Difference between revisions of "Active Directory (PowerShell)"

Jump to navigation Jump to search

Active Directory (PowerShell) (view source)

Revision as of 21:49, 28 May 2013

548 bytes added ,  21:49, 28 May 2013
→‎Users: Added New-ADUser examples
(→‎Users: Added New-ADUser examples)
Line 26: Line 26:


== Users ==
== Users ==
=== <code>Get-ADUser</code> examples ===
<source lang="powershell">
$users = Get-ADUser -Filter * -SearchBase "DC=domain,DC=com"                          # Get all users in domain.com
$user = Get-ADUser -Filter {SamAccountName -eq "username"}                            # Get user by logon/SAM account name
$user = Get-ADUser -Filter {SamAccountName -eq "username"} -Properties *              # Get all properties for user
$user = Get-ADUser -Filter {{Surname -eq "last" -and GivenName -eq "first"}}          # Get user by first and last names
$users = Get-ADUser -Filter * -SearchBase "OU=London,OU=Users,DC=EU,DC=domain,DC=com"  # Get users in London OU
</source>
To create a CSV export of fields from AD...
<source lang="powershell">
$users = Get-ADUser -Filter * -SearchBase "DC=DOMAIN,DC=COM" -Properties Enabled, CanonicalName, Country, Created, LastLogonDate, mail
$users | Select-Object Name, Enabled, CanonicalName, Country, Created, LastLogonDate, mail | export-csv -Path users.csv
</source>
* '''LastLogonDate''' - Be aware that the last logon date field typically has an accuracy/tolerance of 14 days, AD intentionally doesn't update the field at every logon from the user/device object so as to reduce the amount of data replication between domain controllers
=== AD Fields ===
=== AD Fields ===
Field names don't necessarily match up between the PowerShell module, [[Acronyms#L|LDAP]], and what you see in the Users and Computers MMC GUI, see below for an in-exhaustive list...
Field names don't necessarily match up between the PowerShell module, [[Acronyms#L|LDAP]], and what you see in the Users and Computers MMC GUI, see below for an in-exhaustive list...
Line 67: Line 51:
| AccountPassword || || || If not set, new user account is disabled
| AccountPassword || || || If not set, new user account is disabled
|}
|}
=== <code>Get-ADUser</code> examples ===
<source lang="powershell">
$users = Get-ADUser -Filter * -SearchBase "DC=domain,DC=com"                          # Get all users in domain.com
$user = Get-ADUser -Filter {SamAccountName -eq "username"}                            # Get user by logon/SAM account name
$user = Get-ADUser -Filter {SamAccountName -eq "username"} -Properties *              # Get all properties for user
$user = Get-ADUser -Filter {{Surname -eq "last" -and GivenName -eq "first"}}          # Get user by first and last names
$users = Get-ADUser -Filter * -SearchBase "OU=London,OU=Users,DC=EU,DC=domain,DC=com"  # Get users in London OU
</source>
To create a CSV export of fields from AD...
<source lang="powershell">
$users = Get-ADUser -Filter * -SearchBase "DC=DOMAIN,DC=COM" -Properties Enabled, CanonicalName, Country, Created, LastLogonDate, mail
$users | Select-Object Name, Enabled, CanonicalName, Country, Created, LastLogonDate, mail | export-csv -Path users.csv
</source>
* '''LastLogonDate''' - Be aware that the last logon date field typically has an accuracy/tolerance of 14 days, AD intentionally doesn't update the field at every logon from the user/device object so as to reduce the amount of data replication between domain controllers
=== <code>New-ADUser</code> examples ===
<source lang="powershell">
# Create default new users password
$UsrPwd = ConvertTo-SecureString -String $BssUsrPassword -AsPlainText -Force
# Destination OU for new user
$DstPath = "OU=department,DC=domain,DC=com"
# Create new user
$Usr = New-ADUser -Name $LogonName -GivenName $firstname -Surname $lastname -Description $desc -AccountPassword $UsrPwd -ChangePasswordAtLogon $true -Path $DstPath  -PassThru
# Make user account active
Set-ADUser $Usr -ChangePasswordAtLogon $true -Enabled $true
</code>


== Groups ==
== Groups ==
Retrieved from ‘https://vwiki.co.uk/index.php?title=Special:MobileDiff/2303

Navigation menu