Please wait,
Processing your request...

    0%
  Business logo VanSoest.it
  ... | Selecteer de Nederlandse taal |
Sharing is caring
| Print this page. | Linkedin page of Johan van Soest

React: Postcard image. Click this to mail to Johan




WebHalla
 Content
  Management
   System

ICT-Hotlist Topic

Using Windows PowerShell Cmdlets to manage Active Directory (AD DS)

In this article you can read about using the command prompt to modify the Active Directory. This article shows you the PowerShell commands to add, change and delete AD DS objects.

Using Windows PowerShell Cmdlets to Manage Users

Cmdlet Description
New-ADUser Creates user accounts.
Set-ADUser Modifies properties of user accounts.
Remove-ADUser Deletes user accounts.
Set-ADAccountPassword Resets the password of a user account.
Set-ADAccountExpiration Modifies the expiration date of a user account.
Unlock-ADAccount Unlocks a user account when it is locked after exceeding the accepted number of incorrect login attempts.
Enable-ADAccount Enables a user account.
Disable-ADAccount Disables a user account.
The following is an example of a command that you could use to create a user account with a prompt for a password:
New-ADUser "Johan van Soest" -AccountPassword (Read-Host -AsSecureString "Enter password") -Department IT | Enable-Account

Using Windows PowerShell Cmdlets to Manage Groups

Cmdlet Description
New-ADGroup Creates new groups.
Set-ADGroup Modifies properties of groups.
Get-ADGroup Displays properties of groups.
Remove-ADGroup Deletes groups.
Add-ADGroupMember Adds members to groups.
Get-ADGroupMember Displays membership of groups.
Remove-ADGroupMember Removes members from groups.
Add-ADPrincipalGroupMembership Adds group membership to objects.
Get-ADPrincipalGroupMembership Displays group membership of objects.
Remove-ADPrincipalGroupMembership Removes group membership from an object.
The following command is an example of what you could type at a Windows PowerShell prompt to create a new group:
New-ADGroup -Name "Project_2016Q3" -Path "ou=managers,dc=van_Soest,dc=it" -GroupScope Global -GroupCategory Security

Using Windows PowerShell Cmdlets to Manage Computer Accounts

Cmdlet Description
New-ADComputer Creates a new computer account.
Set-ADComputer Modifies properties of a computer account.
Get-ADComputer Displays properties of a computer account.
Remove-ADComputer Deletes a computer account.
Test-ComputerSecureChannel Verifies or repairs the trust relationship between a computer and the domain.
Reset-ComputerMachinePassword Resets the password for a computer account.
The following is an example that you can use to create a computer account:
New-ADComputer -Name NLAALPC160101 -Path "ou=management,dc=van_Soest,dc=it" -Enabled $true

Using Windows PowerShell Cmdlets to Manage OUs

Cmdlet Description
New-ADOrganizationalUnit Creates OUs.
Set-ADOrganizationalUnit Modifies properties of OUs.
Get-ADOrganizationalUnit Displays properties of OUs.
Remove-ADOrganizationalUnit Deletes OUs.
The following is an example you can use when you want to create a new OU:
New-ADOrganizationalUnit -Name Sales -Path "ou=marketing,dc=van_Soest,dc=it" -ProtectedFromAccidentalDeletion $true

PowerShell Active Directory (AD DS) example

The following PowerShell scripts recreate the example from topic : "DSADD ou, DSADD group, DSADD user, DSMOD ou, DSMOD group, DSMOD user, DSRM ou, DSRM group, DSRM user"
The examples create the structure in the following image:

Directory structure build by the examples.

Add an Active Directory Organizational Unit.

To Add an Organizational Unit "OU-Development" with description to the domain "van_soest.it" use:
###############################################################################
# This Powershell script creates an Active Directory organisational unit
# (C)Copyright 2015 - 2024 vanSoest.it by Johan van Soest
###############################################################################
Try{
    New-ADOrganizationalUnit -Name "OU-Development" `
            -Country "NL" `
            -City "Waalre" `
            -Description "Organizational unit for Development groups" `
            -State "NB" `
            -Path "DC=van_soest,DC=it" `
    Write-Host "Succesful creation of Organizational Unit"
    }
Catch{
    $ErrorMessage = $_.Exception.Message
    $FailedItem = $_.Exception.ItemName

    Write-Host "Could not create Organizational Unit. `n[$ErrorMessage] `n[$FailedItem]" -ForegroundColor Red
    Read-Host "Read error and press enter to continue"
    }

Warning: A Windows domain name can not contain an underscore "_" according to these standards. The underscore is used in these examples as a spam counter measure.

Add an Active Directory Group.

Adding a global security group "Gsg-Development" with a description to the "OU-Development" container can be done by:
###############################################################################
# This Powershell script creates an Active Directory global security group
# (C)Copyright 2015 - 2024 vanSoest.it by Johan van Soest
###############################################################################

Try{
    New-ADGroup -Name "Gsg-Development" `
            -Description "Software development department" `
            -GroupCategory Security `
            -GroupScope Global `
            -SamAccountName "Gsg-Development" `
            -Path "OU=OU-Development,DC=van_soest,DC=it"
    Write-Host "Succesful creation"
    }
Catch{
    $ErrorMessage = $_.Exception.Message
    $FailedItem = $_.Exception.ItemName

    Write-Host "Could not create Group. `n[$ErrorMessage] `n[$FailedItem]" -ForegroundColor Red
    Read-Host "Read error and press enter to continue"
    }

Add an Active Directory User.

