ActiveDirectory
The Active Directory module for Windows PowerShell is a PowerShell module that consolidates a group of cmdlets. You can use these cmdlets to manage your Active Directory domains, Active Directory Lightweight Directory Services (AD LDS) configuration sets, and Active Directory Database Mounting Tool instances in a single, self-contained package.
If you don't have the Active Directory module installed on your machine, you need to download the correct Remote Server Administration Tools (RSAT) package for your OS. If you're running Windows 7, you will also need to run the import-module ActiveDirectory
command from an elevated PowerShell prompt. For more detail, see RSAT for Windows operating systems. Starting with Windows 10 October 2018 Update, RSAT is included as a set of Features on Demand right from Windows 10. Now, instead of downloading an RSAT package you can just go to Manage optional features in Settings and click Add a feature to see the list of available RSAT tools. Select and install the specific RSAT tools you need. To see installation progress, click the Back button to view status on the Manage optional features page.
If you want to use this module in PowerShell 7, see PowerShell 7 module compatibility.
ActiveDirectory
Add-ADCentralAccessPolicyMember |
Adds central access rules to a central access policy in Active Directory. |
Add-ADComputerServiceAccount |
Adds one or more service accounts to an Active Directory computer. |
Add-ADDomainControllerPasswordReplicationPolicy |
Adds users, computers, and groups to the allowed or denied list of a read-only domain controller password replication policy. |
Add-ADFineGrainedPasswordPolicySubject |
Applies a fine-grained password policy to one more users and groups. |
Add-ADGroupMember |
Adds one or more members to an Active Directory group. |
Add-ADPrincipalGroupMembership |
Adds a member to one or more Active Directory groups. |
Add-ADResourcePropertyListMember |
Adds one or more resource properties to a resource property list in Active Directory. |
Clear-ADAccountExpiration |
Clears the expiration date for an Active Directory account. |
Clear-ADClaimTransformLink |
Removes a claims transformation from being applied to one or more cross-forest trust relationships in Active Directory. |
Complete-ADServiceAccountMigration |
Completes the migration process and supersedes a normal user account to a delegated managed service account. |
Disable-ADAccount |
Disables an Active Directory account. |
Disable-ADOptionalFeature |
Disables an Active Directory optional feature. |
Enable-ADAccount |
Enables an Active Directory account. |
Enable-ADOptionalFeature |
Enables an Active Directory optional feature. |
Get-ADAccountAuthorizationGroup |
Gets the accounts token group information. |
Get-ADAccountResultantPasswordReplicationPolicy |
Gets the resultant password replication policy for an Active Directory account. |
Get-ADAuthenticationPolicy |
Gets one or more Active Directory Domain Services authentication policies. |
Get-ADAuthenticationPolicySilo |
Gets one or more Active Directory Domain Services authentication policy silos. |
Get-ADCentralAccessPolicy |
Retrieves central access policies from Active Directory. |
Get-ADCentralAccessRule |
Retrieves central access rules from Active Directory. |
Get-ADClaimTransformPolicy |
Returns one or more Active Directory claim transform objects based on a specified filter. |
Get-ADClaimType |
Returns a claim type from Active Directory. |
Get-ADComputer |
Gets one or more Active Directory computers. |
Get-ADComputerServiceAccount |
Gets the service accounts hosted by a computer. |
Get-ADDCCloningExcludedApplicationList |
Gets a list of installed programs and services present on this domain controller that are not in the default or user defined inclusion list. |
Get-ADDefaultDomainPasswordPolicy |
Gets the default password policy for an Active Directory domain. |
Get-ADDomain |
Gets an Active Directory domain. |
Get-ADDomainController |
Gets one or more Active Directory domain controllers based on discoverable services criteria, search parameters or by providing a domain controller identifier, such as the NetBIOS name. |
Get-ADDomainControllerPasswordReplicationPolicy |
Gets the members of the allowed list or denied list of a read-only domain controller's password replication policy. |
Get-ADDomainControllerPasswordReplicationPolicyUsage |
Gets the Active Directory accounts that are authenticated by a read-only domain controller or that are in the revealed list of the domain controller. |
Get-ADFineGrainedPasswordPolicy |
Gets one or more Active Directory fine-grained password policies. |
Get-ADFineGrainedPasswordPolicySubject |
Gets the users and groups to which a fine-grained password policy is applied. |
Get-ADForest |
Gets an Active Directory forest. |
Get-ADGroup |
Gets one or more Active Directory groups. |
Get-ADGroupMember |
Gets the members of an Active Directory group. |
Get-ADObject |
Gets one or more Active Directory objects. |
Get-ADOptionalFeature |
Gets one or more Active Directory optional features. |
Get-ADOrganizationalUnit |
Gets one or more Active Directory organizational units. |
Get-ADPrincipalGroupMembership |
Gets the Active Directory groups that have a specified user, computer, group, or service account. |
Get-ADReplicationAttributeMetadata |
Gets the replication metadata for one or more Active Directory replication partners. |
