Active Directory module PowerShell cmdlets

The Active Directory (AD) module contains the following cmdlets. See below for installation.

 Disable-adAccount   Disable an Active Directory account.
  Enable-adAccount   Enable an Active Directory account.
  Search-adAccount   Get AD user, computer, and service accounts.
  Unlock-adAccount   Unlock an AD account.
     Get-adAccountAuthorizationGroup Get the groups in which an account is a direct or indirect member.
     Set-adAccountControl     Modify user account control (UAC) values for an AD account.
   Clear-adAccountExpiration  Clear the expiration date for an AD account.
     Set-adAccountExpiration  Set the expiration date for an AD account.
     Set-adAccountPassword    Modify the password of an AD account.
     Get-adAccountResultantPasswordReplicationPolicy Resultant password replication policy for an AD account.
     Get-adComputer   Get one or more AD computers.
     New-adComputer   Create a new AD computer.
  Remove-adComputer   Remove an AD computer.
     Set-adComputer   Modify an AD computer.
     Add-adComputerServiceAccount  Add one or more service accounts to an AD computer.
     Get-adComputerServiceAccount  Get the service accounts that are hosted by an AD computer.
  Remove-adComputerServiceAccount  Remove one or more service accounts from a computer.
     Get-adDefaultDomainPasswordPolicy  Get the default password policy for an AD domain.
     Set-adDefaultDomainPasswordPolicy  Modify the default password policy for an AD domain.
    Move-adDirectoryServer                    Move a domain controller in AD DS to a new site.
    Move-adDirectoryServerOperationMasterRole Move the operation master (FSMO) roles to an AD domain controller.
     Get-adDomain     Get an AD domain.
     Set-adDomain     Modify an AD domain.
     Get-adDomainController   Get one or more AD domain controllers.
                   Add users, computers, and groups to the Allowed List or the Denied List
                   of the read-only domain controller (RODC) Password Replication Policy (PRP).
     Get-adDomainControllerPasswordReplicationPolicy   RODC PRP Allowed/Denied List.
  Remove-adDomainControllerPasswordReplicationPolicy   RODC PRP Allowed/Denied List.
     Get-adDomainControllerPasswordReplicationPolicyUsage Get the resultant password policy of the specified
                                                          AD Account on the specified RODC.
     Set-adDomainMode Set the domain functional level for an AD domain.
     Get-adFineGrainedPasswordPolicy   Get one or more AD fine-grained password policies.
     New-adFineGrainedPasswordPolicy   Create a new AD fine-grained policy.
  Remove-adFineGrainedPasswordPolicy   Remove an AD fine-grained password policy.
     Set-adFineGrainedPasswordPolicy   Modify an AD fine-grained password policy.
     Add-adFineGrainedPasswordPolicySubject  Apply a fine-grained password policy to one more users and groups.
     Get-adFineGrainedPasswordPolicySubject  Get the users and groups to which a fine-grained policy is applied.
  Remove-adFineGrainedPasswordPolicySubject  Remove one or more users from a fine-grained policy.
     Get-adForest     Get an AD forest.
     Set-adForest     Modify an AD forest.
     Set-adForestMode Set the forest mode for an AD forest.
     Get-adGroup   Get one or more AD groups.
     New-adGroup   Create an AD group.
  Remove-adGroup   Remove an AD group.
     Set-adGroup   Modify an AD group.
     Add-adGroupMember  Add one or more members to an AD group.
     Get-adGroupMember  Get the members of an AD group.
  Remove-adGroupMember  Remove one or more members from an AD group.
     Get-adObject  Get one or more AD objects.
    Move-adObject  Move an AD object or a container of objects to a different container or domain.
     New-adObject  Create an AD object.
  Remove-adObject  Remove an AD object.
  Rename-adObject  Change the name of an AD object.
 Restore-adObject  Restore an AD object.
     Set-adObject  Modify an AD object.
 Disable-adOptionalFeature   Disable an AD optional feature.
  Enable-adOptionalFeature   Enable an AD optional feature.
     Get-adOptionalFeature   Get one or more AD optional features.
     Get-adOrganizationalUnit  Get one or more AD OUs.
     New-adOrganizationalUnit  Create a new AD OU.
  Remove-adOrganizationalUnit  Remove an AD OU.
     Set-adOrganizationalUnit  Modify an AD OU.
     Add-adPrincipalGroupMembership Add a member to one or more AD groups.
     Get-adPrincipalGroupMembership Get the AD groups that have a specified user, computer, or group.
  Remove-adPrincipalGroupMembership Remove a member from one or more AD groups.
     Get-adRootDSE         Get the root of a domain controller information tree.
     Get-adReplication...  See
     Get-adResource...     See
     Get-adServiceAccount  Get one or more AD service accounts.
 Install-adServiceAccount  Install an AD service account on a computer.
     New-adServiceAccount  Create a new AD service account.
  Remove-adServiceAccount  Remove an AD service account.
     Set-adServiceAccount  Modify an AD service account.
Uninstall-adServiceAccount UnInstall an AD service account from a computer.
   Reset-adServiceAccountPassword  Reset the service account password for a computer.
     Get-adUser   Get one or more AD users.
     New-adUser   Create a new AD user.
  Remove-adUser   Remove an AD user.
     Set-adUser   Modify an AD user.
     Get-adUserResultantPasswordPolicy Get the resultant password policy for a user.

To use the PowerShell RSAT Active Directory module, you must first install it. This module is installed by default on Domain Controllers with the AD DS or AD LDS server roles.

Install with the following command:

PS C:\> Add-WindowsCapability –online –Name "Rsat.ActiveDirectory.DS-LDS.Tools~~~~"

Or from a local image:

PS C:\> Add-WindowsCapability -Online -Name Rsat.ActiveDirectory.DS-LDS.Tools~~~~ -LimitAccess -Source "\\server\share\Windows 10 FOD ISO image file\"

Once installed, the Active Directory module may be loaded with Import-Module ActiveDirectory or click Start, Administrative Tools, Active Directory Module for Windows PowerShell. It will automatically load when any of the cmdlets are used, so this step is optional.

If your machine is joined to a domain then a default PSDrive named AD: is created. Use all the regular file system commands to navigate this:
PS C:\> cd AD:
PS AD:\> dir

To use the AD module to manage an Active Directory domain, the Windows Server Active Directory Web Services (ADWS) service must be installed on at least one domain controller in the domain.

To list all the Active Directory cmdlets installed, type Get-Command *-AD*

Related PowerShell Cmdlets

Add-WindowsCapability - Install a Windows capability package on the specified OS image.
RSAT - Install Remote Server Administration Tools (RSAT).
Group Policy Cmdlets - GPO / Permissions / Inheritance.
TechNet - Active Directory Module for Windows PowerShell.
CSVDE / LDIFDE - Create, modify or delete directory objects.

Copyright © 1999-2024
Some rights reserved