Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ##################
- #Get-ADUser Command
- ##################
- #Get a Single User
- get-aduser -Identity robert.allen
- #Get a Single User and All User Properties
- get-aduser -Identity robert.allen -Properties *
- #Get All Users in the Domain - This will list all users and the default attributes.
- get-aduser -filter*
- #Find All Enabled Users
- Get-ADUser -filter {Enabled -eq "true"} | ft
- #export all users - exporting all users and selecting displayname, city, company, department, EmailAddress, and telephonenumber
- get-aduser -filter * -Properties * | select displayname, city, company, department, EmailAddress, telephonenumber | export-csv -path c:\temp\export-all.csv
- #Get All Users and Format the Output
- get-aduser -filter * | Format-Table
- #Get All Users & The Department Attribute
- get-aduser -filter * -Properties * | select displayname, department
- #Get All Users Email Addresses
- get-aduser -filter * -Properties * | select givenname, sn, mail
- # Get All Users from an OU - GET OU DN from Attribute editor
- get-aduser -filter * -SearchBase "OU=Accounting,OU=ADPRO Users,DC=ad,DC=activedirectorypro,DC=com"
- #Querying the password and login info for a user
- get-aduser bgoodman -prop * | select *password*, *Logon*
- #Displaying Proxy Addresses
- Get-ADUser -Identity Abbey.Crawford -Properties * | Select Name,proxyaddresses |ft
- #Displaying Last Logon Date and Time
- Get-ADUser -Identity Abbey.Crawford -Properties * | Select Name,lastlogondate |ft
- #Searching for accounts by account creation date
- get-aduser bgoodman -Properties * | select name, Created
- #Finding Accounts with Password Expiry Not Set
- Get-ADUser -Filter {passwordneverexpires -eq "true"} | Select Name, sAMAccountName
- #Finding Stale User Accounts - accounts that have not been used during the last 60 days:
- $CutoffDate = (Get-Date).AddDays(-60)
- Get-ADUser -Filter "LastLogonDate -lt '$CutoffDate'" -Properties LastLogonDate | Select Name, LastLogonDate
- #How to create your PowerShell Profile
- test-path $profile
- New-Item -Path $profile -Type File -Force
- ise $profile
- #Added this into my PowerShell profile and now all of these attributes are available with just Get-ADUser <USERNAME>.
- $PSDefaultParameterValues['Get-ADUser:Properties'] = @(
- 'DisplayName',
- 'Description',
- 'EmailAddress',
- 'LockedOut',
- 'Manager',
- 'MobilePhone',
- 'telephoneNumber',
- 'PasswordLastSet',
- 'PasswordExpired',
- 'ProxyAddresses',
- 'Title',
- 'wwWHomePage'
- )
- ##########
- #set-aduser
- ##########
- #The following command will disable a user account in the domain:
- Set-ADUser M.Becker -Enabled $False
- #you can change multi-valued attributes. For example, let’s add multiple ProxyAddresses (email aliases) to a user:
- Set-ADUser M.Becker -add @{ProxyAddresses="smtp:M.Becker@woshub.com, ,SMTP:moritz.becker@woshub.com " -split ","}
- # force all users from the specified OU to change their passwords at the next logon:
- Get-ADUser -Filter * -SearchBase "OU=Users,OU=DE,DC=bobcares,DC=loc" | Set-ADUser -ChangePasswordAtLogon $true
- ################################
- #adding and removing from groups
- ################################
- #In this scenario, we will add “Jason-Bourne” to the group, “The Office”, using the following cmdlet:
- Add-ADGroupMember -Identity "The Office" -Members Jason-Bourne
- #check the membership of the group.
- Get-ADGroupMember -Identity "The Office" | ft
- #You can also add multiple users to a group by separating them with a comma, as shown below.
- Add-ADGroupMember "The Office" Jason-Bourne,Benedict.Cumberbatch,AbbeyCrawford,AbbeyEckels
- #Copy Group Members to Another Group
- Get-ADGroupMember “The Office” | Get-ADUser | ForEach-Object {Add-ADGroupMember -Identity “Work from home” -Members $_}
- #Add All Users from a Specific OU in this case Engineering OU
- Get-ADUser -Filter * -SearchBase “OU=Engineering,DC=milkyway,DC=local”| ForEach-Object -process {Add-ADGroupMember -identity "Engineering Users" -Members $_.SamAccountName}
- #This will list all security groups in a domain
- Get-ADGroup -filter *
- #####################################
- #Active Directory PowerShell Commands
- #####################################
- #View all Active Directory commands
- get-command -Module ActiveDirectory
- #View all Active Directory commands
- get-command -Module ActiveDirectory
- #Display Basic Domain Information
- get-ADDomain
- #Get all Domain Controllers by Hostname and Operating
- Get-ADDomainController -filter * | select hostname, operatingsystem
- #Get all Fine Grained Password Policies
- Get-ADFineGrainedPasswordPolicy -filter *
- #Get Domain Default Password Policy
- Get-ADDefaultDomainPasswordPolicy
- #Gets the password policy from the logged in domain
- Get-ADDefaultDomainPasswordPolicy
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement