11 PowerShell commands to use in managing Active Directory

1. Create computer object

New-ADComputer -Name "ComputerName" -SamAccountName "ComputerName" -Path "OU=Computers,DC=Domain,DC=com"

2. Create new security groups

New-ADGroup -Name "Security Group Name" -SamAccountName "SecurityGroupName" -GroupCategory Security -GroupScope Global -DisplayName "Security Group Name" -Path "CN=Groups,DC=Domain,DC=com" -Description "Brief description of the what security group is used for"

3. Create a new user account

New-ADUser -Name "User Account Name" -SamAccountName "UserAccountName" -AccountPassword (ConvertTo-SecureString "password" -AsPlainText -Force) -DisplayName "User Name" -Enabled $True -GivenName "FirstName" -Path "CN=Users,,DC=Domain,DC=com" -Server "controller.domain.com" -Surname "LastName" -UserPrincipalName "username@domain.com"

4. Create a new OU

New-ADOrganizationalUnit -Name "OU Name" -Path "DC=Domain,DC=com"

5. Add/remove users or computer objects to/from groups

Add-ADGroupMember SecurityGroupName -Members Username01 -Server "controller.domain.com" Remove-ADGroupMember SecurityGroupName -Members Username01 -Server "controller.domain.com"

6. Obtain the locally stored password from a computer object

Get-AdmPwdPassword -ComputerName "computer.domain.net"

7. Joining a computer to a domain

Add-Computer -DomainName "domain.com" -Credential Domain\Username -Restart -Force

8. Enable/Disable users, computers, or service accounts

Enable-ADAccount -Identity "ComputerName"

Disable-ADAccount -Identity "Username"

9. Unlock user accounts

Unlock-ADAccount -Identity "Username"

10. Locate disabled computer or user accounts

Search-ADAccount -AccountDisabled | FT Name,ObjectClass

11. Repair a broken trust between a client and the domain

Test-ComputerSecureChannel -Server "controller.domain.com"