Microsoft provides PowerShell commands for all roles and features including Active Directory. There are more than 900 PowerShell cmdlets provided for Active Directory alone that can be used to access and manage information from domain controllers, global catalog servers, domains, and Active Directory forests. Based on your requirements, there are certain to be useful PowerShell cmdlets available. For example, if you need to read active directory users in an Active Directory domain, you can use the Get-ADUser PowerShell cmdlet. Similarly, if you need to collect a specific user’s property, you can execute Get-ADUser with parameters to retrieve the required information. In this article we will provide some useful but quick Active Directory PowerShell commands:
Quick Active Directory PowerShell commands: Ready, set, go…
Getting AD replication failure
One of the quickest commands to check whether Active Directory replication is working or not is to execute the Get-ADReplicationFailure PowerShell cmdlet. By using Get-ADReplicationFailure, you can know if there are any replication failures in an Active Directory site, a domain controller, or in a specific site. For example, to check a domain controller for replication failures, you can execute this PowerShell command:
Get-ADReplicationFailure –Target PRODServer1
In case you would like to include multiple domain controllers in the above command, separate each domain controller name by using a comma as shown in the command below:
Get-ADReplicationFailure –Target PRODServer1, PRODServer2, PRODServer3
Getting computer accounts starting with a string
If you need to know or list the computer accounts with a name starting with a particular string, you could use this PowerShell command:
Get-ADComputer –Filter “Name –Like “TC*” –Properties Name,DNSHostName,
To export the output in a CSV file add “| Export-CSV C:\Temp\OutPutFile.CSV” after the above command.
Getting HomeDrive Property values for all users
A quick PowerShell to report HomeDrive property value for all Active Directory users is just to use a simple PowerShell command as shown below:
Get-ADUser –Filter * | Select-Object HomeDrive | Export-CSV C:\Temp\HomeDriveForUsers.CSV
Quickly disabling user accounts in an organizational unit
If you would like to disable all AD user accounts in a specific organizational unit, the best way to do is to combine both Get-ADUser and Get-DisableADAccount PowerShell cmdlets as shown in the command below:
Get-ADUser -Filter ‘Name -like "*"‘ -SearchBase "OU=PROD1,OU=Users,DC=TechGenix,DC=Com" | Disable-ADAccount
And to enable AD accounts in a specific organizational unit, just replace “Disable-ADAccount” with “Enable-ADAccount” PowerShell cmdlet as shown in the command below:
Get-ADUser -Filter ‘Name -like "*"‘ -SearchBase "OU=PROD1,OU=Users,DC=TechGenix,DC=Com" | Enable-ADAccount
Testing a managed Active Directory service account
You can quickly test an Active Directory Managed Service account to ensure it’s ready for use, which means it can be authenticated and used by the production applications. To test the account, simply execute the PowerShell command shown below:
Test-ADServiceAccount –Identity SAAccount1
Creating hundreds of organizational units for testing purposes
If you would like to create hundreds of organizational units for testing purposes, you can create them one by one, but doing it manually would take a considerable amount of time. Here is a small PowerShell script to create test organizational units.
for ($i=0; $i -le 200; $i++)
{
$ThisOUNow = "TestOU"+$i
New-ADOrganizationalUnit -Name "$ThisOUNow" -Path "DC=TechGenix,DC=Com"
}
The above script creates 200 organizational units under the root of domain TechGenix.com.
Creating hundreds of user accounts for testing purposes
Similar to organizational units, you can also create test user accounts. But to create test user accounts you need to provide unique values to some of the attributes such as SamAccountName. Let’s see how to create sample hundreds of test accounts using a PowerShell script.
for ($i=0; $i -le 200; $i++)
{
$ThisUser = "TestUser"+$i
New-ADUser -Name "$ThisUser"
}
The above script creates 200 user accounts.
Creating hundreds of Group Accounts for testing purposes
If you would like to create test Group Accounts here is the PowerShell script
for ($i=0; $i -le 200; $i++)
{
$ThisGroup = "TestGroup"+$i
New-ADGroup -Name "$ThisGroup"
}
Get-ADObject -Filter ‘ObjectClass -eq "site"‘ -SearchBase ‘CN=Configuration,DC=Fabrikam,DC=Com’ -Properties siteObjectBL | foreach {$_.siteObjectBL}
Getting all deleted Active Directory objects
A simple and quick way to get all deleted Active Directory objects from the Active Directory, you can use the Get-ADObject PowerShell command as shown below:
Get-ADObject -Filter * isDeleted -eq $True | Export-CSV C:\Temp\DeletedObjects.CSV
Put them in your toolbox
In this article, we provided some quick PowerShell examples to work with Active Directory. You can use these PowerShell commands during your daily operational needs or whenever you need to use them.
Featured image: Shutterstock
