I have comprised some of the best Active directory Powershell scripts below which will surely save your time and work. Managing the domain is the work of Active Directory and understanding each and every content is must. Active Directory comprises of users, groups it can be checked in Active directory users and computers (ADUC). Creating user in a domain or retaining the user in the domain is the job of windows administrator.
While I have worked for so many years , I came across many challenges as a windows administrator it is sometimes not easy to create a set of users or groups within your domain. It requires to be automated so that it saves time. Incase you like this category there are other categories as well to be explored.  There is DNS powershell script, DHCP powershell scripts and my own powershell repository.
Useful Powershell commands for Active Directory
Get All the AD User in the domain
Get-aduser -properties * -filter *
Import  Active Directory Module
Import-module activedirectory
Get All the Computers from the domain
Get-adcomputer -properties * -filter *
Disable AD User by SAM account Name
Disable-ADaccount -identity "Name"
Export Data to CSV Format
Get-adcomputer -properties * -filter * |export-csv "give path"
Get AD Groups SAM account Name
Get-ADgroup -identity "provide group name"
Select specific Attribute of User
Get-aduser -properties * -filter *
Get Domain information
Get-ADdomain
Install Active Directory Role
Install-windowsfeature AD-Domain-Services
Get Domain controllers list
Get-ADDomainControllerÂ
AD User Recovery
Recover deleted user from Domain controller. We face many issues while AD cleanup we sometimes delete AD users ad it created a havoc among us. Providing the solution for the necessity here it goes.
How it works
Recover deleted user from Domain controller. We face many issues while AD cleanup we sometimes delete AD users ad it created havoc among us. Providing the solution for the necessity here it goes in Active Directory Powershell Scripts.
Probable outcome
After you run this script do a search for the user in dsa.msc and it should be back without any info loss. This script is very handy and I wish to have it rather than doing with GUI.
Download
You can download the script from below.
Adding server into Domain
It is a huge task when it comes to add a server to the domain, change IP, and that sometimes becomes frustrating so why not automate it. The script works spotlessly without any hiccups. This is a great one in the active directory Powershell scripts category.
How it works
Usually the script ask to provide the domain controller IP which is the foremost requirement when you add the server to domain. After that it generally ask to provide the domain name it is something like xyz.com, anything and reboots the server without permission as wo require the permission when you ought to restart the server or system anyways.
Probable outcome
After you run this script first thing first login to the system with domain credentials to test whether you are able to login or not or else there might be some issue we need to check. If you face any issue let me know so that I can show you the demo.
Download
You can download the script from below.
Are you tired of searching for and hiring copywriters who charge exorbitant fees? If you answered yes, then copywriting software might be a good fit for you! The importance of content in any business cannot be overstated. Why not you, if smart marketers are already using AI tools to generate profitable results?
CopyBlocks AI allows you to create highly engaging marketing copy and sell it to your clients for a large profit! CopyBlocks AI acts as a professional copywriter for you and your clients without you having to write a single word. Excited? Get Started With Copy Blocks Right Now and Get a 30-Day Money-Back Guarantee!
FSMO Role Transfer
It is a huge task when it comes to add a server to the domain, change IP this, and that sometimes becomes frustrating so why not automate it. The scripts work spotlessly without any hiccups and meant to be best in Active directory PowerShell scripts.
How it works
Usually the scripts ask to provide the preference from 1-6, which role you want to send to the other DC. Likewise if we do with GUI it is a huge task, so it is very easy in powershell. In this scripts if the transfer is successful you will get a prompt if the role is successfully transfered.
Probable Outcome
After you run this script you will be able to transfer the roles from one DC to another ad you can check as well. FSMO roles is a very important hence do it very carefully.
Download
You can download the script via the highlighted link.
Disabling Inactive users in AD
Disabling AD user is a monthly activity and can be hard if you perform it via GUI if there are may users. I bring you a script in which you can disable bulk users via Powershell.
How it works
The script will ask for the user identity for which you want to disable and similarly for bulk provide a sheet of user and it will identify using the Sam account. Looks easy right with powershell, yes it is very easy.
Probable Outcome
After you run this script you will be able to transfer the roles from one DC to another ad you can check as well. FSMO roles is a very important hence do it very carefully.
Download
You can download the script from below.
Inactive user Report
While you are auditing there will be ask to provide user list who are not using their system or are not logging in for some certain period of time, well this script does the same and makes it easier.
How it works
The script fetches the report who has not logged in to the system for a certain amount of time say 90 days and send a mail to us. Make sure you have the correct SMTP defined so that you will receive mail.
Probable Outcome
The script will show you the results of the inactive users who hasn’t logged in for the provided span of time.
Download
You can download the script from below.
Fetch AD Computer Details to CSV
While you are auditing there will be ask to provide user list who are not using their system or are not logging in for some certain period of time, well this script does the same and makes it easier.
How it works
The script fetches the list of computers in the environment and export it to a csv.
Probable Outcome
We can get a csv file with the list of computers.
Download
You can download the script from below.
Enable AD Recylcebin
Enabling a recyclebin of your AD is a must when you don’t want to lose the info of a deleted user. Advantage of enabling it is we can easily recover any user in a few clicks or by script.
How it works
It is just a set of commands to enable the Recyclebin without clicking through Windows settings. The script is easy and can be executed without any issues.
