PowerShell 101 – Basic Active Directory User Management
These commands are best run on a domain controller. Alternatively you can invoke these commands through a remote session, or on a system that has RSAT tools installed with the Active Directory components.
First, import the module with the following command:
Import-Module ActiveDirectory
If the above command fails, you will not be able to use PowerShell to manage the AD environment. This will often happen if you are running remotely without AD components installed.
If the module loads, the below commands can now be used! Be sure to replace any items in italics with the username you are targeting.
I want to review a user’s account details
Get-ADUser Username
For full details, be sure to add -Properties * to the end of the command. This can output a lot of detail, so output it to a text file if you are unsure by appending this to the end of the command: > C:\filename.txt
I want to disable a user account
Disable-ADUser Username
I want to enable a user account (not for password lockouts)
Enable-ADUser Username
I want to remove a user account
Note: This command does not remove a user’s Exchange account, user folders, or any other related object. It just removes them from AD.
Remove-ADUser Username
I want to check the status of a user account
Get-ADUser Username -Properties Enabled
I want to reset a user’s password
This is a multi-step command, so please enter in order as shown.
- $pass=Read-Host “PASSWORD” –AsSecureString (This will prompt you for the password you want to use)
- Set-ADAccountPassword USERNAME -NewPassword $pass
- Set-ADUser USERNAME –ChangePasswordAtLogon $true (Optional, but recommended for good password hygiene)