15+ Best Active Directory Powershell Scripts

I have comprised some of the best Active directory Powershell scripts below which will surely save your time and work. Managing the domain is the work of Active Directory and understanding each and every content is must. Active Directory comprises of users, groups it can be checked in Active directory users and computers (ADUC). Creating user in a domain or retaining the user in the domain is the job of windows administrator.

While I have worked for so many years , I came across many challenges as a windows administrator it is sometimes not easy to create a set of users or groups within your domain. It requires to be automated so that it saves time. Incase you like this category there are other categories as well to be explored.  There is DNS powershell script, DHCP powershell scripts and my own powershell repository.

Useful Powershell commands for Active Directory

Get All the AD User in the domain

				
					Get-aduser -properties * -filter *
				
			

Import  Active Directory Module

				
					Import-module activedirectory
				
			

Get All the Computers from the domain

				
					Get-adcomputer -properties * -filter *
				
			

Disable AD User by SAM account Name

				
					Disable-ADaccount -identity "Name"
				
			

Export Data to CSV Format

				
					Get-adcomputer -properties * -filter * |export-csv "give path"
				
			

Get AD Groups SAM account Name

				
					Get-ADgroup -identity "provide group name"
				
			

Select specific Attribute of User 

				
					Get-aduser -properties * -filter *
				
			

Get Domain information

				
					Get-ADdomain
				
			

Install Active Directory Role

				
					Install-windowsfeature AD-Domain-Services
				
			

Get Domain controllers list

				
					Get-ADDomainController 
				
			

AD User Recovery

Recover deleted user from Domain controller. We face many issues while AD cleanup we sometimes delete AD users ad it created a havoc among us. Providing the solution for the necessity here it goes.

How it works

Recover deleted user from Domain controller. We face many issues while AD cleanup we sometimes delete AD users ad it created havoc among us. Providing the solution for the necessity here it goes in Active Directory Powershell Scripts.

Probable outcome

After you run this script do a search for the user in dsa.msc and it should be back without any info loss. This script is very handy and I wish to have it rather than doing with GUI.

Download

You can download the script from below.

Adding server into Domain

It is a huge task when it comes to add a server to the domain, change IP, and that sometimes becomes frustrating so why not automate it. The script works spotlessly without any hiccups. This is a great one in the active directory Powershell scripts category.

How it works

Usually the script ask to provide the domain controller IP which is the foremost requirement when you add the server to domain. After that it generally ask to provide the domain name it is something like xyz.com, anything and reboots the server without permission as wo require the permission when you ought to restart the server or system anyways.

Probable outcome

After you run this script first thing first login to the system with domain credentials to test whether you are able to login or not or else there might be some issue we need to check. If you face any issue let me know so that I can show you the demo.

Download

You can download the script from below.

Are you tired of searching for and hiring copywriters who charge exorbitant fees? If you answered yes, then copywriting software might be a good fit for you! The importance of content in any business cannot be overstated. Why not you, if smart marketers are already using AI tools to generate profitable results?

https://aa0b4yp8jbhjmt2c19r9z2lff6.hop.clickbank.net/

CopyBlocks AI allows you to create highly engaging marketing copy and sell it to your clients for a large profit! CopyBlocks AI acts as a professional copywriter for you and your clients without you having to write a single word. Excited? Get Started With Copy Blocks Right Now and Get a 30-Day Money-Back Guarantee!

FSMO Role Transfer

It is a huge task when it comes to add a server to the domain, change IP this, and that sometimes becomes frustrating so why not automate it. The scripts work spotlessly without any hiccups and meant to be best in Active directory PowerShell scripts.

How it works

Usually the scripts ask to provide the preference from 1-6, which role you want to send to the other DC. Likewise if we do with GUI it is a huge task, so it is very easy in powershell. In this scripts if the transfer is successful you will get a prompt if the role is successfully transfered.

Probable Outcome

After you run this script you will be able to transfer the roles from one DC to another ad you can check as well. FSMO roles is a very important hence do it very carefully.

Download

You can download the script via the highlighted link.

Disabling Inactive users in AD

Disabling AD user is a monthly activity and can be hard if you perform it via GUI if there are may users. I bring you a script in which you can disable bulk users via Powershell.

How it works

The script will ask for the user identity for which you want to disable and similarly for bulk provide a sheet of user and it will identify using the Sam account. Looks easy right with powershell, yes it is very easy.

Probable Outcome

After you run this script you will be able to transfer the roles from one DC to another ad you can check as well. FSMO roles is a very important hence do it very carefully.

Download

You can download the script from below.

Inactive user Report

While you are auditing there will be ask to provide user list who are not using their system or are not logging in for some certain period of time, well this script does the same and makes it easier.

How it works

The script fetches the report who has not logged in to the system for a certain amount of time say 90 days and send a mail to us. Make sure you have the correct SMTP defined so that you will receive mail.

Probable Outcome

The script will show you the results of the inactive users who hasn’t logged in for the provided span of time.

Download

You can download the script from below.

Fetch AD Computer Details to CSV

While you are auditing there will be ask to provide user list who are not using their system or are not logging in for some certain period of time, well this script does the same and makes it easier.

How it works

The script fetches the list of computers in the environment and export it to a csv.

Probable Outcome

We can get a csv file with the list of computers.

Download

You can download the script from below.

Enable AD Recylcebin

Enabling a recyclebin of your AD is a must when you don’t want to lose the info of a deleted user. Advantage of enabling it is we can easily recover any user in a few clicks or by script.

