Find Users or Computer which are expired
Use Search-AdAccount cmdlet to find user, computer or service account enable status
Search-ADAccount -AccountExpired
Check If Users password expired
Search-ADAccount -PasswordExpired
Check if Users account disabled
Search-ADAccount -AccountDisabled
Find all locked out account in active directory
Search-ADAccount -LockedOut | FT Name,ObjectClass -A
Find account inactive for last 90 days
Search-ADAccount -AccountInactive -TimeSpan 90.00:00:00 | FT Name,ObjectClass -A
Unlock User account
Unlock-ADaccount -identity "Garyw"
Get Ad User Distinguished Name
Get-AdUser -Identity "toms" | Select DistinguishedName
Get Ad User using userprincipalname
Use Get-AdUser cmdlet in Active directory to get user using provided userprincipalname.
Get-ADGroupmember -identity salesleader | % { get-aduser $_.samaccountname} | Select Name,UserPrincipalName
Get Ad User SID in active directory
Get-AdUser -Identity toms | Select Name, SID, UserPrincipalName
Modify property of Group in active directory
Lets consider an example to modify description property of group, run below command
Set-ADGroup -Server localhost:60000 -Identity "CN=AccessControl,DC=AppNC" -Description "Access Group" -Passthru
Above PowerShell script, uses Set-AdGroup to set description property using Description parameter.
List all active directory groups
PowerShell Get-AdGroup cmdlet get list of all active directory group, run below command
Get-ADGroup -filter * -properties * |select SAMAccountName, Description|
List of all users in AD group
PowerShell Get-AdGroupMember cmdlet gets active directory group members, run below command
Get-ADGroupMember -Identity "Shell_Sales" | Select-Object Name
Get all computers in Active Directory
PowerShell Get-AdComputer cmdlet get list of active directory computers.
Get-ADComputer -Filter *
Source: https://shellgeek.com
