Active Directory Powershell

August 04, 2017 0 Comments powershell, active-directory, windows

Using this page to keep track of all the useful powershell "mini-scripts" I've used:

Copy users from one security group to another security group

Add-ADGroupMember -Identity destination-group-name -Members (Get-ADGroupMember -Identity source-group-name -Recursive)

Add enabled users from an OU to a security group

Get-ADUser -SearchBase 'OU=Your-OU,DC=corp,DC=company,DC=com' -Filter {Enabled -eq $true} | ForEach-Object {Add-ADGroupMember -Identity 'your-group-name' -Members $_ }

Add users from a CSV file to a security group (username column is called "name")

import-csv c:\users.csv | Foreach-Object {add-adgroupmember -Identity your-group-name -Members $}

Update user objects with organization attributes from a CSV file

import-csv c:\users.csv | Foreach-Object {Set-ADUser -Identity $ -Department $_.department -Title $_.title -Manager $_.manager}

Create security-groups from a CSV file (group-name column is called "name")

import-csv c:\groups.csv | Foreach-Object {new-adgroup -name $ -GroupCategory security -GroupScope global -Path "ou=Your-OU,dc=corp,dc=company,dc=com"}

Export list of all enabled users in an OU

Get-ADUser -SearchBase 'OU=Your-OU,DC=corp,DC=aofl,DC=com' -Filter {Enabled -eq $true} -Property * | Select -Property Name,SamAccountName,UserPrincipalName,mail,Title,Manager,Department | export-csv 'c:\users.csv' -notype

Export list of all enabled users in an security group

Get-ADGroupMember -Identity your-group-name | ? ObjectClass -eq "User" | Get-ADUser | ? Enabled | Select Name | out-file C:\group_membership.txt