Selected topic

Active Directory Management

Administration

Prefer practical output? Use related tools below while reading.

Open developer toolsTry JDE log analyzerUse OFDM simulator

1. Creating and Managing Users

  • Create a new user: New-ADUser -Name "John Doe" -Enabled $true -AccountPassword (ConvertTo-SecureString "password123" -AsPlainText -Force)
  • Get all users: Get-ADUser
  • Update a user's property: Set-ADUser -Identity "John Doe" -Department "IT"
  • Delete a user: Remove-ADUser -Identity "John Doe"

2. Managing Groups

  • Create a new group: New-ADGroup -Name "IT Staff" -GroupScope Global
  • Get all groups: Get-ADGroup
  • Add users to a group: Add-ADGroupMember -Identity "IT Staff" -Members "John Doe", "Jane Doe"
  • Remove a user from a group: Remove-ADGroupMember -Identity "IT Staff" -Members "John Doe"

3. Managing Computers

  • Create a new computer object: New-ADComputer -Name "WIN10-01" -Enabled $true
  • Get all computers: Get-ADComputer
  • Update a computer's property: Set-ADComputer -Identity "WIN10-01" -OperatingSystem Windows 10
  • Delete a computer: Remove-ADComputer -Identity "WIN10-01"

4. Managing OUs

  • Create a new OU: New-ADOrganizationalUnit -Name "IT Staff" -Path "OU=Staff,DC=example,DC=com"
  • Get all OUs: Get-ADOrganizationalUnit
  • Move an object to an OU: Move-ADObject -Identity "John Doe" -TargetPath "OU=IT Staff,DC=example,DC=com"

5. Managing Passwords

  • Set a user's password: Set-ADAccountPassword -Identity "John Doe" -Reset -NewPassword (ConvertTo-SecureString "newpassword123" -AsPlainText -Force)
  • Unlock a locked-out account: Unlock-ADAccount -Identity "John Doe"

6. Managing Group Policy

  • Get all group policy objects: Get-GPObject
  • Link a GPO to an OU: New-GPLink -Name "IT Staff" -Target "OU=Staff,DC=example,DC=com"
  • Remove a GPO link: Remove-GPLink -Identity "IT Staff"

7. Managing AD Replication

  • Get all AD replication errors: Get-ADReplicationError
  • Fix an AD replication error: Repair-ADReplication
These are just some of the administration tasks you can perform using PowerShell for Active Directory management. You can use various cmdlets to manage AD objects, groups, users, computers, and other resources.

Note:

  • Make sure you have the necessary permissions and access rights to perform these actions.
  • Be cautious when modifying or deleting AD objects, as this can cause unintended consequences.
  • Use Get-Help to get more information about each cmdlet and its parameters.
Download PDFBack to topic optionsBack to blog home