Probable Outcome
Once the script is executed you can check in the ADUC if it is enabled or also you can check the comment what the output shows after the script is executed
Download
You can download the script from below.
AD Object Deletion
AD object can be a computer or a user and this script provides you the ability to delete the user and their machine from the environment. No need to go and delete the user/computer from GUI anymore.
How it works
This script usually uses a switch case so that you can select a correct option between user or computer deletion and deletes the choice and provide an update on the result screen.
Probable Outcome
The user or computer will be deleted from the domain and can be recovered using the scripts which I already have in the AD scripts section.
Download
You can download the script from below.
Create multiple AD Group
Create multiple AD groups in one run. Just provide the details in the CSV and the script will fetch the results and create the required AD groups. One of the handy scripts to be look upon.
How it works
Generally the script will fetch the input from the CSV file and create the required group under defined OU.
Probable Outcome
AD groups will be created without any manual efforts to check. Just provide the required details.
Download
You can download the script from below.
Fetch AD user details to CSV
Fetching AD user details is a monthly process like it is used in Audits. Getting to know the AD user details is something every organization is keen about. This is a simple script to fetch the each details about the users.
How it works
After you run the script the script will fetch each details of the user to a csv file format.
Probable Outcome
You can determine if any cleaning is required by checking the last logon dates and other attributes.
Download
You can download the script from below.
ADuser - Memberof - WhenCreated
This was a question asked by one of the user in powershellgallery where I have created the script and asked him to test and it is a success.
How it works
This script will check the user and the membership it has and also it will fetch the user account creation date.
Probable Outcome
You will be able to get an idea of which group the user is a part of and when the user was created in the domain.
Download
You can download the script from below.
Last Password Set Date
Last password set date can’t be fetched directly from the powershell we need to change the script somewhat. If you try to fetch the last password set it will show a date in 1601 year. So I have created a script to fetch the last password date of given samaccount.
How it works
The script will fetch the user last password set attribute and will modify it to the correct date. The users list can be provided using a txt document.
Probable Outcome
The script will fetch the user last password set attribute and will modify it to the correct date. The users list can be provided using a txt document.
Download
You can download the script from below.
OU Creation Single and bulk
Need to create a OU without any clicks well I have created a script for the same in which you can create a single or create OU’s in bulk.
How it works
OU creation is a single command in Powershell but bulk creation requires an input which can be provided by a CSV or a text file and same is done in this script.
Probable Outcome
If you do it correctly then you will be able to see the OU’s created in dsa.msc.
Download
You can download the script from below.
AD User deletion Single and bulk
Need to delete an user without any clicks well I have created a script for the same in which you can delete a single or delete users in bulk.
How it works
User deletion is a single command in Powershell but bulk delete requires an input which can be provided by a CSV or a text file and same is done in this script.
Probable Outcome
If you do it correctly then you won’t be able to see the users that are deleted in dsa.msc.
Download
You can download the script from below.
AD Replication Status
Want to know the replication status of the AD’s in your domain this is the most suitable script for that. It provides the replication status and if there is any error then it shows the same.
How it works
It is similar to repadmin/replsum gives the same result in html format.
Probable Outcome
You can schedule this script to run in hourly basis if your domain replication is inconsistent so that you can check and troubleshoot.
Download
You can download the script from below.
Stale Object Report
Want to know the lingering objects that are still present in your domain then it is a fine script that fetches it and helps you to create the objects completely. This is the most interesting script in the Active Directory Powershell scripts category.
How it works
It will fetch the lingering objects that are not currently being used for a provided span of time.
Probable Outcome
You can delete the stale objects if it fits your search criteria.
Download
You can download the script from below.
Add or Remove multiple user from multiple groups
Want to know the lingering objects that are still present in your domain then it is a fine script which fetches it and help you to create the objects completely.
How it works
It uses csv file to read your input and execute it in your environment, it is a specially designed script that runs and do your work smartly.
Probable Outcome
After the script runs the probable outcome will be the user will be deleted or added to the required security group. In case you have doubt reach directly to me via facebook or gmail both are mentioned in the footer.
Download
You can download the script from below.
Get NTP source from multiple servers
While we encounter time sync related issue it is sometime better to check the source from where the server is taken time. This is a general exercise a system admin needs to do. Hence adding a script for the same.
How it works
It reads the input of the server list and tries to fetch the NTP source from the provided list.
Probable Outcome
It reads the input of the server list and tries to fetch the NTP source from the provided list.
Download
You can download the script from below.
Compare AD Groups
Sometimes it becomes hectic when you need to actually compare 2 AD groups and find the one missing in that due to multiple users are added to certain groups. I have created a simple script in order to save time, hence sharing it with you.
How it works
The script will compare the 2 groups provided and will display what is missing between the 2 groups. If the value shows “==” it means the user is there in both groups, if it shows “=>” or “<=” then some users are missing from either of the groups.
Probable Outcome
You will get to know which user is missing or which security group is missing using the script.
Download
You can download the script from below.
Mirror AD Groups
Ever thought of adding similar users to different groups so that they are mirror to each other, well it ca be achieved using Powershell very easily and can save lot of our valuable time.
How it works
The script will fetch the users list from both provided AD groups and if the reference AD group’s member is missing in the target AD group then the user will be added to the target group.
Probable Outcome
Both reference and target AD groups will have the same members.
Download
You can download the script from below.