Get-ADReplicationConnection |
Returns a specific Active Directory replication connection or a set of AD replication connection objects based on a specified filter. |
Get-ADReplicationFailure |
Returns a collection of data describing an Active Directory replication failure. |
Get-ADReplicationPartnerMetadata |
Returns the replication metadata for a set of one or more replication partners. |
Get-ADReplicationQueueOperation |
Returns the contents of the replication queue for a specified server. |
Get-ADReplicationSite |
Returns a specific Active Directory replication site or a set of replication site objects based on a specified filter. |
Get-ADReplicationSiteLink |
Returns a specific Active Directory site link or a set of site links based on a specified filter. |
Get-ADReplicationSiteLinkBridge |
Gets a specific Active Directory site link bridge or a set of site link bridge objects based on a specified filter. |
Get-ADReplicationSubnet |
Gets one or more Active Directory subnets. |
Get-ADReplicationUpToDatenessVectorTable |
Displays the highest Update Sequence Number (USN) for the specified domain controller. |
Get-ADResourceProperty |
Gets one or more resource properties. |
Get-ADResourcePropertyList |
Gets resource property lists from Active Directory. |
Get-ADResourcePropertyValueType |
Gets a resource property value type from Active Directory. |
Get-ADRootDSE |
Gets the root of a directory server information tree. |
Get-ADServiceAccount |
Gets one or more Active Directory managed service accounts or group managed service accounts. |
Get-ADTrust |
Gets all trusted domain objects in the directory. |
Get-ADUser |
Gets one or more Active Directory users. |
Get-ADUserResultantPasswordPolicy |
Gets the resultant password policy for a user. |
Grant-ADAuthenticationPolicySiloAccess |
Grants permission to join an authentication policy silo. |
Install-ADServiceAccount |
Installs an Active Directory managed service account on a computer or caches a group managed service account on a computer. |
Move-ADDirectoryServer |
Moves a directory server in Active Directory to a new site. |
Move-ADDirectoryServerOperationMasterRole |
Moves operation master roles to an Active Directory directory server. |
Move-ADObject |
Moves an Active Directory object or a container of objects to a different container or domain. |
New-ADAuthenticationPolicy |
Creates an Active Directory Domain Services authentication policy object. |
New-ADAuthenticationPolicySilo |
Creates an Active Directory Domain Services authentication policy silo object. |
New-ADCentralAccessPolicy |
Creates a new central access policy in Active Directory containing a set of central access rules. |
New-ADCentralAccessRule |
Creates a central access rule in Active Directory. |
New-ADClaimTransformPolicy |
Creates a new claim transformation policy object in Active Directory. |
New-ADClaimType |
Creates a new claim type in Active Directory. |
New-ADComputer |
Creates a new Active Directory computer object. |
New-ADDCCloneConfigFile |
Performs prerequisite checks for cloning a domain controller and generates a clone configuration file if all checks succeed. |
New-ADFineGrainedPasswordPolicy |
Creates a new Active Directory fine-grained password policy. |
New-ADGroup |
Creates an Active Directory group. |
New-ADObject |
Creates an Active Directory object. |
New-ADOrganizationalUnit |
Creates an Active Directory organizational unit. |
New-ADReplicationSite |
Creates an Active Directory replication site in the directory. |
New-ADReplicationSiteLink |
Creates a new Active Directory site link for in managing replication. |
New-ADReplicationSiteLinkBridge |
Creates a site link bridge in Active Directory for replication. |
New-ADReplicationSubnet |
Creates an Active Directory replication subnet object. |
New-ADResourceProperty |
Creates a resource property in Active Directory. |
New-ADResourcePropertyList |
Creates a resource property list in Active Directory. |
New-ADServiceAccount |
Creates a new Active Directory managed service account or group managed service account object. |
New-ADUser |
Creates an Active Directory user. |
Remove-ADAuthenticationPolicy |
Removes an Active Directory Domain Services authentication policy object. |
Remove-ADAuthenticationPolicySilo |
Removes an Active Directory Domain Services authentication policy silo object. |
Remove-ADCentralAccessPolicy |
Removes a central access policy from Active Directory. |
Remove-ADCentralAccessPolicyMember |
Removes central access rules from a central access policy in Active Directory. |
Remove-ADCentralAccessRule |
Removes a central access rule from Active Directory. |
Remove-ADClaimTransformPolicy |
Removes a claim transformation policy object from Active Directory. |
Remove-ADClaimType |
Removes a claim type from Active Directory. |
Remove-ADComputer |
Removes an Active Directory computer. |
Remove-ADComputerServiceAccount |
Removes one or more service accounts from a computer. |
Remove-ADDomainControllerPasswordReplicationPolicy |
Removes users, computers, and groups from the allowed or denied list of a read-only domain controller password replication policy. |
Remove-ADFineGrainedPasswordPolicy |
Removes an Active Directory fine-grained password policy. |
Remove-ADFineGrainedPasswordPolicySubject |
Removes one or more users from a fine-grained password policy. |
Remove-ADGroup |
Removes an Active Directory group. |
Remove-ADGroupMember |
