Updated March 8, 2023
Introduction to PowerShell Active Directory
Managing the Active Directory is an integral part of windows administrator. It is not possible for an admin to manually add or remove users to an AD. This kind of generic actions needs to be automated, and that is what exactly PowerShell offers. It has a separate module which has cmdlets that let an administrator to carry out these activities. This article will show how PowerShell is used to work with Active Directory and some of the popular cmdlets available in the PowerShell’s Active Directory module.
Installing Active Directory Module
It is important to have the active directory module imported or installed in the machine to get access to the cmdlets. This can be done by downloading the corresponding RSAT package based on the os of the system. Starting from Windows 10, RSAT is part of demand rights and can be activated from the optional features.
Once that is done, the module can be imported as follows:
Import-Module ActiveDirectory
To see the list of cmdlets available in the module.
get-command -module ActiveDirectory
Some of the most commonly used cmdlets are as follows:
| Cmdlet | Use | Example |
| New-ADUser | This is to create a new user in the AD. | New-ADUser -Name “Vignesh” -OtherAttributes @{‘title’=”engineer”;’mail’=”[email protected]”}. |
| New-ADGroup | This cmdlet is used to create an Active Directory group. | New-ADGroup -Name “tested group” -SamAccountName testadmin -GroupCategory Security -GroupScope Global -DisplayName “o365 admin” -Path “CN=Users,DC=admin,DC=Com” -Description “this is a test group”. |
| New-ADOrganizationalUnit | This cmdlet is used to create a new organizational unit. | New-ADOrganizationalUnit -Name “testaccounts” -Path “DC=test,DC=COM”. |
| Add-ADGroupMember | To add users to an Active Directory group. | Add-ADGroupMember -Identity testadgorup -Members Vignesh,arun,vyapini. |
| Remove-ADGroupMember | To remove users from an active directory group. | Remove-ADGroupMember -Identity testadgroup -Members Vignesh,nandhini,vyapini. |
| Add-Computer | This cmdlet is used to join a computer to a specific domain. | Add-Computer -DomainName testdomain -Restart. |
| Enable-ADAccount | This cmdlet is used to enable a user or service account in the active directory. | Enable-ADAccount -Identity “vignesh”. |
| Disable-ADAccount | This cmdlet is used to disable a user or service in the active directory. | Disable-ADAccount -Identity “vignesh”. |
| Unlock-ADAccount | This cmdlet is used to unlock locked out accounts. | Unlock-ADAccount -Identity “vignesh”. |
| Search-ADAccount | This cmdlet is used to search for accounts based on condition. | Search-ADAccount -AccountDisabled -UsersOnly.
The above cmdlet will retrieve only the user accounts disabled. |
| Test-ComputerSecureChannel | This cmdlet is used to test and repair the connecting channel between the domain and the client system. | Test-ComputerSecureChannel-Server “test.com”. |
Examples of PowerShell Active Directory
Given below are the examples of PowerShell Active Directory:
Example #1
Add users to Active Directory.
Code:
Write-Host "Welcome to the example of creating users in Active Directory"
$csv=Import-Csv -Path "C:\vignesh\test.csv"
foreach($row in $cvs)
{
$prop = @{
'GivenName' = $row.Gname
'Surname' = $row.Sname
'Name' = $row.Name
'AccountPassword' = (ConvertTo-SecureString 'p@$$123345' -AsPlainText -Force)
'ChangePasswordAtLogon' = $true
}
New-AdUser @prop
Write-Host "User is added to Ad" -ForegroundColor Green
}
The above script will read the user properties from a csv file and create the users in AD.
Output:
Example #2
Adding and removing users from AD Groups.
