Konstantin Vlasenko

An engineer is someone who can make for a dollar what any fool could make for two. – Alan Kay

Windows 2008 (R2) AD Cmdlets in #PowerShell

Cmdlet Description
Add-ADComputerServiceAccount Adds one or more service accounts to an Active Directory computer.
Add-ADDomainControllerPasswordReplicationPolicy Adds users, computers, and groups to the Allowed List or the Denied List of the read-only domain controller (RODC) Password Replication Policy (PRP).
Add-ADFineGrainedPasswordPolicySubject Applies a fine-grained password policy to one more users and groups.
Add-ADGroupMember Adds one or more members to an Active Directory group.
Add-ADPrincipalGroupMembership Adds a member to one or more Active Directory groups.
Clear-ADAccountExpiration Clears the expiration date for an Active Directory account.
Disable-ADAccount Disables an Active Directory account.
Disable-ADOptionalFeature Disables an Active Directory optional feature.
Enable-ADAccount Enables an Active Directory account.
Enable-ADOptionalFeature Enables an Active Directory optional feature.
Get-ADAccountAuthorizationGroup Gets the Active Directory security groups that contain an account.
Get-ADAccountResultantPasswordReplicationPolicy Gets the resultant password replication policy for an Active Directory account.
Get-ADComputer Gets one or more Active Directory computers.
Get-ADComputerServiceAccount Gets the service accounts that are hosted by an Active Directory computer.
Get-ADDefaultDomainPasswordPolicy Gets the default password policy for an Active Directory domain.
Get-ADDomain Gets an Active Directory domain.
Get-ADDomainController Gets one or more Active Directory domain controllers, based on discoverable services criteria, search parameters, or by providing a domain controller identifier, such as the NetBIOS name.
Get-ADDomainControllerPasswordReplicationPolicy Gets the members of the Allowed List or the Denied List of the RODC PRP.
Get-ADDomainControllerPasswordReplicationPolicyUsage Gets the resultant password policy of the specified ADAccount on the specified RODC.
Get-ADFineGrainedPasswordPolicy Gets one or more Active Directory fine-grained password policies.
Get-ADFineGrainedPasswordPolicySubject Gets the users and groups to which a fine-grained password policy is applied.
Get-ADForest Gets an Active Directory forest.
Get-ADGroup Gets one or more Active Directory groups.
Get-ADGroupMember Gets the members of an Active Directory group.
Get-ADObject Gets one or more Active Directory objects.
Get-ADOptionalFeature Gets one or more Active Directory optional features.
Get-ADOrganizationalUnit Gets one or more Active Directory OUs.
Get-ADPrincipalGroupMembership Gets the Active Directory groups that have a specified user, computer, or group.
Get-ADRootDSE Gets the root of a domain controller information tree.
Get-ADServiceAccount Gets one or more Active Directory service accounts.
Get-ADUser Gets one or more Active Directory users.
Get-ADUserResultantPasswordPolicy Gets the resultant password policy for a user.
Install-ADServiceAccount Installs an Active Directory service account on a computer.
Move-ADDirectoryServer Moves a domain controller in AD DS to a new site.
Move-ADDirectoryServerOperationMasterRole Moves operation master (also known as flexible single master operations or FSMO) roles to an Active Directory domain controller.
Move-ADObject Moves an Active Directory object or a container of objects to a different container or domain.
New-ADComputer Creates a new Active Directory computer.
New-ADFineGrainedPasswordPolicy Creates a new Active Directory fine-grained password policy.
New-ADGroup Creates an Active Directory group.
New-ADObject Creates an Active Directory object.
New-ADOrganizationalUnit Creates a new Active Directory OU.
New-ADServiceAccount Creates a new Active Directory service account.
New-ADUser Creates a new Active Directory user.
Remove-ADComputer Removes an Active Directory computer.
Remove-ADComputerServiceAccount Removes one or more service accounts from a computer.
Remove-ADDomainControllerPasswordReplicationPolicy Removes users, computers, and groups from the Allowed List or the Denied List of the RODC PRP.
Remove-ADFineGrainedPasswordPolicy Removes an Active Directory fine-grained password policy.
Remove-ADFineGrainedPasswordPolicySubject Removes one or more users from a fine-grained password policy.
Remove-ADGroup Removes an Active Directory group.
Remove-ADGroupMember Removes one or more members from an Active Directory group.
Remove-ADObject Removes an Active Directory object.
Remove-ADOrganizationalUnit Removes an Active Directory OU.
Remove-ADPrincipalGroupMembership Removes a member from one or more Active Directory groups.
Remove-ADServiceAccount Removes an Active Directory service account.
Remove-ADUser Removes an Active Directory user.
Rename-ADObject Changes the name of an Active Directory object.
Reset-ADServiceAccountPassword Resets the service account password for a computer.
Restore-ADObject Restores an Active Directory object.
Search-ADAccount Gets Active Directory user, computer, and service accounts.
Set-ADAccountControl Modifies user account control (UAC) values for an Active Directory account.
Set-ADAccountExpiration Sets the expiration date for an Active Directory account.
Set-ADAccountPassword Modifies the password of an Active Directory account.
Set-ADComputer Modifies an Active Directory computer.
Set-ADDefaultDomainPasswordPolicy Modifies the default password policy for an Active Directory domain.
Set-ADDomain Modifies an Active Directory domain.
Set-ADDomainMode Sets the domain functional level for an Active Directory domain.
Set-ADFineGrainedPasswordPolicy Modifies an Active Directory fine-grained password policy.
Set-ADForest Modifies an Active Directory forest.
Set-ADForestMode Sets the forest mode for an Active Directory forest.
Set-ADGroup Modifies an Active Directory group.
Set-ADObject Modifies an Active Directory object.
Set-ADOrganizationalUnit Modifies an Active Directory OU.
Set-ADServiceAccount Modifies an Active Directory service account.
Set-ADUser Modifies an Active Directory user.
Uninstall-ADServiceAccount Uninstalls an Active Directory service account from a computer.
Unlock-ADAccount Unlocks an Active Directory account.



3 responses to “Windows 2008 (R2) AD Cmdlets in #PowerShell

  1. Liz Bever June 16, 2010 at 23:29

    What template do you use in your weblog ? Seems to be cool:)

  2. Matthew Kriner November 21, 2010 at 05:04

    Thank you for your sensible critique. Me and my neighbor have been just preparing to complete some exploration about this. We obtained a seize a book from our local library but I feel I learned much more from this article. Quite possibly really glad to find out these types of great data currently being shared freely available.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


Get every new post delivered to your Inbox.

%d bloggers like this: