20 Essential PowerShell Commands for Active Directory Management

Post Views: 2,441

Introduction

Managing an on-prem Active Directory (AD) environment can be challenging, but using PowerShell commands for Active Directory helps simplify many common tasks. Whether it’s Active Directory user management, group handling, or managing organizational units, PowerShell provides powerful tools for automating these tasks. In this blog, we’ll cover 20 essential PowerShell commands that every system administrator should know to streamline Active Directory management with PowerShell.

Why Use PowerShell for Active Directory?

Using PowerShell commands in Active Directory offers several benefits such as speed, automation, and flexibility. Tasks like user creation, password management, and group administration, which would take several steps in the GUI, can be completed with a single command. Additionally, it allows for bulk operations and detailed filtering, making Active Directory management with PowerShell both efficient and scalable.

Also check: Top 50 PowerShell Commands for Daily Use

Prerequisites: Installing the Active Directory PowerShell Module

First, ensure that the Active Directory module for PowerShell is installed:

Install-WindowsFeature -Name RSAT-AD-PowerShell

Import the module using:

Import-Module ActiveDirectory

20 PowerShell Commands for Active Directory Administration

1. Creating a New User in Active Directory

New-ADUser -Name "John Doe" -GivenName "John" -Surname "Doe" -SamAccountName "jdoe" -UserPrincipalName "jdoe@domain.com" -Path "OU=Users,DC=domain,DC=com" -AccountPassword (ConvertTo-SecureString "P@ssw0rd!" -AsPlainText -Force) -Enabled $true

Creates a new user in AD with the necessary attributes.

2. Getting User Details

Get-ADUser -Identity jdoe -Properties *

Retrieves detailed information about a specific user account.

3. Modifying User Attributes

Set-ADUser -Identity jdoe -Title "IT Manager" -Department "IT"

Modifies user attributes like title and department.

4. Resetting User Password

Set-ADAccountPassword -Identity jdoe -NewPassword (ConvertTo-SecureString "NewP@ssw0rd" -AsPlainText -Force)

Resets a user’s password.

5. Disabling a User Account

Disable-ADAccount -Identity jdoe

Disables a user account.

6. Enabling a User Account

Enable-ADAccount -Identity jdoe

Enables a previously disabled user account.

7. Adding a User to a Group

Add-ADGroupMember -Identity "GroupName" -Members jdoe

Adds a user to a specific AD group.

8. Removing a User from a Group

Remove-ADGroupMember -Identity "GroupName" -Members jdoe -Confirm:$false

Removes a user from a group without prompting for confirmation.

9. Listing All AD Users

Get-ADUser -Filter *

Retrieves a list of all users in the Active Directory.

10. Finding Disabled User Accounts

Search-ADAccount -AccountDisabled

Lists all disabled user accounts in AD.

11. Finding Locked-Out User Accounts

Search-ADAccount -LockedOut

Finds all locked-out user accounts in AD.

12. Unlocking a User Account

Unlock-ADAccount -Identity jdoe

Unlocks a locked user account.

13. Moving a User to a Different OU

Move-ADObject -Identity "CN=John Doe,OU=Users,DC=domain,DC=com" -TargetPath "OU=Managers,DC=domain,DC=com"

Moves a user to a different organizational unit (OU).

14. Deleting a User Account

Remove-ADUser -Identity jdoe

Permanently deletes a user account from AD.

15. Listing All AD Groups

Get-ADGroup -Filter *

Lists all Active Directory groups.

16. Creating a New AD Group

New-ADGroup -Name "Managers" -GroupScope Global -GroupCategory Security -Path "OU=Groups,DC=domain,DC=com"

Creates a new security group in AD.

17. Modifying Group Membership

Set-ADGroup -Identity "Managers" -ManagedBy "CN=Admin,OU=Users,DC=domain,DC=com"

Changes the group’s manager.

18. Listing Group Members

Get-ADGroupMember -Identity "GroupName"

Retrieves the members of a specific AD group.

19. Creating an Organizational Unit (OU)

New-ADOrganizationalUnit -Name "IT Department" -Path "DC=domain,DC=com"

Creates a new organizational unit.

20. Getting Group Policy Information

Get-GPO -All

Lists all Group Policy Objects (GPOs) in your domain.

Conclusion

These 20 essential PowerShell commands will help system administrators streamline their Active Directory management with PowerShell. Whether you’re handling Active Directory user management, group membership, or troubleshooting accounts, these commands will make daily tasks faster and more efficient. Take advantage of these PowerShell commands for Active Directory to improve your workflow and automate repetitive tasks.

Also Read: 5 Valid Reasons for Moving to Azure AD Domain Services

External Reference

Microsoft Docs: Active Directory Cmdlets in Windows PowerShell

Microsoft Learn – Active Directory Cmdlets

About
Latest Posts

Ravi Chopra

With 19 years of hands-on experience in the IT industry, I’m passionate about sharing the knowledge I’ve gained across a wide range of technologies. Specializing in Active Directory, Azure, VMware, Windows, and Linux, I am dedicated to empowering IT professionals and enthusiasts with practical insights and solutions.

Whether you’re looking for troubleshooting tips, deep dives into systems architecture, or the latest in cloud computing, I’m here to help you navigate the evolving tech landscape. Let’s connect, learn, and grow together!

📧 ravi.chopra1709@gmail.com