An Active Directory is a database that comprises services. It stores data as objects and categorizes objects by their names and attributes. It functions the same as the internet domain does.

Quick Outline:

PowerShell Active Directory Commands

• Get-ADComputer
• Remove-ADComputer
• Get-ADUser
• Search-ADAccount
• Disable-ADAccount
• Enable-ADAccount
• Unlock-ADAccount
• Set-ADUser
• Get-ADDomain
• Get-ADGroupMember
• Get-ADGroup
• Add-ADGroupMember
• Get-Command

Conclusion

PowerShell Active Directory Commands

An Active Directory permits the users to get access to resources available on a computer.PowerShell has a list of dedicated commands that are designed to manage Active Directory.

1. Get-ADComputer

The Get-AdComputer command gets computers from the Active Directory. It can get an individual or list of computers from the Active Directory.

Example:

This example will select and display all computers in the Active Directory:

To get the list of all computers in the domain, first, place the Get-AdComputer command and specify the asterisk * alongside it.

2. Remove-ADComputer

The Remove-ADComputer command deletes computers from the Active Directory domain. To delete a computer from Active Directory, simply specify that computer using the -Identity parameter.

Example 1:

This example will remove the computer on Active Directory:

According to the above code:

• First, use the Remove-ADComputer cmdlet.
• Then, specify the computer to be deleted using the -Identity parameter.

Example 2:

This example will delete more than one computer:

To delete multiple computers,

• First, utilize the Get-Content cmdlet.
• Then, specify the text file that contains the list of computers to be deleted using the -Path parameter.
• Lastly, pipe the previous code to the Remove-ADComputer cmdlet.

3. Get-ADUser

The Get-ADUser command gets Active Directory users from the domain. It can get specific or all users at once. It displays comprehensive details about the specified Active Directory user.

Example:

This example will select and display the Active Directory users in the domain:

To get the list of all Active Directory users, first, specify the Get-ADUser cmdlet and place an asterisk * along with it.

4. Search-ADAccount

The Search-ADAccount command searches for Active Directory accounts. It can search specified or all Active Directory accounts at once. These accounts include users, computers, or groups.

Example:

This example will search and display all the locked user accounts in the Active Directory domain:

To find the locked user accounts, first, specify the SearchADAccount cmdlet and then specify the -LockedOut parameter.

5. Disable-ADAccount

The Disable-ADAccount command disables one or more Active Directory accounts. It can disable user accounts, computer accounts, or service accounts.

Example:

This example will disable a single Active Directory user account:

To disable a user account, first, place the Disable-ADAccount cmdlet. Then, specify the -Identity cmdlet and assign a username.

6. Enable-ADAccount

The Enable-ADAccount command enables the Active Directory accounts.

Example:

This example will enable an Active Directory user account:

To enable the user account, first, specify the Enable-ADAccount cmdlet. Then, provide the user account to the -Identity flag.

7. Unlock-ADAccount

The Unlock-ADAccount command unlocks the Active Directory accounts. Its core purpose is to restore access to the locked account.

Example:

This example will unlock the specified Active Directory user account:

To unlock an individual user account, first, use the Unlock-ADAccount cmdlet and specify the username to the -Identity parameter.

8. Set-ADUser

The Set-ADUser command configures an Active Directory user. Additionally, it modifies the Active Directory user properties.

Example:

This example will prompt the user to change the password on the next system login:

According to the above code:

• First, use the Set-ADUser cmdlet.
• Then, specify the computer username by using the -Identity parameter.
• After that, use the -ChangePasswordAtLogon parameter and specify the value $true.

9. Get-ADDomain

The Get-ADDomain command displays the Active Directory domain. It gets all the information related to the specified Active Directory domain.

Active Directory Domain: It is a set of connected computers that exchange data with each other.

Example:

This example will get the Active Directory domain and domain information:

10. Get-ADGroupMember

The Get-ADGroupMember command gets the Active Directory group members. These members could be users, computers, or groups.

Example:

This example will get all members of the specified security group in the console:

11. Get-ADGroup

The Get-ADGroup command gets an individual or list of Active Directory groups. It can perform a search to retrieve more than one group from the Active Directory domain.

Example:

This example will get all security groups in an Active Directory domain:

12. Add-ADGroupMember

The Add-ADGroupMember command adds one or more Active Directory members to the group.

Example:

This example will add multiple users to an Active Directory group:

13. Get-Command

The Get-Command command gets the commands associated with the specified modules. It is particularly not an Active Directory command, but it gets the commands associated with the ActiveDirectory module.

Example:

This example will get the Active Directory commands using the Get-Command command:

In the above code:

• First, we placed the Get-Command cmdlet to get the list of commands associated with the module.
• Then, specify the ActiveDirectory value using the -Module parameter.

Conclusion

An Active Directory refers to a database comprising services and processes. Active Directory allows the management of multiple computers from one computer. System admins prefer PowerShell to manage Active Directory operations. PowerShell has a dedicated set of commands to manage the Active Directory operations effectively. Some of the commands include Get-ADComputer, Get-ADUser, Set-ADUser, or Get-ADGroup.