Active Directory (AD) is a cornerstone of network and resource management in many IT environments. PowerShell scripts provide a powerful tool to automate and simplify various AD tasks. Below are ten essential PowerShell scripts that every IT professional should have in their toolkit for effective Active Directory management.
1. Get a List of All AD Users
Get-ADUser -Filter * -Properties *
This script fetches all users in Active Directory, displaying their full properties.
2. Create a New AD User
New-ADUser -Name "UserName" -GivenName "First" -Surname "Last" -SamAccountName "UserName" -UserPrincipalName "UserName@domain.com" -Path "OU=Users,DC=domain,DC=com"
Create a new user account in Active Directory with this script.
3. Reset an AD User’s Password
Set-ADAccountPassword -Identity "UserName" -NewPassword (ConvertTo-SecureString -AsPlainText "newpassword" -Force)
Use this script to reset the password for a specified user.
4. Enable or Disable an AD Account
Enable-ADAccount -Identity "UserName"
Disable-ADAccount -Identity "UserName"
Toggle the enabled status of a user account in Active Directory.
5. Add a User to an AD Group
Add-ADGroupMember -Identity "GroupName" -Members "UserName"
Easily add a user to a specified group in AD with this script.
6. Remove a User from an AD Group
Remove-ADGroupMember -Identity "GroupName" -Members "UserName" -Confirm:$false
Remove a user from a specific AD group, bypassing confirmation prompts.
7. Get a List of Users in an AD Group
Get-ADGroupMember -Identity "GroupName"
Retrieve all users in a specified AD group.
8. Find and Export Locked Out AD Accounts
# Find all locked out AD accounts
$LockedOutAccounts = Search-ADAccount -LockedOut
# Define the path for the CSV file
$CsvPath = "C:\LockedOut_AD_Users.csv"
# Export the locked out users' details to the CSV file
$LockedOutAccounts | Select-Object Name, SamAccountName, ObjectClass, LockedOut | Export-Csv -Path $CsvPath -NoTypeInformation
Identify and export details of all locked-out AD accounts to a CSV file for auditing.
9. Unlock an AD Account and Export to CSV
# Define the user to be unlocked
$UserName = "UserName"
# Unlock the AD Account
Unlock-ADAccount -Identity $UserName
# Retrieve the unlocked user's details
$UnlockedUser = Get-ADUser -Identity $UserName -Properties *
# Define the path for the CSV file
$CsvPath = "C:\Unlocked_AD_Users.csv"
# Export the user's details to the CSV file
$UnlockedUser | Select-Object Name, SamAccountName, Enabled, LockedOut | Export-Csv -Path $CsvPath -NoTypeInformation
Unlock an AD account and export the user details to a CSV file.
10. Export AD Users to a CSV File
Get-ADUser -Filter * -Properties * | Export-Csv -Path "C:\AD_Users.csv"
Export details of all AD users to a CSV file for comprehensive analysis.
Using these scripts can significantly enhance your efficiency in managing Active Directory. They provide quick solutions for common tasks, ensuring a more streamlined and secure IT environment.