How to Manage Domain Users with Powershell

Just be frank and answer me how many of you have done auditing of the client environment and have provided some related evidence supporting the access. What if I tell you this was very tough in earlier days but now it can be achieved by just few lines with PowerShell. PowerShell has made it very easy to gather the required info of the domain user. We can also find which user is part of which security group and the list goes on and on. I will try to cover as much as I can here with few helpful scripts and commands.

Promotion

Are you tired of searching for and hiring copywriters who charge exorbitant fees? If you answered yes, then copywriting software might be a good fit for you! The importance of content in any business cannot be overstated. Why not you, if smart marketers are already using AI tools to generate profitable results?

https://aa0b4yp8jbhjmt2c19r9z2lff6.hop.clickbank.net/

CopyBlocks AI allows you to create highly engaging marketing copy and sell it to your clients for a large profit! CopyBlocks AI acts as a professional copywriter for you and your clients without you having to write a single word. Excited? Get Started With Copy Blocks Right Now and Get a 30-Day Money-Back Guarantee!

Understanding Get-ADuser cmdlet in PowerShell

As the name suggest Get-Aduser is used to get the information of a single user or multiple user in a domain. There are certain parameters we will follow here in the post. Before checking on the parameters let’s first see what is the Syntax for Get-ADuser.

				
					Get-ADUser
   [-AuthType <ADAuthType>]
   [-Credential <PSCredential>]
   -Filter <String>
   [-Properties <String[]>]
   [-ResultPageSize <Int32>]
   [-ResultSetSize <Int32>]
   [-SearchBase <String>]
   [-SearchScope <ADSearchScope>]
   [-Server <String>]
   [<CommonParameters>]
				
			

Get-ADuser Use case

# Get all the domain user details

This is the classic case where we require each attribute of the user. The below will be the required command to fetch the details and export it to a CSV file.

				
					Get-ADuser -Filter * -properties * |export-csv C:\administrator\desktop\userrepo.csv
				
			

# Get the Domain user details from specific OU

Sometimes we might require list of user in a specific region or Organizational Unit in this case we can use -searchbase parameter.

				
					Get-ADUser -Filter * -SearchBase "OU=User,DC=Test,DC=COM"
				
			
# Get the specific attribute details of the Domain User We can fetch the Specific or multiple attribute value using Get-ADUser. Below is one of the example where we will fetch the Enabled attribute from all the domain users.

Note: As we are fetching only Enabled attribute value we won’t be able to get the Names of the user hence we need to add one more attibute just in case we know which user is enabled or disabled in the domain.

				
					Get-ADUser -Filter * -properties * |select "GivenName", "Enabled"
				
			

# Get attribute details of a specific Domain User

To get the details of specific Domain user we need to use -identity parameter. Below is the example on how to use it.

				
					Get-ADUser -Identity MathewS -Properties *

				
			

Understanding Set-ADuser cmdlet in PowerShell

As the name suggest Set-Aduser is used to modify the information of a single user or multiple user in a domain. There are certain parameters we will follow here in the post. Before checking on the parameters let’s first see what is the Syntax for Set-ADuser, few are mentioned below with parameters.

				
					Set-ADUser
   [-WhatIf]
   [-Confirm]
   [-AccountExpirationDate <DateTime>]
   [-Add <Hashtable>]
   [-AllowReversiblePasswordEncryption <Boolean>]
   [-AuthenticationPolicy <ADAuthenticationPolicy>]
   [-EmployeeID <String>]
   [-EmployeeNumber <String>]
   [-Enabled <Boolean>]
   [-Fax <String>]
   [-GivenName <String>]
   [-HomeDirectory <String>]
   [-HomeDrive <String>]
   [-HomePage <String>]
   [-HomePhone <String>]
   [-Identity] <ADUser>
   [-Initials <String>]
				
			

Set-ADuser Use case

# Change the homepage property of a user

The below command sets the specified user’s homepage property to http://fabrikam.com/employees/ChewDavid and the LogonWorkstations property to ChewDavid-DSKTOP,ChewDavid-LPTOP.

				
					Set-ADUser -Identity ChewDavid -HomePage 'http://fabrikam.com/employees/ChewDavid' -LogonWorkstations 'ChewDavid-DSKTOP,ChewDavid-LPTOP'
				
			

Understanding Remove-ADuser cmdlet in PowerShell

As the name suggest Remove-Aduser is used to remove a single user or multiple user in a domain. There are certain parameters we will follow here in the post. Before checking on the parameters let’s first see what is the Syntax for Remove-ADuser, few are mentioned below with parameters.

				
					Remove-ADUser
      [-WhatIf]
      [-Confirm]
      [-AuthType <ADAuthType>]
      [-Credential <PSCredential>]
      [-Identity] <ADUser>
      [-Partition <String>]
      [-Server <String>]
      [<CommonParameters>]
				
			

Remove-ADuser Use case

# Remove a single user from domain

Below is the command to remove a single user using -identity parameter.

				
					Remove-aduser -identity testuser
				
			

# Remove multiple users from domain

Click the below link to get the script.

15+ Best Active Directory Powershell Scripts

# Remove a single user using Distinguished Name

Below is the command to remove a single user using -identity parameter.

				
					Remove-ADUser -Identity "CN=Glen John,OU=UserAccounts,DC=TEST,DC=COM"
				
			

Get More Active Directory Related Scripts from below link 

15+ Best Active Directory Powershell Scripts

Conclusion

I hope you have liked the post How to manage Domain Users with Powershell and will implement this whenever it is required. Things you should always remember is to try with one user so that it will be easy for you to make changes. Let me know if you want a blog post on some other script that might amaze you.

We are working continuously to provide you with the better and the best scripts daily. We will publish weekly hence don’t forget to subscribe to our newsletter. 

Related Posts

Leave a Reply

Please disable your adblocker or whitelist this site!