Active Directory (PowerShell): Difference between revisions
Jump to navigation
Jump to search
m (→Get-ADGroups examples: Typo fix) |
(→Users: Added New-ADUser examples) |
||
Line 26: | Line 26: | ||
== Users == | == Users == | ||
=== AD Fields === | === AD Fields === | ||
Field names don't necessarily match up between the PowerShell module, [[Acronyms#L|LDAP]], and what you see in the Users and Computers MMC GUI, see below for an in-exhaustive list... | Field names don't necessarily match up between the PowerShell module, [[Acronyms#L|LDAP]], and what you see in the Users and Computers MMC GUI, see below for an in-exhaustive list... | ||
Line 67: | Line 51: | ||
| AccountPassword || || || If not set, new user account is disabled | | AccountPassword || || || If not set, new user account is disabled | ||
|} | |} | ||
=== <code>Get-ADUser</code> examples === | |||
<source lang="powershell"> | |||
$users = Get-ADUser -Filter * -SearchBase "DC=domain,DC=com" # Get all users in domain.com | |||
$user = Get-ADUser -Filter {SamAccountName -eq "username"} # Get user by logon/SAM account name | |||
$user = Get-ADUser -Filter {SamAccountName -eq "username"} -Properties * # Get all properties for user | |||
$user = Get-ADUser -Filter {{Surname -eq "last" -and GivenName -eq "first"}} # Get user by first and last names | |||
$users = Get-ADUser -Filter * -SearchBase "OU=London,OU=Users,DC=EU,DC=domain,DC=com" # Get users in London OU | |||
</source> | |||
To create a CSV export of fields from AD... | |||
<source lang="powershell"> | |||
$users = Get-ADUser -Filter * -SearchBase "DC=DOMAIN,DC=COM" -Properties Enabled, CanonicalName, Country, Created, LastLogonDate, mail | |||
$users | Select-Object Name, Enabled, CanonicalName, Country, Created, LastLogonDate, mail | export-csv -Path users.csv | |||
</source> | |||
* '''LastLogonDate''' - Be aware that the last logon date field typically has an accuracy/tolerance of 14 days, AD intentionally doesn't update the field at every logon from the user/device object so as to reduce the amount of data replication between domain controllers | |||
=== <code>New-ADUser</code> examples === | |||
<source lang="powershell"> | |||
# Create default new users password | |||
$UsrPwd = ConvertTo-SecureString -String $BssUsrPassword -AsPlainText -Force | |||
# Destination OU for new user | |||
$DstPath = "OU=department,DC=domain,DC=com" | |||
# Create new user | |||
$Usr = New-ADUser -Name $LogonName -GivenName $firstname -Surname $lastname -Description $desc -AccountPassword $UsrPwd -ChangePasswordAtLogon $true -Path $DstPath -PassThru | |||
# Make user account active | |||
Set-ADUser $Usr -ChangePasswordAtLogon $true -Enabled $true | |||
</code> | |||
== Groups == | == Groups == |