Search The Site
Active Directory cmdlets In Powershell
The Active Directory (AD) module can be installed as part of the RSAT feature on a Windows 7/Server 2008 R2 server, or by default, with the AD DS or AD LDS server roles on Windows 2008 R2. Once installed, load the Active Directory module using Import-Module ActiveDirectory or click Start then click Administrative Tools and then click Active Directory Module for Windows PowerShell.
Powershell cmdlets for Active Directory Administration
| Cmdlet | Descriptiion |
|---|---|
Add-ADComputerServiceAccount |
Adds one or more service accounts to an Active Directory computer. |
|
Add-ADDomainControllerPasswordReplicationPolicy |
Adds users, computers, and groups to the Allowed List or the Denied List of the read-only domain controller (RODC) Password Replication Policy (PRP). |
|
Add-ADFineGrainedPasswordPolicySubject |
Applies a fine-grained password policy to one more users and groups. |
|
Add-ADGroupMember |
Adds one or more members to an Active Directory group. |
|
Add-ADPrincipalGroupMembership |
Adds a member to one or more Active Directory groups. |
|
Clear-ADAccountExpiration |
Clears the expiration date for an Active Directory account. |
|
Disable-ADAccount |
Disables an Active Directory account. |
|
Disable-ADOptionalFeature |
Disables an Active Directory optional feature. |
|
Enable-ADAccount |
Enables an Active Directory account. |
|
Enable-ADOptionalFeature |
Enables an Active Directory optional feature. |
|
Get-ADAccountAuthorizationGroup |
Gets the Active Directory security groups that contain an account. |
|
Get-ADAccountResultantPasswordReplicationPolicy |
Gets the resultant password replication policy for an Active Directory account. |
|
Get-ADComputer |
Gets one or more Active Directory computers. |
|
Get-ADComputerServiceAccount |
Gets the service accounts that are hosted by an Active Directory computer. |
|
Get-ADDefaultDomainPasswordPolicy |
Gets the default password policy for an Active Directory domain. |
|
Get-ADDomain |
Gets an Active Directory domain. |
|
Get-ADDomainController |
Gets one or more Active Directory domain controllers, based on discoverable services criteria, search parameters, or by providing a domain controller identifier, such as the NetBIOS name. |
|
Get-ADDomainControllerPasswordReplicationPolicy |
Gets the members of the Allowed List or the Denied List of the RODC PRP. |
|
Get-ADDomainControllerPasswordReplicationPolicyUsage |
Gets the resultant password policy of the specified ADAccount on the specified RODC. |
|
Get-ADFineGrainedPasswordPolicy |
Gets one or more Active Directory fine-grained password policies. |
|
Get-ADFineGrainedPasswordPolicySubject |
Gets the users and groups to which a fine-grained password policy is applied. |
|
Get-ADForest |
Gets an Active Directory forest. |
|
Get-ADGroup |
Gets one or more Active Directory groups. |
|
Get-ADGroupMember |
Gets the members of an Active Directory group. |
|
Get-ADObject |
Gets one or more Active Directory objects. |
|
Get-ADOptionalFeature |
Gets one or more Active Directory optional features. |
|
Get-ADOrganizationalUnit |
Gets one or more Active Directory OUs. |
|
Get-ADPrincipalGroupMembership |
Gets the Active Directory groups that have a specified user, computer, or group. |
|
Get-ADRootDSE |
Gets the root of a domain controller information tree. |
|
Get-ADServiceAccount |
Gets one or more Active Directory service accounts. |
|
Get-ADUser |
Gets one or more Active Directory users. |
|
Get-ADUserResultantPasswordPolicy |
Gets the resultant password policy for a user. |
|
Install-ADServiceAccount |
Installs an Active Directory service account on a computer. |
|
Move-ADDirectoryServer |
Moves a domain controller in AD DS to a new site. |
|
Move-ADDirectoryServerOperationMasterRole |
Moves operation master (also known as flexible single master operations or FSMO) roles to an Active Directory domain controller. |
|
Move-ADObject |
Moves an Active Directory object or a container of objects to a different container or domain. |
|
New-ADComputer |
Creates a new Active Directory computer. |
|
New-ADFineGrainedPasswordPolicy |
Creates a new Active Directory fine-grained password policy. |
|
New-ADGroup |
Creates an Active Directory group. |
|
New-ADObject |
Creates an Active Directory object. |
|
New-ADOrganizationalUnit |
Creates a new Active Directory OU. |
|
New-ADServiceAccount |
Creates a new Active Directory service account. |
|
New-ADUser |
Creates a new Active Directory user. |
|
Remove-ADComputer |
Removes an Active Directory computer. |
|
Remove-ADComputerServiceAccount |
Removes one or more service accounts from a computer. |
|
Remove-ADDomainControllerPasswordReplicationPolicy |
Removes users, computers, and groups from the Allowed List or the Denied List of the RODC PRP. |
|
Remove-ADFineGrainedPasswordPolicy |
Removes an Active Directory fine-grained password policy. |
|
Remove-ADFineGrainedPasswordPolicySubject |
Removes one or more users from a fine-grained password policy. |
|
Remove-ADGroup |
Removes an Active Directory group. |
|
Remove-ADGroupMember |
Removes one or more members from an Active Directory group. |
|
Remove-ADObject |
Removes an Active Directory object. |
|
Remove-ADOrganizationalUnit |
Removes an Active Directory OU. |
|
Remove-ADPrincipalGroupMembership |
Removes a member from one or more Active Directory groups. |
|
Remove-ADServiceAccount |
Removes an Active Directory service account. |
|
Remove-ADUser |
Removes an Active Directory user. |
|
Rename-ADObject |
Changes the name of an Active Directory object. |
|
Reset-ADServiceAccountPassword |
Resets the service account password for a computer. |
|
Restore-ADObject |
Restores an Active Directory object. |
|
Search-ADAccount |
Gets Active Directory user, computer, and service accounts. |
|
Set-ADAccountControl |
Modifies user account control (UAC) values for an Active Directory account. |
|
Set-ADAccountExpiration |
Sets the expiration date for an Active Directory account. |
|
Set-ADAccountPassword |
Modifies the password of an Active Directory account. |
|
Set-ADComputer |
Modifies an Active Directory computer. |
|
Set-ADDefaultDomainPasswordPolicy |
Modifies the default password policy for an Active Directory domain. |
|
Set-ADDomain |
Modifies an Active Directory domain. |
|
Set-ADDomainMode |
Sets the domain functional level for an Active Directory domain. |
|
Set-ADFineGrainedPasswordPolicy |
Modifies an Active Directory fine-grained password policy. |
|
Set-ADForest |
Modifies an Active Directory forest. |
|
Set-ADForestMode |
Sets the forest mode for an Active Directory forest. |
|
Set-ADGroup |
Modifies an Active Directory group. |
|
Set-ADObject |
Modifies an Active Directory object. |
|
Set-ADOrganizationalUnit |
Modifies an Active Directory OU. |
|
Set-ADServiceAccount |
Modifies an Active Directory service account. |
|
Set-ADUser |
Modifies an Active Directory user. |
|
Uninstall-ADServiceAccount |
Uninstalls an Active Directory service account from a computer. |
|
Unlock-ADAccount |
Unlocks an Active Directory account. |
