Active Directory Powershell Commands

1. ##################
2. #Get-ADUser Command
3. ##################
4.  
5. #Get a Single User
6. get-aduser -Identity robert.allen
7.  
8. #Get a Single User and All User Properties
9. get-aduser -Identity robert.allen -Properties *
10.  
11.  
12. #Get All Users in the Domain - This will list all users and the default attributes.
13. get-aduser -filter*
14.  
15. #Find All Enabled Users
16. Get-ADUser -filter {Enabled -eq "true"} | ft
17.  
18. #export all users - exporting all users and selecting displayname, city, company, department, EmailAddress, and telephonenumber
19. get-aduser -filter * -Properties * | select displayname, city, company, department, EmailAddress, telephonenumber | export-csv -path c:\temp\export-all.csv
20.  
21. #Get All Users and Format the Output
22. get-aduser -filter * | Format-Table
23.  
24. #Get All Users & The Department Attribute
25. get-aduser -filter * -Properties * | select displayname, department
26.  
27.  
28. #Get All Users Email Addresses
29. get-aduser -filter * -Properties * | select givenname, sn, mail
30.  
31. # Get All Users from an OU - GET OU DN from Attribute editor
32. get-aduser -filter * -SearchBase "OU=Accounting,OU=ADPRO Users,DC=ad,DC=activedirectorypro,DC=com"
33.  
34.  
35.  
36. #Querying the password and login info for a user
37. get-aduser bgoodman -prop * | select *password*, *Logon*
38.  
39. #Displaying Proxy Addresses
40. Get-ADUser -Identity Abbey.Crawford -Properties * | Select Name,proxyaddresses |ft
41.  
42. #Displaying Last Logon Date and Time
43. Get-ADUser -Identity Abbey.Crawford -Properties * | Select Name,lastlogondate |ft
44.  
45.  
46. #Searching for accounts by account creation date
47. get-aduser bgoodman -Properties * | select name, Created
48.  
49.  
50. #Finding Accounts with Password Expiry Not Set
51. Get-ADUser -Filter {passwordneverexpires -eq "true"} | Select Name, sAMAccountName
52.  
53.  
54. #Finding Stale User Accounts - accounts that have not been used during the last 60 days:
55. $CutoffDate = (Get-Date).AddDays(-60)
56. Get-ADUser -Filter "LastLogonDate -lt '$CutoffDate'" -Properties LastLogonDate | Select Name, LastLogonDate
57.  
58. #How to create your PowerShell Profile
59. test-path $profile
60. New-Item -Path $profile -Type File -Force
61. ise $profile
62.  
63.  
64. #Added this into my PowerShell profile and now all of these attributes are available with just Get-ADUser <USERNAME>.
65.  
66. $PSDefaultParameterValues['Get-ADUser:Properties'] = @(
67.     'DisplayName',
68.     'Description',
69.     'EmailAddress',
70.     'LockedOut',
71.     'Manager',
72.     'MobilePhone',
73.     'telephoneNumber',
74.     'PasswordLastSet',
75.     'PasswordExpired',
76.     'ProxyAddresses',
77.     'Title',
78.     'wwWHomePage'
79. )
80.  
81. ##########
82. #set-aduser
83. ##########
84.  
85. #The following command will disable a user account in the domain:
86. Set-ADUser M.Becker -Enabled $False
87.  
88. #you can change multi-valued attributes. For example, let’s add multiple ProxyAddresses (email aliases) to a user:
89. Set-ADUser M.Becker -add @{ProxyAddresses="smtp:M.Becker@woshub.com, ,SMTP:moritz.becker@woshub.com " -split ","}
90.  
91. # force all users from the specified OU to change their passwords at the next logon:
92. Get-ADUser -Filter * -SearchBase "OU=Users,OU=DE,DC=bobcares,DC=loc" | Set-ADUser -ChangePasswordAtLogon $true
93.  
94.  
95. ################################
96. #adding and removing from groups
97. ################################
98.  
99. #In this scenario, we will add “Jason-Bourne” to the group, “The Office”, using the following cmdlet:
100. Add-ADGroupMember -Identity "The Office" -Members Jason-Bourne
101.  
102. #check the membership of the group.
103. Get-ADGroupMember -Identity "The Office" | ft
104.  
105. #You can also add multiple users to a group by separating them with a comma, as shown below.
106. Add-ADGroupMember "The Office" Jason-Bourne,Benedict.Cumberbatch,AbbeyCrawford,AbbeyEckels
107.  
108. #Copy Group Members to Another Group
109. Get-ADGroupMember “The Office” | Get-ADUser | ForEach-Object {Add-ADGroupMember -Identity “Work from home” -Members $_}
110.  
111. #Add All Users from a Specific OU in this case Engineering OU
112. Get-ADUser -Filter * -SearchBase “OU=Engineering,DC=milkyway,DC=local”| ForEach-Object -process {Add-ADGroupMember -identity "Engineering Users" -Members $_.SamAccountName}
113.  
114. #This will list all security groups in a domain
115. Get-ADGroup -filter *
116.  
117.  
118. #####################################
119. #Active Directory PowerShell Commands
120. #####################################
121.  
122. #View all Active Directory commands
123. get-command -Module ActiveDirectory
124.  
125. #View all Active Directory commands
126. get-command -Module ActiveDirectory
127. #Display Basic Domain Information
128. get-ADDomain
129.  
130. #Get all Domain Controllers by Hostname and Operating
131. Get-ADDomainController -filter * | select hostname, operatingsystem
132.  
133. #Get all Fine Grained Password Policies
134. Get-ADFineGrainedPasswordPolicy -filter *
135.  
136. #Get Domain Default Password Policy
137. Get-ADDefaultDomainPasswordPolicy
138.  
139. #Gets the password policy from the logged in domain
140. Get-ADDefaultDomainPasswordPolicy
141.