How it works

It is just a set of commands to enable the Recyclebin without clicking through Windows settings. The script is easy and can be executed without any issues.

Probable Outcome

Once the script is executed you can check in the ADUC if it is enabled or also you can check the comment what the output shows after the script is executed

Download

You can download the script from below.

AD Object Deletion

AD object can be a computer or a user and this script provides you the ability to delete the user and their machine from the environment. No need to go and delete the user/computer from GUI anymore.

How it works

This script usually uses a switch case so that you can select a correct option between user or computer deletion and deletes the choice and provide an update on the result screen.

Probable Outcome

The user or computer will be deleted from the domain and can be recovered using the scripts which I already have in the AD scripts section.

Download

You can download the script from below.

Create multiple AD Group

Create multiple AD groups in one run. Just provide the details in the CSV and the script will fetch the results and create the required AD groups. One of the handy scripts to be look upon.

How it works

Generally the script will fetch the input from the CSV file and create the required group under defined OU.

Probable Outcome

AD groups will be created without any manual efforts to check. Just provide the required details.

Download

You can download the script from below.

Fetch AD user details to CSV

Fetching AD user details is a monthly process like it is used in Audits. Getting to know the AD user details is something every organization is keen about. This is a simple script to fetch the each details about the users.

How it works

After you run the script the script will fetch each details of the user to a csv file format.

Probable Outcome

You can determine if any cleaning is required by checking the last logon dates and other attributes.

Download

You can download the script from below.

ADuser - Memberof - WhenCreated

This was a question asked by one of the user in powershellgallery where I have created the script and asked him to test and it is a success.

How it works

This script will check the user and the membership it has and also it will fetch the user account creation date.

Probable Outcome

You will be able to get an idea of which group the user is a part of and when the user was created in the domain.

Download

You can download the script from below.

Last Password Set Date

Last password set date can’t be fetched directly from the powershell we need to change the script somewhat. If you try to fetch the last password set it will show a date in 1601 year. So I have created a script to fetch the last password date of given samaccount.

How it works

The script will fetch the user last password set attribute and will modify it to the correct date. The users list can be provided using a txt document.

Probable Outcome

The script will fetch the user last password set attribute and will modify it to the correct date. The users list can be provided using a txt document.

Download

You can download the script from below.

OU Creation Single and bulk

Need to create a OU without any clicks well I have created a script for the same in which you can create a single or create OU’s in bulk.

How it works

OU creation is a single command in Powershell but bulk creation requires an input which can be provided by a CSV or a text file and same is done in this script.

Probable Outcome

If you do it correctly then you will be able to see the OU’s created in dsa.msc.

Download

You can download the script from below.

AD User deletion Single and bulk

Need to delete an user without any clicks well I have created a script for the same in which you can delete a single or delete users in bulk.

How it works

User deletion is a single command in Powershell but bulk delete requires an input which can be provided by a CSV or a text file and same is done in this script.

Probable Outcome

If you do it correctly then you won’t be able to see the users that are deleted in dsa.msc.

Download

You can download the script from below.

AD Replication Status

Want to know the replication status of the AD’s in your domain this is the most suitable script for that. It provides the replication status and if there is any error then it shows the same.

How it works

It is similar to repadmin/replsum gives the same result in html format.

Probable Outcome

You can schedule this script to run in hourly basis if your domain replication is inconsistent so that you can check and troubleshoot.

Download

You can download the script from below.

Stale Object Report

Want to know the lingering objects that are still present in your domain then it is a fine script that fetches it and helps you to create the objects completely. This is the most interesting script in the Active Directory Powershell scripts category.

How it works

It will fetch the lingering objects that are not currently being used for a provided span of time.

Probable Outcome

You can delete the stale objects if it fits your search criteria.

Download

You can download the script from below.

Add or Remove multiple user from multiple groups

Want to know the lingering objects that are still present in your domain then it is a fine script which fetches it and help you to create the objects completely.

How it works

It uses csv file to read your input and execute it in your environment, it is a specially designed script that runs and do your work smartly.

Probable Outcome

After the script runs the probable outcome will be the user will be deleted or added to the required security group. In case you have doubt reach directly to me via facebook or gmail both are mentioned in the footer.

Download

You can download the script from below.

Get NTP source from multiple servers

While we encounter time sync related issue it is sometime better to check the source from where the server is taken time. This is a general exercise a system admin needs to do. Hence adding a script for the same.

How it works

It reads the input of the server list and tries to fetch the NTP source from the provided list.

Probable Outcome

It reads the input of the server list and tries to fetch the NTP source from the provided list.

Download

You can download the script from below.

Compare AD Groups

Sometimes it becomes hectic when you need to actually compare 2 AD groups and find the one missing in that due to multiple users are added to certain groups. I have created a simple script in order to save time, hence sharing it with you.

How it works

The script will compare the 2 groups provided and will display what is missing between the 2 groups. If the value shows “==” it means the user is there in both groups, if it shows “=>” or “<=” then some users are missing from either of the groups.

Probable Outcome

You will get to know which user is missing or which security group is missing using the script.

Download

You can download the script from below.

Mirror AD Groups

Ever thought of adding similar users to different groups so that they are mirror to each other, well it ca be achieved using Powershell very easily and can save lot of our valuable time.

How it works

The script will fetch the users list from both provided AD groups and if the reference AD group’s member is missing in the target AD group then the user will be added to the target group.

Probable Outcome

Both reference and target AD groups will have the same members.

Download

You can download the script from below.

Related Posts

Please disable your adblocker or whitelist this site!