Adding an User to the "Users" container with the following properties:
  • First name = "Johan"
  • Last name = "Soest van"
  • Login Name = "Johanvs"
  • Description = "Johan van Soest"
  • Password = "V3ry S3cr3t!"
  • Title = "Job Title"
  • Department ="ICT-department"
  • Company name = "van_soest.it"
  • E-mail = johan@van_soest.it
  • Home drive = "G:\"
  • Home Directory = "\\dc1\johanvs$"
can be done by:
###############################################################################
# This Powershell script creates an Active Directory user
# (C)Copyright 2015 - 2024 vanSoest.it by Johan van Soest
###############################################################################

# Create secure password so account is enabled right away

$PlainPassword = "V3ry S3cr3t!"
$SecurePassword = $PlainPassword | ConvertTo-SecureString -AsPlainText -Force
Try{
    New-ADUser -Name "Johanvs" `
            -AccountPassword $SecurePassword `
            -CannotChangePassword $False `
            -ChangePasswordAtLogon $False `
            -City "Waalre" `
            -Company "van_soest.it" `
            -Country "NL" `
            -Department "ICT-department" `
            -Description "Johan van Soest" `
            -EmailAddress "johan@van_soest.it" `
            -Enabled $True `
            -GivenName "Johan" `
            -HomeDirectory "\\dc1\johanvs$" `
            -HomeDrive "G:" `
            -Name "Johan van Soest" `
            -PasswordNeverExpires $False `
            -PasswordNotRequired $False `
            -Path "cn=Users,DC=van_soest,DC=it" `
            -Surname "Soest van" `
            -Title "Job Title" `
    Write-Host "Succesful creation of user"
    }
Catch{
    $ErrorMessage = $_.Exception.Message
    $FailedItem = $_.Exception.ItemName

    Write-Host "Could not create User. `n[$ErrorMessage] `n[$FailedItem]" -ForegroundColor Red
    Read-Host "Read error and press enter to continue"
    }

Add an Active Directory User to an Active Directory Group.

To add an user "Johan van Soest" to the group "Gsg-Development" after the creation of both, you can use:
###############################################################################
# This Powershell script adds an Active Directory user to an AD group
# (C)Copyright 2015 - 2024 vanSoest.it by Johan van Soest
###############################################################################

Try{
    $ADUser = Get-ADUser "cn=Johan van Soest,cn=Users,DC=van_soest,DC=it"
    $ADGroup = Get-ADGroup "cn=Gsg-Development,OU=OU-Development,DC=van_soest,DC=it"
    Add-ADGroupMember $ADGroup -Member $ADUser
    Write-Host "Succesful creation"
    }
Catch{
    $ErrorMessage = $_.Exception.Message
    $FailedItem = $_.Exception.ItemName

    Write-Host "Could not create User Group membership. `n[$ErrorMessage] `n[$FailedItem]" -ForegroundColor Red
    Read-Host "Read error and press enter to continue"
    }

Additional learning from these PowerShell examples

  • The try catch programming structure is also possible in PowerShell, so correct error handling can be performed.
  • `n creates a new line in the output produced by Write-Host.
  • The Write-Host -ForegroundColor and -BackgroundColor can change the text colors
  • To place a PowerShell command with all the options on multiple lines, close the lines using `
  • Off course you can load the data from a csv file in the Active Directory.
You may vote your opinion about this article:


Scripts and programming examples disclaimer

Unless stated otherwise, the script sources and programming examples provided are copyrighted freeware. You may modify them, as long as a reference to the original code and hyperlink to the source page is included in the modified code and documentation. However, it is not allowed to publish (copies of) scripts and programming examples on your own site, blog, vlog, or distribute them on paper or any other medium, without prior written consent.
Many of the techniques used in these scripts, including but not limited to modifying the registry or system files and settings, impose a risk of rendering the Operating System inoperable and loss of data. Make sure you have verified full backups and the associated restore software available before running any script or programming example. Use these scripts and programming examples entirely at your own risk. All liability claims against the author in relation to material or non-material losses caused by the use, misuse or non-use of the information provided, or the use of incorrect or incomplete information, are excluded. All content is subject to change and provided without obligation.
Generated by WebHalla™ Version 0.1.e.7 : Tuesday 8-10-2024 © Copyright 1995-2024 ing. Johan P.G. van Soest CIPM Certified Privacy Information Manager
Response Form    Cookie- and Privacy statement    Responsible Disclosure procedure
Weather in Waalre by OpenWeatherMap logo light rain
Temperature 15.01 °C light rain
Wind chill 15.05 °C light rain
Humidity 95 % light rain
Air pressure 999 hPa light rain
Wind speed 5.66 m/s light rain
Wind direction South South light rain
Sun Rise 7:50 Sun Rise
Sun Set 19:00 Sun Set
Updated:2024-10-08 07:37:01 light rain

Weather Cache is 4 minute(s) old.
| Current user: Guest | Login |