Active Directory PowerShell Command
1. Get-ADUser
This command allows us to get the information from a specific user identity in AD or a collection of users with either an array or the wildcard (*) character to get the information of all the users in Active Directory.
2. Get-ADComputer
This allows us to extract information from a specific computer
account or all the computer accounts in the domain by using the wildcard (*)
character. This cmdlet is especially useful for cleaning up the Active
Directory for stale computer accounts by selecting the LastPasswordReset object
and comparing it to the current date.
3. Get-ADObject
This command allows us to extract information from any Active Directory object, not limiting to just users or computers. The big difference between the other cmdlets and this one is that we can use attributes as filters to search. For example, we can run the following command:
1.Get–ADObject –Filter 'WhenChanged –gt $ChangeDate' –IncludeDeletedObjects
Here we search for all objects that were changed after the date specified in the $ChangeDate variable. This is a very powerful cmdlet because it can extract a lot of useful information with a granular search. We can use Get-ADGroup to extract information from a specific AD Group.
4. Get-ADGroupMember
This
extracts a list of users which are part of a specific AD Group. This cmdlet can
be used with the Get-ADGroup cmdlet after a pipeline. For example:
1. Get–ADGroup SomeGroup | Get–ADGroupMember
No comments:
Post a Comment