Code:
Write-Host "Welcome to the example of adding users to Active Directory"
$csv=Import-Csv -Path "C:\vignesh\test.csv"
foreach($row in $cvs)
{
if($row.ISadd -eq "true")
{
Add-AdGroupMember -Identity $row.GroupName -Members $row.Member
Write-Host "User is added to the AD Group" -ForegroundColor Green
}
else
{
Remove-AdGroupMember -Identity $row.GroupName -Members $row.Member
Write-Host "User is removed from the Active Directory Group" -ForegroundColor Red
}
}
Output:
Example #3
Code:
Write-Host "Welcome to the example of Enabling an Active Directory Account"
Enable-ADAccount -Identity "vignesh"
Write-Host "Success: The account vignesh is enabled" -ForegroundColor Green
Enable-ADAccount -Identity "Nandhini"
Write-Host "Success: The account Nandhini is enabled" -ForegroundColor Green
Enable-ADAccount -Identity "Vyapini"
Write-Host "Success: The account vyapini is enabled" -ForegroundColor Green
Enable-ADAccount -Identity "vijay"
Write-Host "Success: The account vijay is enabled" -ForegroundColor Green
Write-Host "Welcome to the example of disbaling an Active Directory Account"
Disable-ADAccount -Identity "vignesh"
Write-Host "Success: The account vignesh is disabled" -ForegroundColor Red
Disable-ADAccount -Identity "Nandhini"
Write-Host "Success: The account Nandhini is disabled" -ForegroundColor Red
Disable-ADAccount -Identity "Vyapini"
Write-Host "Success: The account vyapini is disabled" -ForegroundColor Red
Disable-ADAccount -Identity "vijay"
Write-Host "Success: The account vijay is disabled" -ForegroundColor Red
Write-Host "Welcome to the example of unlocking an Active Directory Account"
Unlock-ADAccount -Identity "sethu"
Write-Host "Success: The account sethu is disabled" -ForegroundColor Yellow
Unlock-ADAccount -Identity "krish"
Write-Host "Success: The account krish is disabled" -ForegroundColor Yellow
Unlock-ADAccount -Identity "siva"
Write-Host "Success: The account siva is disabled" -ForegroundColor Yellow
Unlock-ADAccount -Identity "madhavan"
Write-Host "Success: The account madhavan is disabled" -ForegroundColor Yellow
Output:
Example #4
Code:
Write-Host "Welcome to the example of Removing an Active Directory Account"
Remove-ADUser -Identity "vignesh"
Write-Host "Success: The account vignesh is removed" -ForegroundColor Red
Remove-ADUser -Identity "Nandhini"
Write-Host "Success: The account Nandhini is Removed" -ForegroundColor Red
Remove-ADUser -Identity "Vyapini"
Write-Host "Success: The account vyapini is Removed" -ForegroundColor Red
Remove-ADUser -Identity "vijay"
Write-Host "Success: The account vijay is removed" -ForegroundColor Red
Write-Host "Example of resetting users password"
$newpass=Read-Host "Please Enter the passowrd to be used" -AsSecureString
Set-ADAccountPassword -Identity "Vignesh" -NewPassword $newpass -Reset
Write-Host "Password is reset for vignesh successfully" -ForegroundColor Green
Set-ADAccountPassword -Identity "Nandhini" -NewPassword $newpass -Reset
Write-Host "Password is reset for Nandhini successfully" -ForegroundColor Green
Set-ADAccountPassword -Identity "Vyapini" -NewPassword $newpass -Reset
Write-Host "Password is reset for Vyapini successfully" -ForegroundColor Green
Write-Host "Example of creating a new AD Group"
New-ADGroup -Name "test Admins" -SamAccountName testadmins -GroupCategory Security -GroupScope Global -DisplayName "testadmins" -Path "CN=Users,DC=test,DC=Com" -Description "test"
Write-Host "new test ad group is created" -ForegroundColor Magenta
New-ADGroup -Name "test Admins1" -SamAccountName testadmins1 -GroupCategory Security -GroupScope Global -DisplayName "testadmins1" -Path "CN=Users,DC=test,DC=Com" -Description "test1"
Write-Host "new test ad group1 is created" -ForegroundColor Magenta
New-ADGroup -Name "test Admins2" -SamAccountName testadmins2 -GroupCategory Security -GroupScope Global -DisplayName "testadmins2" -Path "CN=Users,DC=test,DC=Com" -Description "test2"
Write-Host "new test ad group2 is created" -ForegroundColor Magenta
Write-Host "Demo of creating new OU Group"
New-ADOrganizationalUnit -Name "testou1" -Path "DC=test,DC=com"
Write-Host "testou1 is created" -ForegroundColor Yellow
New-ADOrganizationalUnit -Name "testou2" -Path "DC=test,DC=com"
Write-Host "testou2 is created" -ForegroundColor Yellow
New-ADOrganizationalUnit -Name "testou3" -Path "DC=test,DC=com"
Write-Host "testou3 is created" -ForegroundColor Yellow
Output:
Conclusion
Thus, the article covered in detail about how to use PowerShell to connect with AD. We also saw in detail about few of the commonly used AD module cmdlets along with examples. Sample scripts were shown to perform the most common automated tasks.
Recommended Articles
This is a guide to PowerShell Active Directory. Here we discuss the introduction, installing active directory module and examples, respectively. You may also have a look at the following articles to learn more –
