Shulou(Shulou.com)06/01 Report--

Computer object commands

List all computer accounts in a domain

Get-ADComputer-Filter {Name-Like "*"}

View all computers that are logged in for 90 days to the Active Directory

Search-ADaccount-AccountInactive-Timespan 90-ComputersOnly

OR

$lastLogon = (get-date). Adddays (- 90). ToFileTime ()

Get-ADComputer-filter {lastLogonTimestamp-gt $lastLogon}

Find and delete all disabled Computer accounts in Active Directory

Search-ADAccount-AccountDisabled-ComputersOnly | Sort-Object | Remove-ADComputer

Find and delete disabled computer accounts from a specific OU

Search-ADAccount-AccountDisabled-Searchbase "OU=IT,DC=Contoso,DC=Com"-ComputersOnly | Sort-Object | Remove-ADComputer

Find and delete all computer accounts that no longer have signed up since 11/20/2011 to the Active Directory

Search-ADAccount-AccountInactive-DateTime "20.11.2011"-ComputersOnly | Sort-Object | Remove-ADComputer

List only disabled Computer accounts in Domain

Search-ADAccount-AccountDisabled-ComputersOnly | Format-Table Name

Move Computer to other OU (example: Computer=CLIENT1 to OU=IT)

Get-ADComputer CLIENT1 | Move-ADObject-TargetPath "OU=IT,DC=Contoso,DC=Com"

See Computer account detail (example: Computer=CLIENT1)

Get-ADComputer-Filter {Name-Like "CLIENT1"}

Get a specific computer showing all the properties (example: Computer=CLIENT1)

Get-ADComputer "CLIENT1"-Properties *

List Computers (Name, Operating System, Service Pack, Operating System version)

Get-ADComputer-Filter *-Property * | Format-Table Name,OperatingSystem,OperatingSystemServicePack,OperatingSystemVersion-Wrap-Auto

Export Computers List (Name, Operating System, Service Pack, Operating System version) to CSV File

Get-ADComputer-Filter *-Property * | Select-Object Name,OperatingSystem,OperatingSystemServicePack,OperatingSystemVersion | Export-CSV AllWindows.csv-NoTypeInformation-Encoding UTF8

Get Computer IPv4 Address and DnsHostName

Get-ADComputer-Filter {Name-Like "Computer-Name"}-Properties IPv4Address | Format-List Name,DnsHostName,IPv4Address

Get all Computers in a specific OU (example: OU=IT, Domain=Contoso.com)

Get-ADComputer-SearchBase "OU=IT,DC=Contoso,DC=Com"-filter *

Get all the Computers without a specific DNS suffix

Get-ADComputer-filter "DnsHostName-notlike'* .Contoso.Com'"

Get Computer Service Principal Names (SPNs)

Get-ADComputer "Computer-Name"-Properties ServicePrincipalNames | Select-Object-Expand ServicePrincipalNames

Get Computers Security Identifiers (SIDs)

Get-ADComputer-Filter {Name-like "*"} | Select Name,SID | Format-Table-AutoAll computer accounts that were created in the last 90 days in the Active Directory

Get-ADComputer-Filter *-Properties whenCreated |? {((Get-Date)-$_ created) .Days-lt 90} | Format-Table Name,WhenCreated,Name,DistinguishedName-Autosize-Wrap

All computer accounts that were created as of December 1, 2011 (12 Compact 01 Acer 2011) in the Active Directory

Get-ADComputer-LDAPFilter "(& (objectCategory=person) (whenCreated > = 20111201000000.0Z))"-Properties whenCreated | Format-Table Name,whenCreated,distinguishedName-Autosize-Wrap

All computer accounts that were created here in a given time, between the 10/01/2011 and 12/01/2011 in Active Directory

$Start = Get-Date-Day 01-Month 10-Year 2011-Hour 00

$End = Get-Date-Day 01-Month 12-Year 2011-Hour 23-Minute 59

Get-ADComputer-Filter *-Properties whenCreated |?

{($_ .whenCreated-gt $Start)-and ($_ .whenCreated-le $End)} | Format-Table Name,WhenCreated,DistinguishedName-Autosize-Wrap

All computer accounts, Last Password Set in a given time, between the 10/01/2011 and 12/01/2011 in Active Directory

$Start = Get-Date-Day 01-Month 10-Year 2011-Hour 00

$End = Get-Date-Day 01-Month 12-Year 2011-Hour 23-Minute 59

Get-ADComputer-Filter *-Properties PasswordLastSet |? {($_ .PasswordLastSet-gt $Start)-and ($_ .PasswordLastSet-le $End)} | Format-Table Name,WhenCreated,DistinguishedName-Autosize-Wrap

All computer accounts, Last Password Set in the last 90 days in Active Directory$Date = Get-Date. AddDays (- 90)

Get-ADComputer-Filter *-Properties PasswordLastSet | where {$_ .PasswordLastSet-le $Date} | Format-Table Name,PasswordLastSet,DistinguishedName-Autosize-Wrap

Group object commands

List all members of a group (example: Group=Experts)

Get-ADGroupMember Experts | Format-Table Name

All properties of a group (example: Group=IT)

