Professional Documents
Culture Documents
The New-ADUser cmdlet is for creating new AD users. You can optionally
specify where to create new users with the -Path parameter. In the example
below, the new user will be created in the Accounts Organizational Unit (OU).
The -Server parameter is also optional. It is used to determine on which
domain controller (DC) the new user will be created. Note that you cannot
specify a password in plaintext in the -AccountPassword parameter. You must
convert it to a secure string using the ConvertTo-SecureString cmdlet.
PowerShell
New-ADUser -DisplayName:"Russell Smith" -GivenName:"Russell" -Name:"Russell Smith"
-Path:"OU=Accounts,DC=ad,DC=contoso,DC=com" -SamAccountName:"russellsmith" -Server:"dc1.ad.contoso.com"
1
-Surname:"Smith" -Type:"user" -AccountPassword (ConvertTo-SecureString Pas$W0rd!!11 -AsPlainText -Force) -Enabled
$true
Create Active Directory Groups
PowerShell
New-ADGroup -GroupCategory:"Security" -GroupScope:"Global" -Name:"Netwrix"
1
-Path:"OU=Accounts,DC=ad,DC=contoso,DC=com" -SamAccountName:"Netwrix" -Server:"dc1.ad.contoso.com"
Add Users to Groups
Once you have some users and groups in your domain, you can add users to
groups with the Add-ADGroupMember cmdlet.
PowerShell
1 Add-ADGroupMember -Identity Netwrix -Members russellsmith,bob.trent
Create New Organizational Units
PowerShell
New-ADOrganizationalUnit -Name:"Sensitive" -Path:"OU=Accounts,DC=ad,DC=contoso,DC=com"
1
-ProtectedFromAccidentalDeletion:$true -Server:"dc1.ad.contoso.com"
Deleting Active Directory Objects
PowerShell
1 Remove-ADUser -Identity russellsmith
2 Remove-ADGroup -Identity Netwrix
Before you can delete an OU, you need to set the accidental deletion flag to
false using Set-ADObject.
PowerShell
Set-ADObject -Identity:"OU=Sensitive,OU=Accounts,DC=ad,DC=contoso,DC=com" -ProtectedFromAccidentalDeletion:
1
$false -Server:"dc1.ad.contoso.com"
2
3
Remove-ADOrganizationalUnit -Identity "OU=Sensitive,OU=Accounts,DC=ad,DC=contoso,DC=com"
Import Users from a CSV File
PowerShell
Import-Csv -Path c:\temp\users.csv | ForEach-Object {
1
$givenName = $_.name.split()[0]
2
3
$surname = $_.name.split()[1]
4
5
New-ADUser -Name $_.name -Enabled $true –GivenName $givenName –Surname $surname -Accountpassword
6
(ConvertTo-SecureString $_.password -AsPlainText -Force) -ChangePasswordAtLogon $true -SamAccountName
7
$_.samaccountname –UserPrincipalName ($_.samaccountname+”@ad.contoso.com”) -City $_.city -Department
8
$_.department
9
}
The first line of the text file contains the field names. You can add as many
users as you want.
Name,samAccountName,Password,City,Department
Russell Smith,smithrussell,PassW0rd!!11,London,IT
David Jones,jonesdavid,4SHH$$#AAAHh,New York,Accounts
Move AD Objects
PowerShell
Move-ADObject -Identity "CN=Russell Smith,OU=Accounts,DC=ad,DC=contoso,DC=com" -TargetPath
1
"CN=Users,DC=ad,DC=contoso,DC=com"
Link a Group Policy Object
While PowerShell can’t be used to create Group Policy Objects (GPO), it can
be used to perform other tasks related to Group Policy. The New-GPLink
cmdlet is used to link existing GPOs to OUs. In the example below, I link a
GPO called Firewall Settings to the Accounts OU.
PowerShell
New-GPLink -Name "Firewall Settings" -Target "OU=Accounts,DC=ad,DC=contoso,DC=com" -LinkEnabled Yes -Enforced
1
Yes
The Get-ADObject cmdlet can be used to filter the directory and display
information about objects. In the example below, I use a filter to find the
Accounts OU and then pipe the results to the Get-GPInheritence cmdlet.
Select-Object is then used to extract information about the GPOs linked to the
OU.
PowerShell
Get-ADObject -Filter {name -like "Accounts*"} | Get-GPInheritance | Select-Object -Expand gpolinks | ForEach-Object {Get-
1
GPO -Guid $_.gpoid}
PowerShell
1 Search-ADAccount –LockedOut | Unlock-ADAccount
Get-ADObject can be used with complex filters. Here I list all objects created
after the specified date ($Date).
PowerShell
1 $Date = [Datetime]"02/07/2019"
2 Get-ADObject -Filter 'WhenCreated -GT $Date'
Filters can get quite complex. In the next command, I list all deleted objects
where the change attribute is later than the specified date, and that can be
restored, excluding the Deleted Objects container.
PowerShell
Get-ADObject -Filter 'whenChanged -gt $Date -and isDeleted -eq $True -and name -ne "Deleted Objects"'
1
-IncludeDeletedObjects
Finally, I use Get-EventLog to search the event logs on each DC for login
event ID 4624. Note the use of Get-ADDomainController to return all the DCs
in the domain. Once I’ve retrieved the necessary information, I use Write-Host
to write the output to the terminal window, with information separated by tabs
to make it easier to read.
PowerShell
$DCs = Get-ADDomainController -Filter *
1 $startDate = (get-date).AddDays(-1)
2
3
4 foreach ($DC in $DCs){
5 $slogonevents = Get-Eventlog -LogName Security -ComputerName $DC.Hostname -after $startDate | Where-Object
6 {$_.eventID -eq 4624 }}
7
8 foreach ($e in $slogonevents){
9
10 if (($e.EventID -eq 4624 ) -and ($e.ReplacementStrings[8] -eq 2)){
11 write-host "Type: Local Logon`tDate: "$e.TimeGenerated "`tStatus: Success`tUser: "$e.ReplacementStrings[5]
12 "`tWorkstation: "$e.ReplacementStrings[11]
13 }
14
15 if (($e.EventID -eq 4624 ) -and ($e.ReplacementStrings[8] -eq 10)){
16 write-host "Type: Remote Logon`tDate: "$e.TimeGenerated "`tStatus: Success`tUser: "$e.ReplacementStrings[5]
"`tWorkstation: "$e.ReplacementStrings[11] "`tIP Address: "$e.ReplacementStrings[18]
}}