다음을 통해 공유


Active Directory Powershell Module Manage Users

New-AdUser
Using this command System admins can easily create users with all the attributes.

Parameters which we can use with New-AdUser

  • Name 

  • AccountExpirationDate 

  • AccountNotDelegated 

  • AccountPassword 

  • AllowReversiblePasswordEncryption 

  • AuthType 

  • CannotChangePassword 

  • Certificates 

  • ChangePasswordAtLogon 

  • City 

  • Company 

  • Country 

  • Credential 

  • Department 

  • Description 

  • DisplayName 

  • Division 

  • EmailAddress 

  • EmployeeID 

  • EmployeeNumber 

  • Enabled 

  • Fax 

  • GivenName 

  • HomeDirectory 

  • HomeDrive 

  • HomePage 

  • HomePhone 

  • Initials 

  • Instance 

  • LogonWorkstations 

  • Manager 

  • MobilePhone 

  • Office 

  • OfficePhone 

  • Organization 

  • OtherAttributes 

  • OtherName 

  • PassThru 

  • PasswordNeverExpires 

  • PasswordNotRequired 

  • Path 

  • POBox 

  • PostalCode 

  • ProfilePath 

  • SamAccountName 

  • ScriptPath 

  • Server 

  • ServicePrincipalNames 

  • SmartcardLogonRequired 

  • State 

  • StreetAddress 

  • Surname 

  • Title 

  • TrustedForDelegation 

  • Type 

  • UserPrincipalName 

  • Confirm 

  • WhatIf 

Sample User creation with New-AdUser

Get-AdUser

System administrators can use Get-AdUser to query for active directory users with specific criteria. This command is normally used with -Identity and -Filter parameters.
Example for Get-AdUser with -Filter parameters

According to the example, we can get all the users who work in the IT Department.

Use Get-AdUser to disable the user account whose name is starting with darsha.....

Enable active directory user account from PowerShell
we can simply use Enable-AdAccount and Disable-AdAccount for enabling and disabling user accounts in active directory.
Both of these commands are used with the -Identity parameter (Enable-AdAccount -Identity user1). User1 is the login name of the user.

New-AdGroup: Using this commandlet we can create a new user group for Active Directory. When we are creating a user group we can the define of the scope (Global or Local) of the group and the type of group (Security or Distribution).

Using Add-AdGroupMemger we can add users to the particular group. In my example, we will add a user who has login name dja to the IT-Admins group.

Using Set-AdUser command we can easily edit the active directory users' attributes. The combination of Get-AdUser and Set-AdUser will help us to edit the users' data according to the criteria.
In my example, we will change all users' company name in active directory to "My Company"

Active Directory PowerShell module reference guide:(http://technet.microsoft.com/en-us/library/ee617195.aspx)


See Also