Active Directory module PowerShell cmdlets

The Active Directory (AD) module may be installed as part of the RSAT feature on a Windows 7 / 2008 R2 server (or by default, with the AD DS or AD LDS server roles.) Once installed, load the Active Directory module with Import-Module ActiveDirectory or click Start, Administrative Tools, Active Directory Module for Windows PowerShell.

 Disable-adAccount   Disable an Active Directory account.
  Enable-adAccount   Enable an Active Directory account.
  Search-adAccount   Get AD user, computer, and service accounts.
  Unlock-adAccount   Unlock an AD account.
     Get-adAccountAuthorizationGroup Get the groups in which an account is a direct or indirect member.
     Set-adAccountControl     Modify user account control (UAC) values for an AD account.
   Clear-adAccountExpiration  Clear the expiration date for an AD account.
     Set-adAccountExpiration  Set the expiration date for an AD account.
     Set-adAccountPassword    Modify the password of an AD account.
     Get-adAccountResultantPasswordReplicationPolicy Resultant password replication policy for an AD account.
c
     Get-adComputer   Get one or more AD computers.
     New-adComputer   Create a new AD computer.
  Remove-adComputer   Remove an AD computer.
     Set-adComputer   Modify an AD computer.
     Add-adComputerServiceAccount  Add one or more service accounts to an AD computer.
     Get-adComputerServiceAccount  Get the service accounts that are hosted by an AD computer.
  Remove-adComputerServiceAccount  Remove one or more service accounts from a computer.
d
     Get-adDefaultDomainPasswordPolicy  Get the default password policy for an AD domain.
     Set-adDefaultDomainPasswordPolicy  Modify the default password policy for an AD domain.
    Move-adDirectoryServer                    Move a domain controller in AD DS to a new site.
    Move-adDirectoryServerOperationMasterRole Move the operation master (FSMO) roles to an AD domain controller.
     Get-adDomain     Get an AD domain.
     Set-adDomain     Modify an AD domain.
     Get-adDomainController   Get one or more AD domain controllers.
     Add-adDomainControllerPasswordReplicationPolicy
                   Add users, computers, and groups to the Allowed List or the Denied List
                   of the read-only domain controller (RODC) Password Replication Policy (PRP).
     Get-adDomainControllerPasswordReplicationPolicy   RODC PRP Allowed/Denied List.
  Remove-adDomainControllerPasswordReplicationPolicy   RODC PRP Allowed/Denied List.
     Get-adDomainControllerPasswordReplicationPolicyUsage Get the resultant password policy of the specified
                                                          AD Account on the specified RODC.
     Set-adDomainMode Set the domain functional level for an AD domain.
f
     Get-adFineGrainedPasswordPolicy   Get one or more AD fine-grained password policies.
     New-adFineGrainedPasswordPolicy   Create a new AD fine-grained policy.
  Remove-adFineGrainedPasswordPolicy   Remove an AD fine-grained password policy.
     Set-adFineGrainedPasswordPolicy   Modify an AD fine-grained password policy.
     Add-adFineGrainedPasswordPolicySubject  Apply a fine-grained password policy to one more users and groups.
     Get-adFineGrainedPasswordPolicySubject  Get the users and groups to which a fine-grained policy is applied.
  Remove-adFineGrainedPasswordPolicySubject  Remove one or more users from a fine-grained policy.
     Get-adForest     Get an AD forest.
     Set-adForest     Modify an AD forest.
     Set-adForestMode Set the forest mode for an AD forest.
g
     Get-adGroup   Get one or more AD groups.
     New-adGroup   Create an AD group.
  Remove-adGroup   Remove an AD group.
     Set-adGroup   Modify an AD group.
     Add-adGroupMember  Add one or more members to an AD group.
     Get-adGroupMember  Get the members of an AD group.
  Remove-adGroupMember  Remove one or more members from an AD group.
o
     Get-adObject  Get one or more AD objects.
    Move-adObject  Move an AD object or a container of objects to a different container or domain.
     New-adObject  Create an AD object.
  Remove-adObject  Remove an AD object.
  Rename-adObject  Change the name of an AD object.
 Restore-adObject  Restore an AD object.
     Set-adObject  Modify an AD object.
 Disable-adOptionalFeature   Disable an AD optional feature.
  Enable-adOptionalFeature   Enable an AD optional feature.
     Get-adOptionalFeature   Get one or more AD optional features.
     Get-adOrganizationalUnit  Get one or more AD OUs.
     New-adOrganizationalUnit  Create a new AD OU.
  Remove-adOrganizationalUnit  Remove an AD OU.
     Set-adOrganizationalUnit  Modify an AD OU.
p
     Add-adPrincipalGroupMembership Add a member to one or more AD groups.
     Get-adPrincipalGroupMembership Get the AD groups that have a specified user, computer, or group.
  Remove-adPrincipalGroupMembership Remove a member from one or more AD groups.
r
     Get-adRootDSE         Get the root of a domain controller information tree.
s
     Get-adServiceAccount  Get one or more AD service accounts.
 Install-adServiceAccount  Install an AD service account on a computer.
     New-adServiceAccount  Create a new AD service account.
  Remove-adServiceAccount  Remove an AD service account.
     Set-adServiceAccount  Modify an AD service account.
Uninstall-adServiceAccount UnInstall an AD service account from a computer.
   Reset-adServiceAccountPassword  Reset the service account password for a computer.
u
     Get-adUser   Get one or more AD users.
     New-adUser   Create a new AD user.
  Remove-adUser   Remove an AD user.
     Set-adUser   Modify an AD user.
     Get-adUserResultantPasswordPolicy Get the resultant password policy for a user.

To use the cmdlets above under Windows XP run a remote session to a Windows7/2008 machine.

If your machine is joined to a domain then a default PSDrive named AD: is created. Use all the regular file system commands to navigate this:
PS C:\> cd AD:
PS AD:\> dir

To use the AD module to manage an Active Directory domain, the Windows Server 2008 R2 Active Directory Web Services (ADWS) service must be installed on at least one domain controller in the domain. To list all the Active Directory cmdlets installed, type Get-Command *-AD*

Related:

Quest Active Directory cmdlets
Group Policy Cmdlets - GPO / Permissions / Inheritance
TechNet - Active Directory Module for Windows PowerShell
PowerShell Commands


© Copyright SS64.com 1999-2013
Some rights reserved