11 PowerShell commands to use in managing Active Directory
1. Create computer object
New-ADComputer -Name "ComputerName" -SamAccountName "ComputerName" -Path "OU=Computers,DC=Domain,DC=com"
2. Create new security groups
New-ADGroup -Name "Security Group Name" -SamAccountName "SecurityGroupName" -GroupCategory Security -GroupScope Global -DisplayName "Security Group Name" -Path "CN=Groups,DC=Domain,DC=com" -Description "Brief description of the what security group is used for"
3. Create a new user account
New-ADUser -Name "User Account Name" -SamAccountName "UserAccountName" -AccountPassword (ConvertTo-SecureString "password" -AsPlainText -Force) -DisplayName "User Name" -Enabled $True -GivenName "FirstName" -Path "CN=Users,,DC=Domain,DC=com" -Server "controller.domain.com" -Surname "LastName" -UserPrincipalName "username@domain.com"
4. Create a new OU
New-ADOrganizationalUnit -Name "OU Name" -Path "DC=Domain,DC=com"
5. Add/remove users or computer objects to/from groups
Add-ADGroupMember SecurityGroupName -Members Username01 -Server "controller.domain.com" Remove-ADGroupMember SecurityGroupName -Members Username01 -Server "controller.domain.com"
6. Obtain the locally stored password from a computer object
Get-AdmPwdPassword -ComputerName "computer.domain.net"
7. Joining a computer to a domain
Add-Computer -DomainName "domain.com" -Credential Domain\Username -Restart -Force
8. Enable/Disable users, computers, or service accounts
Enable-ADAccount -Identity "ComputerName"
Disable-ADAccount -Identity "Username"
9. Unlock user accounts
Unlock-ADAccount -Identity "Username"
10. Locate disabled computer or user accounts
Search-ADAccount -AccountDisabled | FT Name,ObjectClass
11. Repair a broken trust between a client and the domain
Test-ComputerSecureChannel -Server "controller.domain.com"
No comments