Active Directory
Handy PowerShell script to add AD group members from one group to another:
Add-ADGroupMember -Identity 'New Group' -Members (Get-ADGroupMember -Identity 'Old Group' -Recursive)
Reset password in powershell
- $pw = Read-Host "password" -AsSecureString
- Set-ADAccountPassword <username> -Reset -NewPassword $pw
Unlock account
- Unlock-ADAccount -Identity <user>
Check account is locked/unlocked
- Get-ADUser -Identity <user> -properties Lockedout | Select Name,LockedOut
Search for adusers using powershell:
Can be used with various options: DistinguishedName, Enabled, GivenName, Name, ObjectClass, Object GUID, SamAccountName, SID, Surname, UserPrincipalName.
- get-aduser -filter "name -eq '<name of user>'"
See all properties for an active directory user account:
- Get-ADuser -identity <user> -properties *
Find login scripts for all users and export to text file:
- Get-ADUser -filter * -properties scriptpath, homedrive, homedirectory | ft Name, scriptpath, homedrive, homedirectory | out-file C:\temp\logonscriptoutput.txt
Setting up Active directory
Handy basic info for configuring an active directory domain:
Before creating the domain ensure that all time and date settings on the server to be the primary domain controller are correct.