Search The Site

Active Directory cmdlets In Powershell

The Active Directory (AD) module can be installed as part of the RSAT feature on a Windows 7/Server 2008 R2 server, or by default, with the AD DS or AD LDS server roles on Windows 2008 R2. Once installed, load the Active Directory module using Import-Module ActiveDirectory or click Start then click Administrative Tools and then click Active Directory Module for Windows PowerShell.

Powershell cmdlets for Active Directory Administration

Cmdlet Descriptiion

Add-ADComputerServiceAccount

Adds one or more service accounts to an Active Directory computer.

Add-ADDomainControllerPasswordReplicationPolicy

Adds users, computers, and groups to the Allowed List or the Denied List of the read-only domain controller (RODC) Password Replication Policy (PRP).

Add-ADFineGrainedPasswordPolicySubject

Applies a fine-grained password policy to one more users and groups.

Add-ADGroupMember

Adds one or more members to an Active Directory group.

Add-ADPrincipalGroupMembership

Adds a member to one or more Active Directory groups.

Clear-ADAccountExpiration

Clears the expiration date for an Active Directory account.

Disable-ADAccount

Disables an Active Directory account.

Disable-ADOptionalFeature

Disables an Active Directory optional feature.

Enable-ADAccount

Enables an Active Directory account.

Enable-ADOptionalFeature

Enables an Active Directory optional feature.

Get-ADAccountAuthorizationGroup

Gets the Active Directory security groups that contain an account.

Get-ADAccountResultantPasswordReplicationPolicy

Gets the resultant password replication policy for an Active Directory account.

Get-ADComputer

Gets one or more Active Directory computers.

Get-ADComputerServiceAccount

Gets the service accounts that are hosted by an Active Directory computer.

Get-ADDefaultDomainPasswordPolicy

Gets the default password policy for an Active Directory domain.

Get-ADDomain

Gets an Active Directory domain.

Get-ADDomainController

Gets one or more Active Directory domain controllers, based on discoverable services criteria, search parameters, or by providing a domain controller identifier, such as the NetBIOS name.

Get-ADDomainControllerPasswordReplicationPolicy

Gets the members of the Allowed List or the Denied List of the RODC PRP.

Get-ADDomainControllerPasswordReplicationPolicyUsage

Gets the resultant password policy of the specified ADAccount on the specified RODC.

Get-ADFineGrainedPasswordPolicy

Gets one or more Active Directory fine-grained password policies.

Get-ADFineGrainedPasswordPolicySubject

Gets the users and groups to which a fine-grained password policy is applied.

Get-ADForest

Gets an Active Directory forest.

Get-ADGroup

Gets one or more Active Directory groups.

Get-ADGroupMember

Gets the members of an Active Directory group.

Get-ADObject

Gets one or more Active Directory objects.

Get-ADOptionalFeature

Gets one or more Active Directory optional features.

Get-ADOrganizationalUnit

Gets one or more Active Directory OUs.

Get-ADPrincipalGroupMembership

Gets the Active Directory groups that have a specified user, computer, or group.

Get-ADRootDSE

Gets the root of a domain controller information tree.

Get-ADServiceAccount

Gets one or more Active Directory service accounts.

Get-ADUser

Gets one or more Active Directory users.

Get-ADUserResultantPasswordPolicy

Gets the resultant password policy for a user.

Install-ADServiceAccount

Installs an Active Directory service account on a computer.

Move-ADDirectoryServer

Moves a domain controller in AD DS to a new site.

Move-ADDirectoryServerOperationMasterRole

Moves operation master (also known as flexible single master operations or FSMO) roles to an Active Directory domain controller.

Move-ADObject

Moves an Active Directory object or a container of objects to a different container or domain.

New-ADComputer

Creates a new Active Directory computer.

New-ADFineGrainedPasswordPolicy

Creates a new Active Directory fine-grained password policy.

New-ADGroup

Creates an Active Directory group.

New-ADObject

Creates an Active Directory object.

New-ADOrganizationalUnit

Creates a new Active Directory OU.

New-ADServiceAccount

Creates a new Active Directory service account.

New-ADUser

Creates a new Active Directory user.

Remove-ADComputer

Removes an Active Directory computer.

Remove-ADComputerServiceAccount

Removes one or more service accounts from a computer.

Remove-ADDomainControllerPasswordReplicationPolicy

Removes users, computers, and groups from the Allowed List or the Denied List of the RODC PRP.

Remove-ADFineGrainedPasswordPolicy

Removes an Active Directory fine-grained password policy.

Remove-ADFineGrainedPasswordPolicySubject

Removes one or more users from a fine-grained password policy.

Remove-ADGroup

Removes an Active Directory group.

Remove-ADGroupMember

Removes one or more members from an Active Directory group.

Remove-ADObject

Removes an Active Directory object.

Remove-ADOrganizationalUnit

Removes an Active Directory OU.

Remove-ADPrincipalGroupMembership

Removes a member from one or more Active Directory groups.

Remove-ADServiceAccount

Removes an Active Directory service account.

Remove-ADUser

Removes an Active Directory user.

Rename-ADObject

Changes the name of an Active Directory object.

Reset-ADServiceAccountPassword

Resets the service account password for a computer.

Restore-ADObject

Restores an Active Directory object.

Search-ADAccount

Gets Active Directory user, computer, and service accounts.

Set-ADAccountControl

Modifies user account control (UAC) values for an Active Directory account.

Set-ADAccountExpiration

Sets the expiration date for an Active Directory account.

Set-ADAccountPassword

Modifies the password of an Active Directory account.

Set-ADComputer

Modifies an Active Directory computer.

Set-ADDefaultDomainPasswordPolicy

Modifies the default password policy for an Active Directory domain.

Set-ADDomain

Modifies an Active Directory domain.

Set-ADDomainMode

Sets the domain functional level for an Active Directory domain.

Set-ADFineGrainedPasswordPolicy

Modifies an Active Directory fine-grained password policy.

Set-ADForest

Modifies an Active Directory forest.

Set-ADForestMode

Sets the forest mode for an Active Directory forest.

Set-ADGroup

Modifies an Active Directory group.

Set-ADObject

Modifies an Active Directory object.

Set-ADOrganizationalUnit

Modifies an Active Directory OU.

Set-ADServiceAccount

Modifies an Active Directory service account.

Set-ADUser

Modifies an Active Directory user.

Uninstall-ADServiceAccount

Uninstalls an Active Directory service account from a computer.

Unlock-ADAccount

Unlocks an Active Directory account.

tr bgcolor=/td