Get-ADGroup IT-Properties *

List only Universal Security groups

Get-ADGroup-LDAPFilter "(& (objectCategory=group) (groupType:1.2.840.113556.1.4.803:=-2147483640))"

List only Global Security groups

Get-ADGroup-LDAPFilter "(& (objectCategory=group) (groupType:1.2.840.113556.1.4.803:=-2147483646))"

List only Domain Local Security groups

Get-ADGroup-LDAPFilter "(& (objectCategory=group) (groupType:1.2.840.113556.1.4.803:=-2147483644))"

List all Group memberships for a user (example: User=EdPrice)

Get-ADAccountAuthorizationGroup EdPrice

Move a Group to another OU (example: Group=Experts, Old-OU=IT, New-OU=Service, Domain=Contoso.com)

Move-ADObject "CN=Experts,OU=IT,DC=Contoso,DC=com"-TargetPath "OU=Service,DC=Contoso,DC=com"

Add members to a group (example: Group=Experts, User=EdPrice)

Add-ADGroupmember Experts-Member EdPrice

Delete Group (example: Group=Experts)

Remove-ADGroup Experts

Delete a User from a Group (example: Group=Experts, User=EdPrice)

Remove-ADGroupMember Experts-Member EdPrice

Set Description for a Group (example: Group=JoinPC, Description=This group is allowed join PCs to Domain)

Set-ADGroup JoinPC-Description "This group is allowed join PCs to Domain"

Add Users from one Group to another Group (example: from Group1=DataUsers to Group2=SQLUsers)

Get-ADGroupMember DataUsers | Select sAMAccountName | ForEach {Add-ADGroupMember SQLUsers-Members $_ .sAMAccountName}

Comparing two Groups to see the Group memberships (example: Group1=Administratorso, Group2=DNSAdmins)

Compare-Object (Get-ADGroupMember Administrators) (Get-ADGroupMember DNSAdmins)-IncludeEqual

Organizational Unit (OU) commands

All OUs in Domain

Get-ADOrganizationalUnit-Filter {Name-like * "} | FT Name, DistinguishedName-A

Create OU (example: OU=IT, Domain=Contoso.com)

New-ADOrganizationalUnit-Name IT-Path "DC=Contoso,DC=Com"

Contents of a specific OU (example: OU=IT, Domain=Contoso.com)

Get-ADObject-Filter {Name-Like "*"}-Searchbase "OU=IT,DC=Contoso,DC=Com"

Rename OU (example: Old-Name=IT, New-Name=Admin, Domain=Contoso.com)

Rename-ADObject "OU=IT,DC=Contoso,DC=Com"-NewName Admin

Delete OU including contents (example: OU=IT, Domain=Contoso.com)

Remove-ADOrganizationalUnit IT-Recursive

Delete user from specific OU (example: User=EdPrice, OU=IT, Domain=Contoso.com)

Remove-ADObject "CN=EdPrice,OU=IT,DC=Contoso,DC=Com"

Move all objects from one OU to another OU (example: Old-OU=IT, New-OU=Manager, Domain=Contoso.com)

Get-ADObject-Filter {Name-Like "*"}-Searchbase "OU=IT,DC=Contoso,DC=Com"-SearchScope OneLevel | Move-ADObject-TargetPath "OU=Manager,DC=Contoso,DC=Com"

User object commands

List all User accounts in the Domain

Get-ADUser-Filter *

List all User accounts in a specific OU (example: OU=IT, Domain=Contoso.com)

Get-ADUser-Filter *-Searchbase "OU=IT,DC=Contoso,DC=Com" | FT

List all User accounts from specific City (example: City=NewYork)

Get ADUser-Filter {city-like "NewYork"} | FT

List only disabled User accounts in Domain

Search-ADAccount-AccountDisabled-Usersonly | FT Name

List all User accounts whose First Name is Ed

Get-ADUser-Filter {givenName-Like "Ed"} | FT

List all User accounts whose Last Name is Price

Get-ADUser-Filter {Surname-Like "Price"} | FT

List all User accounts from the specific Department (example: Department=Support)

Get-ADUser-Filter {Department-Like "Support"} | FT

List a User's Group memberships (example: User=Richard)

Get-ADPrincipalGroupMembership-Identity Richard

List all Users from specific Group and move Users to another OU (example: Group=People, Target OU=NewYork, Domain=Contoso.com)

Get-ADGroupMember People-Recursive | Move-ADObject-TargetPath "OU=NewYork,DC=Contoso,DC=Com"

Remove all users in an OU from a specific Group (example: Group=People, OU=NewYork, Domain=Contoso.com)

$Users = Get-ADUser-Filter *-Searchbase "OU=NewYork,DC=Contoso,DC=Com"

Remove-ADGroupMember-Identity People-Member $Users-Confirm:0

See Also

Here are two great article about Active Directory LDAP Syntax and Active Directory Characters to Escape:

Active Directory: Characters to Escape (Richard Mueller-MVP)

Active Directory: LDAP Syntax Filters (Richard Mueller-MVP)

Move (Transfering or Seizing) FSMO roles with AD-Powershell command to another Domain Controller

How To Revert Back or downgrade Windows Server 2008 R2 Forest and Domain functional Level

PowerShell Portal

Wiki: Portal of TechNet Wiki Portals

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.