These are essential Active Directory (AD) PowerShell commands and scripts that you can use to manage and automate tasks in your AD environment. They can help with creating and managing users, groups, computers, domain controllers, OUs, and more, making it easier to perform administrative tasks in a large-scale environment.
Here’s a list of the Top 50 Active Directory (AD) PowerShell commands, scripts, and administrative tools that you can use to manage and automate your Active Directory environment.
1. Get-ADUser
Retrieves information about an Active Directory user.
Example:
Get-ADUser -Identity username2. Set-ADUser
Modifies properties of an Active Directory user.
Example:
Set-ADUser -Identity username -Description "Updated description"3. New-ADUser
Creates a new Active Directory user account.
Example:
New-ADUser -SamAccountName jdoe -UserPrincipalName jdoe@domain.com -Name "John Doe" -GivenName "John" -Surname "Doe" -Path "OU=Users,DC=domain,DC=com"
4. Remove-ADUser
Deletes an Active Directory user account.
Example:
Remove-ADUser -Identity jdoe
5. Get-ADGroup
Retrieves information about an Active Directory group.
Example:
Get-ADGroup -Identity "Admins"
6. Set-ADGroup
Modifies properties of an Active Directory group.
Example:
Set-ADGroup -Identity "Admins" -Description "Updated group description"
7. New-ADGroup
Creates a new Active Directory group.
Example:
New-ADGroup -Name "New Group" -GroupScope Global -Path "OU=Groups,DC=domain,DC=com"
8. Remove-ADGroup
Deletes an Active Directory group.
Example:
Remove-ADGroup -Identity "New Group"
9. Get-ADComputer
Retrieves information about an Active Directory computer.
Example:
Get-ADComputer -Identity "ComputerName"
10. Set-ADComputer
Modifies properties of an Active Directory computer.
Example:
Set-ADComputer -Identity "ComputerName" -Description "Updated computer description"
11. New-ADComputer
Creates a new Active Directory computer.
Example:
New-ADComputer -Name "ComputerName" -Path "OU=Computers,DC=domain,DC=com"
12. Remove-ADComputer
Deletes an Active Directory computer.
Example:
Remove-ADComputer -Identity "ComputerName"
13. Get-ADOrganizationalUnit
Retrieves information about Active Directory organizational units (OUs).
Example:
Get-ADOrganizationalUnit -Filter *
14. New-ADOrganizationalUnit
Creates a new Active Directory organizational unit.
Example:
New-ADOrganizationalUnit -Name "Sales" -Path "DC=domain,DC=com"
15. Set-ADOrganizationalUnit
Modifies properties of an Active Directory organizational unit.
Example:
Set-ADOrganizationalUnit -Identity "Sales" -Description "Updated description"
16. Remove-ADOrganizationalUnit
Deletes an Active Directory organizational unit.
Example:
Remove-ADOrganizationalUnit -Identity "Sales"
17. Get-ADDomainController
Retrieves information about Active Directory domain controllers.
Example:
Get-ADDomainController -Filter *
18. Get-ADSite
Retrieves information about Active Directory sites.
Example:
Get-ADSite -Filter *
19. Get-ADForest
Retrieves information about the Active Directory forest.
Example:
Get-ADForest
20. Get-ADDomain
Retrieves information about the Active Directory domain.
Example:
Get-ADDomain
21. Get-ADReplicationPartner
Retrieves information about replication partners.
Example:
Get-ADReplicationPartner -Target "domainController"
22. Get-ADGroupMember
Retrieves members of a specified Active Directory group.
Example:
Get-ADGroupMember -Identity "Admins"
23. Add-ADGroupMember
Adds a user or computer to an Active Directory group.
Example:
Add-ADGroupMember -Identity "Admins" -Members "jdoe"
24. Remove-ADGroupMember
Removes a user or computer from an Active Directory group.
Example:
Remove-ADGroupMember -Identity "Admins" -Members "jdoe"
25. Get-ADPrincipalGroupMembership
Retrieves the group membership of a user or computer.
Example:
Get-ADPrincipalGroupMembership -Identity "jdoe"
26. Set-ADUserPassword
Resets or modifies a user’s password.
