Active Directory (AD) is a directory service developed by Microsoft for Windows domain networks. It is a crucial component for managing users, computers, and other devices within a network. This article will guide you through managing Active Directory using PowerShell, a powerful scripting language and command-line shell for task automation and configuration management.

Introduction to Active Directory

Active Directory provides a variety of services, including:

• Domain Services (AD DS): Centralized domain management.
• Lightweight Directory Services (AD LDS): Lightweight directory access.
• Certificate Services (AD CS): Certificate authority.
• Federation Services (AD FS): Single sign-on (SSO) capabilities.
• Rights Management Services (AD RMS): Information protection.

Prerequisites

Before you start, ensure you have:

1. Administrative privileges on the domain controller.
2. PowerShell installed (comes pre-installed on Windows Server).
3. Active Directory module for PowerShell installed.

Installing the Active Directory Module

To manage AD using PowerShell, you need to install the Active Directory module. Here's how:

1. Open PowerShell with administrative privileges.
2. Execute the following command:

Install-WindowsFeature -Name RSAT-AD-PowerShell

Basic Active Directory Commands

1. Creating a New User

To create a new user in Active Directory, use the New-ADUser cmdlet. Here’s an example:

New-ADUser -Name "John Doe" -GivenName "John" -Surname "Doe" -SamAccountName "jdoe" -UserPrincipalName "jdoe@domain.com" -Path "OU=Users,DC=domain,DC=com" -AccountPassword (ConvertTo-SecureString "P@ssw0rd" -AsPlainText -Force) -Enabled $true

2. Modifying User Properties

To modify user properties, use the Set-ADUser cmdlet. For example, to change the user’s title:

Set-ADUser -Identity "jdoe" -Title "Manager"

3. Deleting a User

To delete a user, use the Remove-ADUser cmdlet:

Remove-ADUser -Identity "jdoe"

4. Creating a New Organizational Unit (OU)

To create a new OU, use the New-ADOrganizationalUnit cmdlet:

New-ADOrganizationalUnit -Name "Sales" -Path "DC=domain,DC=com"

5. Searching for Users

To search for users, use the Get-ADUser cmdlet. For example, to find all users with the name "John":

Get-ADUser -Filter {GivenName -eq "John"}

Advanced Management

1. Bulk User Creation

To create multiple users from a CSV file, use the following script:

Import-Csv -Path "C:\Users\ListOfUsers.csv" | ForEach-Object {
    New-ADUser -Name $_.Name -GivenName $_.GivenName -Surname $_.Surname -SamAccountName $_.SamAccountName -UserPrincipalName $_.UserPrincipalName -Path $_.Path -AccountPassword (ConvertTo-SecureString $_.Password -AsPlainText -Force) -Enabled $true
}

2. Resetting User Passwords

To reset a user’s password, use the Set-ADAccountPassword cmdlet:

Set-ADAccountPassword -Identity "jdoe" -NewPassword (ConvertTo-SecureString "NewP@ssw0rd" -AsPlainText -Force) -Reset

Conclusion

Managing Active Directory using PowerShell provides a powerful and flexible way to automate administrative tasks. By mastering these cmdlets, you can efficiently manage your AD environment, saving time and reducing the potential for human error.