Tools for your toolbox: Quick Active Directory PowerShell commands

Microsoft provides PowerShell commands for all roles and features including Active Directory. There are more than 900 PowerShell cmdlets provided for Active Directory alone that can be used to access and manage information from domain controllers, global catalog servers, domains, and Active Directory forests. Based on your requirements, there are certain to be useful PowerShell cmdlets available. For example, if you need to read active directory users in an Active Directory domain, you can use the Get-ADUser PowerShell cmdlet. Similarly, if you need to collect a specific user’s property, you can execute Get-ADUser with parameters to retrieve the required information. In this article we will provide some useful but quick Active Directory PowerShell commands:

Quick Active Directory PowerShell commands: Ready, set, go...

Getting AD replication failure

One of the quickest commands to check whether Active Directory replication is working or not is to execute the Get-ADReplicationFailure PowerShell cmdlet. By using Get-ADReplicationFailure, you can know if there are any replication failures in an Active Directory site, a domain controller, or in a specific site. For example, to check a domain controller for replication failures, you can execute this PowerShell command:

Get-ADReplicationFailure –Target PRODServer1

In case you would like to include multiple domain controllers in the above command, separate each domain controller name by using a comma as shown in the command below:

Get-ADReplicationFailure –Target PRODServer1, PRODServer2, PRODServer3

Getting computer accounts starting with a string

If you need to know or list the computer accounts with a name starting with a particular string, you could use this PowerShell command:

Get-ADComputer –Filter “Name –Like “TC*” –Properties Name,DNSHostName,

To export the output in a CSV file add “| Export-CSV C:\Temp\OutPutFile.CSV” after the above command.

Getting HomeDrive Property values for all users

A quick PowerShell to report HomeDrive property value for all Active Directory users is just to use a simple PowerShell command as shown below:

Get-ADUser –Filter * | Select-Object HomeDrive | Export-CSV C:\Temp\HomeDriveForUsers.CSV

Quickly disabling user accounts in an organizational unit

If you would like to disable all AD user accounts in a specific organizational unit, the best way to do is to combine both Get-ADUser and Get-DisableADAccount PowerShell cmdlets as shown in the command below:

Get-ADUser -Filter ‘Name -like "*"‘ -SearchBase "OU=PROD1,OU=Users,DC=TechGenix,DC=Com" | Disable-ADAccount

And to enable AD accounts in a specific organizational unit, just replace “Disable-ADAccount” with “Enable-ADAccount” PowerShell cmdlet as shown in the command below:

Get-ADUser -Filter ‘Name -like "*"‘ -SearchBase "OU=PROD1,OU=Users,DC=TechGenix,DC=Com" | Enable-ADAccount

Testing a managed Active Directory service account

You can quickly test an Active Directory Managed Service account to ensure it’s ready for use, which means it can be authenticated and used by the production applications. To test the account, simply execute the PowerShell command shown below:

Test-ADServiceAccount –Identity SAAccount1

Creating hundreds of organizational units for testing purposes

If you would like to create hundreds of organizational units for testing purposes, you can create them one by one, but doing it manually would take a considerable amount of time. Here is a small PowerShell script to create test organizational units.

for ($i=0; $i -le 200; $i++)
$ThisOUNow = "TestOU"+$i
New-ADOrganizationalUnit -Name "$ThisOUNow" -Path "DC=TechGenix,DC=Com"

The above script creates 200 organizational units under the root of domain

Creating hundreds of user accounts for testing purposes

Similar to organizational units, you can also create test user accounts. But to create test user accounts you need to provide unique values to some of the attributes such as SamAccountName. Let’s see how to create sample hundreds of test accounts using a PowerShell script.

for ($i=0; $i -le 200; $i++)
$ThisUser = "TestUser"+$i
New-ADUser -Name "$ThisUser"

The above script creates 200 user accounts.

Creating hundreds of Group Accounts for testing purposes

If you would like to create test Group Accounts here is the PowerShell script

for ($i=0; $i -le 200; $i++)
$ThisGroup = "TestGroup"+$i
New-ADGroup -Name "$ThisGroup"
Get-ADObject -Filter ‘ObjectClass -eq "site"‘ -SearchBase ‘CN=Configuration,DC=Fabrikam,DC=Com’ -Properties siteObjectBL | foreach {$_.siteObjectBL}

Getting all deleted Active Directory objects

A simple and quick way to get all deleted Active Directory objects from the Active Directory, you can use the Get-ADObject PowerShell command as shown below:

Get-ADObject -Filter * isDeleted -eq $True | Export-CSV C:\Temp\DeletedObjects.CSV

Put them in your toolbox

In this article, we provided some quick PowerShell examples to work with Active Directory. You can use these PowerShell commands during your daily operational needs or whenever you need to use them.

Featured image: Shutterstock

Nirmal Sharma

Nirmal Sharma is a MCSEx3, MCITP and was awarded the Microsoft MVP award in Directory Services and Windows Networking. He specializes in Microsoft Azure, Office 365, Directory Services, Failover Clusters, Hyper-V, PowerShell Scripting and System Center products. Nirmal has been involved with Microsoft Technologies since 1994. In his spare time, he likes to help others and share some of his knowledge by writing tips and articles on various sites.

Published by
Nirmal Sharma
Tags Powershell

Recent Posts

Microsoft Teams guest access: How to enable and manage it

Two of the main factors that affect the total cost of an organization’s Microsoft 365…

10 hours ago

Samsung Galaxy Unpacked 2020: Everything you need to know

Samsung rolled out the all-new Galaxy Z Fold 2, Note 20, Note 20 Ultra handsets…

13 hours ago

SAN vs. NAS: Detailed comparison of these two storage technologies

SAN and NAS provide dedicated storage for a group of users using completely different approaches…

16 hours ago

Generation 1 virtual machines: Modernize them and bring them up to date

In many companies, Generation 1 virtual machines have been superseded by Gen 2 VMs. But…

1 day ago

Free VPNs from Hong Kong with ‘no-log policy’ experience data leak

With these free VPNs based in Hong Kong, you may not be paying any money…

2 days ago

Azure DevOps tips and tricks: Using built-in features

These Azure DevOps tips and tricks come fresh from the field where they have been…

2 days ago