Easy PowerShell AD Commands



  • Disable a user account:

    Disable-ADAccount username
    

    Enable a user account"

    Enable-ADAccount username
    

    Unlock a user account:

     Unlock-ADAccount username
    

    Delete a user account:

    Remove-ADUser username
    

    Find all empty groups:

    Get-adgroup -filter * | where {-Not ($_ | get-adgroupmember)} | Select Name
    

    Add a member to a group:

    Add-adgroupmember “groupname” –username
    

    Enumerate the members of a group:

    Get-ADGroupMember “groupname”
    

    See what groups a user account is a member of:

    Get-aduser username -property Memberof | Select -ExpandProperty memberOf
    

    Disable a computer account:

    Disable-ADAccount -Identity “computername“
    

    Find computers by type:

    Get-ADComputer -Filter * -Properties OperatingSystem | Select OperatingSystem -unique | Sort OperatingSystem
    

    Create an organizational unit:

    New-ADOrganizationalUnit -Name OUname -Path “dc=domainname,dc=com”
    

    Create a computer account:

    New-ADComputer -Name username -Path “ou=OUname,dc=DCname,dc=com”
    

    Create a user account:

    New-ADUser -Name username -Path “ou=OUname,dc=DCname,dc=com”


  • Also, in PowerShell, just type:

    Get-Command -Module ActiveDirectory

    Which should list all available AD commands.



  • @scottalanmiller said in Easy PowerShell AD Commands:

    New-ADUser -Name username -Path “ou=OUname,dc=DCname,dc=com”

    Thanks, just added all that to my documentation for reference later



  • One that I love

    Get-ADPrincipalGroupMembership -Identity SOMEUSERNAME | Select name
    

    List all of the groups in which the user is a member.