Active Directory - PowerShell

Overview

The Active Directory command is a powerful PowerShell cmdlet that provides access to various Active Directory management and querying functions. It enables administrators and users to manage Active Directory objects, perform searches, configure settings, and automate tasks within the directory service.

Syntax

ActiveDirectory [[-Identity] <string>] [-Property <string[]>] [-LDAPFilter <string>] [-Filter <string>] [-Attributes <string[]>] [-Scope <string>] [-Server <string>] [-Credential <PSCredential>] [-Anr] [-AsJob] [-UseSSL] [-Port <int>] [-SearchBase <string>] [-Referral] [-Partition <string>] [-ReferralException]

Options/Flags

  • -Identity: Specifies the Active Directory object to be manipulated. Can be a DN (Distinguished Name) or a GUID.
  • -Property: Retrieves specific properties of the specified object.
  • -LDAPFilter: Uses LDAP (Lightweight Directory Access Protocol) syntax to filter the search results.
  • -Filter: Uses PowerShell’s Where-Object syntax to filter the results.
  • -Attributes: Specifies the attributes to be returned in the search results.
  • -Scope: Sets the scope of the search (Base, OneLevel, Subtree).
  • -Server: Specifies the Active Directory server to connect to.
  • -Credential: Uses a PSCredential object to provide credentials for authentication.
  • -Anr: Automatically resolves aliases and referrals.
  • -AsJob: Executes the command as a background job.
  • -UseSSL: Establishes a secure connection (SSL/TLS) to the server.
  • -Port: Specifies the port number for the LDAP server.
  • -SearchBase: Sets the base for the search operation.
  • -Referral: Follows referrals from the server.
  • -Partition: Specifies the Active Directory partition to search.
  • -ReferralException: Throws an exception if a referral is encountered.

Examples

Simple Search

Get-ActiveDirectoryUser -Identity user1

Complex Filter

Get-ActiveDirectoryComputer -Filter "OperatingSystem -like 'Windows Server*'"

Attribute Selection

Get-ActiveDirectoryGroupMember -Identity "Sales Team" -Attributes name,mail

Scope Specification

Get-ActiveDirectoryUser -Filter "Name -like 'John*'" -Scope Subtree

Connection with Credentials

$cred = Get-Credential
Get-ActiveDirectoryUser -Identity user2 -Credential $cred

Common Issues

  • Authentication failures: Ensure the provided credentials are valid and have sufficient permissions.
  • Referral loops: Use -Anr to automatically resolve referrals and avoid loops.
  • LDAP syntax errors: Verify the syntax and formatting of the LDAP filter.

Integration

Combine with other PowerShell commands:

  • Get-ActiveDirectoryObject | Select-Object Name,Description
  • New-ADUser | Set-ActiveDirectoryPassword -NewPassword (ConvertTo-SecureString "P@ssw0rd1" -AsPlainText -Force)
  • Add-ActiveDirectoryUser
  • Set-ActiveDirectoryUser
  • Remove-ActiveDirectoryUser
  • Get-ADSite
  • Get-ADDomainController