Using Powershell with Active Directory

Hint: Enable View > Advanced Features in the AD GUI to view all the properties a user has.

Import the AD Module

Import-Module ActiveDirectory

Add a new AD User

#New-ADUser -Name "<Full Name>" -GivenName "<Firstname>" -Surname "<Lastname>" -SamAccountName "<shortname>" -UserPrincipalName "<email@address.tld>" -Path "OU=Administration,OU=Staff,OU=STARWARS,DC=starwars,DC=com" -AccountPassword(ConvertTo-SecureString "<Password>" -AsPlainText -force) -Enabled $true
New-ADUser -Name "Luke Skywalker" -GivenName "Luke" -Surname "Skywalker" -SamAccountName "lskywalker" -UserPrincipalName "lskywalker@starwars.com" ...

Get an AD User

Get-ADUser <username>

This returns the user data as an Object.

Assign the user to a variable

$user = Get-ADUser <username>

Now you can manipulate or display what ever data you need.

Note: When running from the Powershell cli, you can press <Tab> after the ‘.’ to scroll through the available properties.

Write-Host $user.GivenName

Setting User Properties

Set-ADUser

#Set-ADUser -Identity <SamAccountName> -<property> <NewValue>
Set-ADUser -Identity fbaggins -Surname Roberts

Resetting a Password

Set-ADAccountPassword -Identity <SamAccountName> -Reset -NewPassword(ConvertTo-SecureString -AsPlainText "<NewSecurePassword>" -Force)

Managing Groups

Adding a User to a Group

Add-ADGroupMember

#Add-ADGroupMember -Identity <GroupName> -Members <SamAccountName>
Add-ADGroupMember -Identity Fellowship -Members fbaggins

Removing a user from a group

Remove-ADGroupMember

#Remove-ADGroupMember -Identity <GroupName> -Members <SamAccountName>

Note: Will require confirmation – Are you sure?