the computer:
Get-ADDomainController
al'
-OtherAttributes
Windows2008R2Domain
Install-ADServiceAccount -
Move-ADDirectoryServer
@{'Title'="Sales
Manager"} -
Identity
'Service1'
AccountPassword
(Read-Host -
Get the rootDSE from the default domain controller:
Remove-ADGroupMember
AsSecureString
"AccountPassword")
Get-ADRootDSE
Uninstall an existing AD service account on the local
-Enabled
$true
Search-ADAccount
computer:
Move FSMO roles:
Set-ADAccountControl
To change the properties of a user:
Uninstall-ADServiceAccount -
Set-ADComputer
Move-
Identity
'Service1'
Set-ADUser
Joe Bloggs
-City
Set-ADDomain
ADDirectoryServerOperationMasterR
Set-ADForest
London
-Remove
ole -Identity
"TESTDC"
-
To reset the AD Service Account password on the
@{otherMailbox="Joe.Bloggs"} -Add
OperationMasterRole
local computer:
@{url="test.local"}
-Replace
PDCEmulator,SchemaMaster
@{title="manager"}
-Clear
Reset-ADServiceAccountPassword -
description
Identity
'Service1'
ADVERTISEMENT
0 votes
Related Articles
Related forms
Related Categories
Parent category: Education