Removes one or more members from an Active Directory group. |
Remove-ADObject |
Removes an Active Directory object. |
Remove-ADOrganizationalUnit |
Removes an Active Directory organizational unit. |
Remove-ADPrincipalGroupMembership |
Removes a member from one or more Active Directory groups. |
Remove-ADReplicationSite |
Deletes the specified replication site object from Active Directory. |
Remove-ADReplicationSiteLink |
Deletes an Active Directory site link used to manage replication. |
Remove-ADReplicationSiteLinkBridge |
Deletes a replication site link bridge from Active Directory. |
Remove-ADReplicationSubnet |
Deletes the specified Active Directory replication subnet object from the directory. |
Remove-ADResourceProperty |
Removes a resource property from Active Directory. |
Remove-ADResourcePropertyList |
Removes one or more resource property lists from Active Directory. |
Remove-ADResourcePropertyListMember |
Removes one or more resource properties from a resource property list in Active Directory. |
Remove-ADServiceAccount |
Removes an Active Directory managed service account or group managed service account object. |
Remove-ADUser |
Removes an Active Directory user. |
Rename-ADObject |
Changes the name of an Active Directory object. |
Reset-ADServiceAccountMigration |
Resets the state of a migration to an delegated managed service account and unlinks the delegated managed service account from the user account. |
Reset-ADServiceAccountPassword |
Resets the password for a standalone managed service account. |
Restore-ADObject |
Restores an Active Directory object. |
Revoke-ADAuthenticationPolicySiloAccess |
Revokes membership in an authentication policy silo for the specified account. |
Search-ADAccount |
Gets Active Directory user, computer, or service accounts. |
Set-ADAccountAuthenticationPolicySilo |
Modifies the authentication policy or authentication policy silo of an account. |
Set-ADAccountControl |
Modifies user account control (UAC) values for an Active Directory account. |
Set-ADAccountExpiration |
Sets the expiration date for an Active Directory account. |
Set-ADAccountPassword |
Modifies the password of an Active Directory account. |
Set-ADAuthenticationPolicy |
Modifies an Active Directory Domain Services authentication policy object. |
Set-ADAuthenticationPolicySilo |
Modifies an Active Directory Domain Services authentication policy silo object. |
Set-ADCentralAccessPolicy |
Modifies a central access policy in Active Directory. |
Set-ADCentralAccessRule |
Modifies a central access rule in Active Directory. |
Set-ADClaimTransformLink |
Applies a claims transformation to one or more cross-forest trust relationships in Active Directory. |
Set-ADClaimTransformPolicy |
Sets the properties of a claims transformation policy in Active Directory. |
Set-ADClaimType |
Modify a claim type in Active Directory. |
Set-ADComputer |
Modifies an Active Directory computer object. |
Set-ADDefaultDomainPasswordPolicy |
Modifies the default password policy for an Active Directory domain. |
Set-ADDomain |
Modifies an Active Directory domain. |
Set-ADDomainMode |
Sets the domain mode for an Active Directory domain. |
Set-ADFineGrainedPasswordPolicy |
Modifies an Active Directory fine-grained password policy. |
Set-ADForest |
Modifies an Active Directory forest. |
Set-ADForestMode |
Sets the forest mode for an Active Directory forest. |
Set-ADGroup |
Modifies an Active Directory group. |
Set-ADObject |
Modifies an Active Directory object. |
Set-ADOrganizationalUnit |
Modifies an Active Directory organizational unit. |
Set-ADReplicationConnection |
Sets properties on Active Directory replication connections. |
Set-ADReplicationSite |
Sets the replication properties for an Active Directory site. |
Set-ADReplicationSiteLink |
Sets the properties for an Active Directory site link. |
Set-ADReplicationSiteLinkBridge |
Sets the properties of a replication site link bridge in Active Directory. |
Set-ADReplicationSubnet |
Sets the properties of an Active Directory replication subnet object. |
Set-ADResourceProperty |
Modifies a resource property in Active Directory. |
Set-ADResourcePropertyList |
Modifies a resource property list in Active Directory. |
Set-ADServiceAccount |
Modifies an Active Directory managed service account or group managed service account object. |
Set-ADUser |
Modifies an Active Directory user. |
Show-ADAuthenticationPolicyExpression |
Displays the Edit Access Control Conditions window update or create security descriptor definition language (SDDL) security descriptors. |
Start-ADServiceAccountMigration |
Starts the migration process by linking a normal user account to a delegated managed service account. |
Sync-ADObject |
Replicates a single object between any two domain controllers that have partitions in common. |
Test-ADServiceAccount |
Tests a managed service account from a computer. |
Undo-ADServiceAccountMigration |
Reverts the previous migration phase of a migration to an delegated managed service account. If the migration process is currently in the start phase, the accounts will be unlinked from each other. If the migration is in the completed phase, it'll return back to the state in the start phase. |
Uninstall-ADServiceAccount |
Uninstalls an Active Directory managed service account from a computer or removes a cached group managed service account from a computer. |
Unlock-ADAccount |
Unlocks an Active Directory account. |