PowerShell: Active Directory - Gary-Moore/developmentwiki GitHub Wiki
Get-ADUser
The Get-ADUser cmdlet gets a specified user object or performs a search to get multiple user objects.
The Identity parameter specifies the Active Directory user to get. You can identify a user by its distinguished name (DN), GUID, security identifier (SID), Security Account Manager (SAM) account name or name. You can also set the parameter to a user object variable, such as $ or pass a user object through the pipeline to the Identity parameter.
Get-ADUser -Filter 'Name -like "*SvcAccount"' | Format-Table Name,SamAccountName -A
Get-ADUser -Identity ChewDavid -Properties *
Get-ADGroup
The Get-ADGroup cmdlet gets a group or performs a search to retrieve multiple groups from an Active Directory.
The Identity parameter specifies the Active Directory group to get. You can identify a group by its distinguished name (DN), GUID, security identifier (SID), Security Accounts Manager (SAM) account name, or canonical name. You can also specify group object variable, such as $.
Get-ADGroup -Identity Administrators
Get a group and filter the results
Get-ADGroup -Filter {Name -like "*mktg"}
Get-ADGroup -Filter 'GroupCategory -eq "Security" -and GroupScope -ne "DomainLocal"'
https://docs.microsoft.com/en-us/powershell/module/addsadministration/get-adgroup?view=win10-ps
Get-ADGroupMember
The Get-ADGroupMember cmdlet gets the members of an Active Directory group. Members can be users, groups, and computers.
The Identity parameter specifies the Active Directory group to access. You can identify a group by its distinguished name, GUID, security identifier, or Security Account Manager (SAM) account name. You can also specify the group by passing a group object through the pipeline. For example, you can use the Get-ADGroup cmdlet to get a group object and then pass the object through the pipeline to the Get-ADGroupMember cmdlet.
Get-ADGroupMember -Identity Administrators
Get-ADGroupMember -Identity Administrators
Search-ADAccount
The Search-ADAccount cmdlet retrieves one or more user, computer, or service accounts that meet the criteria specified by the parameters. Search criteria include account and password status. For example, you can search for all accounts that have expired by specifying the AccountExpired parameter. Similarly, you can search for all accounts with an expired password by specifying the PasswordExpired parameter. You can limit the search to user accounts by specifying the UsersOnly parameter. Similarly, when you specify the ComputersOnly parameter, the cmdlet only retrieves computer accounts.
Search-ADAccount -AccountDisabled | FT Name,ObjectClass -A
https://docs.microsoft.com/en-gb/powershell/module/addsadministration/Search-ADAccount?view=win10-ps
Get-ADComputer
The Get-ADComputer cmdlet gets a computer or performs a search to retrieve multiple computers.
The Identity parameter specifies the Active Directory computer to retrieve. You can identify a computer by its distinguished name, GUID, security identifier (SID) or Security Accounts Manager (SAM) account name. You can also set the parameter to a computer object variable, such as $ or pass a computer object through the pipeline to the Identity parameter.
Get-ADComputer -Identity "User01-SRV1" -Properties *
https://docs.microsoft.com/en-gb/powershell/module/addsadministration/Get-ADComputer?view=win10-ps