Example:
Set-ADUserPassword -Identity "jdoe" -NewPassword (ConvertTo-SecureString -AsPlainText "NewPassword123" -Force)
27. Unlock-ADAccount
Unlocks a locked Active Directory account.
Example:
Unlock-ADAccount -Identity "jdoe"
28. Enable-ADAccount
Enables a disabled Active Directory account.
Example:
Enable-ADAccount -Identity "jdoe"
29. Disable-ADAccount
Disables an Active Directory account.
Example:
Disable-ADAccount -Identity "jdoe"
30. Get-ADUserResultantPasswordPolicy
Retrieves the password policy applied to a user.
Example:
Get-ADUserResultantPasswordPolicy -Identity "jdoe"
31. Get-ADObject
Retrieves an Active Directory object (user, group, OU, etc.) by object class.
Example:
Get-ADObject -Filter "ObjectClass -eq 'user'"
32. Set-ADObject
Modifies an Active Directory object.
Example:
Set-ADObject -Identity "CN=John Doe,OU=Users,DC=domain,DC=com" -Description "Updated object description"
33. Search-ADAccount
Searches for Active Directory accounts based on criteria.
Example:
Search-ADAccount -LockedOut
34. Get-ADObject -LDAPFilter
Search using LDAP filter.
Example:
Get-ADObject -LDAPFilter "(objectClass=user)"
35. Get-ADDomainControllerPasswordReplicationPolicy
Retrieves the password replication policy for a domain controller.
Example:
Get-ADDomainControllerPasswordReplicationPolicy -Identity "DC01"
36. Test-Connection
Tests the connection to an Active Directory server or computer.
Example:
Test-Connection -ComputerName "DC01"
37. Get-ADUserLogon
Retrieves the last logon time for a user.
Example:
Get-ADUser -Identity "jdoe" -Properties LastLogonDate
38. Get-ADReplicationFailure
Retrieves information about Active Directory replication failures.
Example:
Get-ADReplicationFailure -Scope Domain
39. Get-ADDomainTrust
Retrieves information about Active Directory domain trusts.
Example:
Get-ADDomainTrust -Filter *
40. Set-ADReplicationSiteLink
Modifies an Active Directory replication site link.
Example:
Set-ADReplicationSiteLink -Identity "SiteLink01" -Cost 100
41. New-ADServiceAccount
Creates a new managed service account.
Example:
New-ADServiceAccount -Name "MSSQLService" -RestrictToSingleComputer
42. Install-ADDSForest
Installs a new Active Directory forest.
Example:
Install-ADDSForest -DomainName "yrdomain" -InstallDns
43. Install-ADDSDomain
Installs a new domain in an existing forest.
Example:
Install-ADDSDomain -DomainName "yrnewdomain"
44. Move-ADObject
Moves an object (e.g., user, group, computer) to another container or organizational unit (OU).
Example:
Move-ADObject -Identity "CN=John Doe,OU=Users,DC=domain,DC=com" -TargetPath "OU=Managers,DC=domain,DC=com"
45. Get-ADAccessControlEntry
Retrieves the access control entries (ACE) for an Active Directory object.
Example:
Get-ADAccessControlEntry -Identity "CN=John Doe,OU=Users,DC=domain,DC=com"
46. Set-ADAccessControlEntry
Modifies the access control entries (ACE) for an Active Directory object.
Example:
Set-ADAccessControlEntry -Identity "CN=John Doe,OU=Users,DC=domain,DC=com" -AclObject "newACL"
47. Get-ADAudit
Retrieves audit logs for Active Directory.
Example:
Get-ADAudit -Target "Domain"
48. Get-ADServiceAccount
Retrieves managed service accounts.
Example:
Get-ADServiceAccount -Filter *
49. Get-ADOrganizationalUnit -Filter
Retrieves specific organizational units using a filter.
Example:
Get-ADOrganizationalUnit -Filter "Name -like '*Sales*'"
50. Get-ADTrust
Retrieves trust relationships between Active Directory domains or forests.
Example:
Get-ADTrust -Filter *These PowerShell scripts for Active Directory can help you automate and streamline your AD management tasks.