AD Power Shell Commands


Get Distinguished Name Of an User

import-module activedirectory
$u = get-aduser username
$u.DistinguishedName

Get Distinguished Name Of an Computer

import-module activedirectory
$u = get-adcomputer computername
$u.DistinguishedName

Export All Computer Objects to CSV

import-module activedirectory
Get-ADComputer -Filter * -Property * | Select-Object Name,OperatingSystem,OperatingSystemServicePack,OperatingSystemVersion | Export-CSV D:\AllWindows.csv -NoTypeInformation -Encoding UTF8

Export All User Objects to CSV

import-module activedirectory
Get-ADUser -Filter * -Properties sAMAccountName | select sAMAccountName | Export-CSV "C:\AllUsers.csv"

Export All Disabled User Objects to CSV

Import-Module ActiveDirectory
Search-ADAccount –AccountDisabled -UsersOnly | Select -Property Name,DistinguishedName | Export-CSV "C:\\DisabledADUsers.csv" -NoTypeInformation -Encoding UTF8

Export All Inactive Computer Objects to CSV

Import-Module ActiveDirectory
$domain = "ad.kishore.guru"
$DaysInactive = 90
$time = (Get-Date).Adddays(-($DaysInactive))
Get-ADComputer -Filter {LastLogonTimeStamp -lt $time} -Properties LastLogonTimeStamp |
select-object Name,@{Name="Stamp"; Expression={[DateTime]::FromFileTime($_.lastLogonTimestamp)}} | export-csv D:\90_Computer.csv -notypeinformation

Export All OU with Distinguished Name to CSV

Import-Module ActiveDirectory
Get-ADOrganizationalUnit -filter * | select Name,DistinguishedName | Export-csv -path C:\ADOrganizationalUnitsexport.csv -NoTypeInformation

Export All Objects of OU, Users, Groups and Computers with Name, DN, Object class and SID to CSV

Import-Module ActiveDirectory
Get-ADObject -Filter 'Name -like "*"' | Where-Object {$_.ObjectClass -eq "user" -or $_.ObjectClass -eq "computer" -or $_.ObjectClass -eq "group" -or $_.ObjectClass -eq "organizationalUnit"} | Sort-Object ObjectClass | Export-CSV C:\ExportAD.csv -notypeinformation

Move Computers to specific OU from CSV

Import-Module ActiveDirectory
$Destination = "OU=OU NAME,DC=ad,DC=kishore,DC=guru"
Import-Csv -Path c:\ExpiredComputers.csv |
Foreach-Object {
Get-ADComputer $_.computer |
Move-ADObject -TargetPath $destination
}

Search OU Same Name

Import-Module ActiveDirectory
$ous = Get-ADOrganizationalUnit -Filter "Name -eq 'CDROM-Access'"
$ous | ForEach-Object{
Get-ADUser -Filter * -SearchBase $_.DistinguishedName
}

Export Password Expiry Date from specific OU to CSV

Import-Module ActiveDirectory
Get-ADUser -SearchBase " OU=MailIDs,OU=CAMS,DC=ad,DC=camsonline,DC=com "`
-filter {Enabled -eq $True -and PasswordNeverExpires -eq $False} `
–Properties "SamAccountName","msDS-UserPasswordExpiryTimeComputed" |
Select-Object -Property "SamAccountName", @{Name="Password Expiry Date";`
Expression={[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")}} | Export-CSV D:\10Feb2017.csv -NoTypeInformation -Encoding UTF8

Set New Password to specific Users from CSV

Import-Module ActiveDirectory
Import-Csv “c:\Passwordexpirationreport.csv” | Foreach { Set-ADAccountPassword –Identity $_.sAMAccountName –NewPassword (ConvertTo-
SecureString $_.Password –AsPlainText -force) –Reset}

Bulk Hostname Rename from CSV

Import-Module ActiveDirectory
$a = Import-Csv C:\Name.csv -Header OldName, NewName
Foreach ( $Server in $a ) {Rename-Computer -ComputerName $Server.OldName -NewName $Server.NewName
-DomainCredential cams\d_kishorekumar -Force -Restart}