Just be frank and answer me how many of you have done auditing of the client environment and have provided some related evidence supporting the access. What if I tell you this was very tough in earlier days but now it can be achieved by just few lines with PowerShell. PowerShell has made it very easy to gather the required info of the domain user. We can also find which user is part of which security group and the list goes on and on. I will try to cover as much as I can here with few helpful scripts and commands.
Are you tired of searching for and hiring copywriters who charge exorbitant fees? If you answered yes, then copywriting software might be a good fit for you! The importance of content in any business cannot be overstated. Why not you, if smart marketers are already using AI tools to generate profitable results?
CopyBlocks AI allows you to create highly engaging marketing copy and sell it to your clients for a large profit! CopyBlocks AI acts as a professional copywriter for you and your clients without you having to write a single word. Excited? Get Started With Copy Blocks Right Now and Get a 30-Day Money-Back Guarantee!
Understanding Get-ADuser cmdlet in PowerShell
As the name suggest Get-Aduser is used to get the information of a single user or multiple user in a domain. There are certain parameters we will follow here in the post. Before checking on the parameters let’s first see what is the Syntax for Get-ADuser.
Get-ADUser
[-AuthType <ADAuthType>]
[-Credential <PSCredential>]
-Filter <String>
[-Properties <String[]>]
[-ResultPageSize <Int32>]
[-ResultSetSize <Int32>]
[-SearchBase <String>]
[-SearchScope <ADSearchScope>]
[-Server <String>]
[<CommonParameters>]
Get-ADuser Use case
# Get all the domain user details
This is the classic case where we require each attribute of the user. The below will be the required command to fetch the details and export it to a CSV file.
Get-ADuser -Filter * -properties * |export-csv C:\administrator\desktop\userrepo.csv
# Get the Domain user details from specific OU
Sometimes we might require list of user in a specific region or Organizational Unit in this case we can use -searchbase parameter.
Get-ADUser -Filter * -SearchBase "OU=User,DC=Test,DC=COM"
Note: As we are fetching only Enabled attribute value we won’t be able to get the Names of the user hence we need to add one more attibute just in case we know which user is enabled or disabled in the domain.
Get-ADUser -Filter * -properties * |select "GivenName", "Enabled"
# Get attribute details of a specific Domain User
To get the details of specific Domain user we need to use -identity parameter. Below is the example on how to use it.
Get-ADUser -Identity MathewS -Properties *
Understanding Set-ADuser cmdlet in PowerShell
As the name suggest Set-Aduser is used to modify the information of a single user or multiple user in a domain. There are certain parameters we will follow here in the post. Before checking on the parameters let’s first see what is the Syntax for Set-ADuser, few are mentioned below with parameters.
Set-ADUser
[-WhatIf]
[-Confirm]
[-AccountExpirationDate <DateTime>]
[-Add <Hashtable>]
[-AllowReversiblePasswordEncryption <Boolean>]
[-AuthenticationPolicy <ADAuthenticationPolicy>]
[-EmployeeID <String>]
[-EmployeeNumber <String>]
[-Enabled <Boolean>]
[-Fax <String>]
[-GivenName <String>]
[-HomeDirectory <String>]
[-HomeDrive <String>]
[-HomePage <String>]
[-HomePhone <String>]
[-Identity] <ADUser>
[-Initials <String>]
Set-ADuser Use case
# Change the homepage property of a user
The below command sets the specified user’s homepage property to http://fabrikam.com/employees/ChewDavid and the LogonWorkstations property to ChewDavid-DSKTOP,ChewDavid-LPTOP.
Set-ADUser -Identity ChewDavid -HomePage 'http://fabrikam.com/employees/ChewDavid' -LogonWorkstations 'ChewDavid-DSKTOP,ChewDavid-LPTOP'
Understanding Remove-ADuser cmdlet in PowerShell
As the name suggest Remove-Aduser is used to remove a single user or multiple user in a domain. There are certain parameters we will follow here in the post. Before checking on the parameters let’s first see what is the Syntax for Remove-ADuser, few are mentioned below with parameters.
Remove-ADUser
[-WhatIf]
[-Confirm]
[-AuthType <ADAuthType>]
[-Credential <PSCredential>]
[-Identity] <ADUser>
[-Partition <String>]
[-Server <String>]
[<CommonParameters>]
Remove-ADuser Use case
# Remove a single user from domain
Below is the command to remove a single user using -identity parameter.
Remove-aduser -identity testuser
# Remove multiple users from domain
Click the below link to get the script.
Active Directory Powershell Scripts
# Remove a single user using Distinguished Name
Below is the command to remove a single user using -identity parameter.
Remove-ADUser -Identity "CN=Glen John,OU=UserAccounts,DC=TEST,DC=COM"
Get More Active Directory Related Scripts from below link
Active Directory Powershell Scripts
Conclusion
I hope you have liked the post How to manage Domain Users with Powershell and will implement this whenever it is required. Things you should always remember is to try with one user so that it will be easy for you to make changes. Let me know if you want a blog post on some other script that might amaze you.
We are working continuously to provide you with the better and the best scripts daily. We will publish weekly hence don’t forget to subscribe to our newsletter.
