Easy PowerShell AD Commands

  • Disable a user account:

    Disable-ADAccount username

    Enable a user account"

    Enable-ADAccount username

    Unlock a user account:

     Unlock-ADAccount username

    Delete a user account:

    Remove-ADUser username

    Find all empty groups:

    Get-adgroup -filter * | where {-Not ($_ | get-adgroupmember)} | Select Name

    Add a member to a group:

    Add-adgroupmember “groupname” –username

    Enumerate the members of a group:

    Get-ADGroupMember “groupname”

    See what groups a user account is a member of:

    Get-aduser username -property Memberof | Select -ExpandProperty memberOf

    Disable a computer account:

    Disable-ADAccount -Identity “computername“

    Find computers by type:

    Get-ADComputer -Filter * -Properties OperatingSystem | Select OperatingSystem -unique | Sort OperatingSystem

    Create an organizational unit:

    New-ADOrganizationalUnit -Name OUname -Path “dc=domainname,dc=com”

    Create a computer account:

    New-ADComputer -Name username -Path “ou=OUname,dc=DCname,dc=com”

    Create a user account:

    New-ADUser -Name username -Path “ou=OUname,dc=DCname,dc=com”

  • Also, in PowerShell, just type:

    Get-Command -Module ActiveDirectory

    Which should list all available AD commands.

  • @scottalanmiller said in Easy PowerShell AD Commands:

    New-ADUser -Name username -Path “ou=OUname,dc=DCname,dc=com”

    Thanks, just added all that to my documentation for reference later

  • One that I love

    Get-ADPrincipalGroupMembership -Identity SOMEUSERNAME | Select name

    List all of the groups in which the user is a member.