Hi there!
I would like to show some commands which are useful for me and may will be helpful for someone else…
There are a few types of command in PowerShell: Get-, Set-, New-, Remove, Enable-, Disable- and some more. I’ll show some simple commands.
So, for the first you must install the packet ActiveRoles Management Shell for Active Directory.
Start PowerShell and type:
ImportSystemModules
After that you can start to work with PowerShell AD and Exchange commandlets.
Get- commands
Get information about user:
Will show Name, Type and DN:
Get-QADUser john.pocker
You can search all users with name John:
Get-QADUser *john*
Will show all information about user at the list format:
Get-QADUser john.pocker | Format-List
From that information you can take fields you need and make selection:
Get-QADUser john.pocker | Select-Object sAMAccountName,name,mail,whenCreated,LastLogonTimestamp,Company,City,Description
Or you can select all parameters ‘Name’:
Get-QADUser john.pocker | Select-Object *name*
If you need to get information about all users from OU, you can set your OU for searching. It is possible to search only enabled/disabled/locked accounts. Also you can sort objects by some parameter and then export to CSV file:
Get-QADUser -SearchRoot company.internal/Main/Users -Enabled | Select-Object sAMAccountName,name,mail,whenCreated,LastLogonTimestamp,Company,City,Description | Sort-Object -property sAMAccountName | Export-Csv D:\PowerShell\ad_users.csv
Get information about group:
Select all members of group and sort by name:
Get-QADGroupMember info@example.com | Sort-Object Name Get-QADGroupMember Police | Sort-Object Name
Show all group member of which is user:
Get-QADMemberOf john.pocker | Sort-Object name
You can also select objects you need and export to CSV.
Disable, Enable and Unlock accounts
Disable-ADAccount john.pocker Enable-ADAccount john.pocker Unlock-ADAccount john.pocker
New- commands
Add new computer:
New-QADComputer –Name Comp001 -SamAccountName Comp001$ -ParentContainer 'OU=Users,OU=main,DC=company,DC=internal' # For computers parameter SamAccountName must have symbol $ at the end
Remove- commands
Remove user from group:
Remove-QADGroupMember info@example.com -Member john.pocker
Set- commands
For example you need to set City and Company for our user:
Set-ADuser -Identity john.pocker -Company Microsoft -City London
Export and Import
In my opinion the most interesting functions of PowerShell are Export and Import. When you need to get a list of people with some parameters or you need to change City or Company name for big list of users you can use this functions.
Export is not complex and I showed it earlier. To your Get- command you should add
| Export-Csv D:\PowerShell\ad_users.csv
and you will receive result of your command in csv file.
For example you have got list of users with their City, Company name and Description. You can open this csv file in MS Excel or OpenOffice, add/change information what you need and save file. I recommend you after that open your file in Notepad and check it. It must have the following form:
SamAccountName;Company;City;Description john.pocker;Microsoft;London;Description1 william.shakespeare;Apple;Moscow;Description2
By default Import commandelet uses delimiter “,” but Excel set delimiter “;”. You can change it in notepad, but more simple is to set other delimiter:
Import-CSV -Delimiter ";" -Path "D:\PowerShell\ad_users.csv" | ForEach-Object -process {Set-ADuser -Identity $_.sAMAccountName -Company $_.Company -City $_.City -Description $_.Description}
The same operations it is possible make for groups and other objects:
Import-CSV -Delimiter ";" -Path "D:\PowerShell\ad_groups.csv" | ForEach-Object -process {Set-QADGroup -Identity $_.sAMAccountName -Description $_.Description}
Import-CSV -Delimiter ";" -Path "D:\PowerShell\ad_comps.csv" | ForEach-Object -process {New-QADComputer –Name $_.ComputerName -SamAccountName $_.SamAccountName -ParentContainer 'OU=Comps,OU=main,DC=Company,DC=internal'}
# For computers parameter SamAccountName must have symbol $ at the end
This commands I use a lot of time. If you have any questions please ask, I’ll be glad to help you 🙂
