Below are the command that can come handy in day to day Active Directory Admin works
Before running in any AD related commands – always run the “Import-Module ActiveDirectory” command
How to Search for AD Locked Accounts
Search-ADAccount -LockedOut –
Adding/removing members from AD Groups
Add-ADGroupMember -Identity “group_name” -Member username
remove-ADGroupMember -Identity “group_name” -Member username
Adding Multiple Users to Groups
Import-module ActiveDirectory
Import-CSV "C:\members.csv" | % {
Add-ADGroupMember -Identity group1 -Member $_.UserName
}
How to get names from AD groups
Get-ADGroupMember -identity "name of the group" -Recursive | select name,objectclass,displayname
How to update CNAMES in DNS using a powershell script
$cnames = Import-Csv c:\cnames.csv
ForEach($cname in $cnames){
Write-Host -ForegroundColor Yellow "Creating CNAME: "$cname.alias
Add-DnsServerResourceRecordCName -Name $cname.name -HostNameAlias $cname.alias
}
How to get AD groups that start with certain words
Get-ADGroup -FILTER {name -like "*test*"} -Properties Description | Select name, description
How to get the list of all the domain controllers in the forest
$getDC = (Get-ADForest).Domains | %{ Get-ADDomainController -Filter * -Server $_ }
How to search for AD group with certian letters in the group name
Get-ADGroup -Filter {name -like “facebook*”} -Properties Description | Select Name,Description | More
How to get the list of all disabled computers in AD
Get-ADComputer -Filter {(Enabled -eq $False)} -ResultPageSize 2000 -ResultSetSize $null -Server <AnyDomainController> -Properties Name, OperatingSystem
How to reset the AD user password using powershell
Set-ADAccountPassword -Identity user -NewPassword (ConvertTo-SecureString -AsPlainText “xxx” -Force)
