AD Admin Commands

Question 1

How to find an AD user by name?

Answer 1

Get-ADUser -Filter “Name -eq [name]” -Properties *

Question 2

How to remove an AD user?

Answer 2

Remove-ADUser -Identity [SamAccountName]

Question 3

How to add an AD User?

Answer 3

Add-ADUser (-FullName …, -SamAccountName…, -DisplayName…, -Password.., ect.)

Question 4

How to unlock an AD account?

Answer 4

Unlock-ADAccount [SamAccountName]

Question 5

How to reset the password for an AD account?

Answer 5

Set-ADAccountPassword -Identity [SamAccountName] -Reset -NewPassword (ConvertTo-SecureString -AsPlainText [password] -Force)

Question 6

How to set an AD Account to create a new password at next logon?

Answer 6

Set-ADUser -Identity [SamAccountName] -ChangePasswordAtLogon $true

Question 7

How to copy a GPO?

Answer 7

Copy-GPO -SourceName [GPO-to-copy] -TargetName [copied GPO name]

Question 8

How to link a GPO to an OU?

Answer 8

New-GPLink -Name [GPO name] -Target [OU name] -LinkEnabled Yes

Question 9

What command is used to domain-join a local computer?

Answer 9

Add-Computer -DomainName [domain name] -Credential INLANEFREIGHT[admin uname] -Restart

Question 10

What command is used to domain join a remote computer?

Answer 10

Add-Computer -ComputerName [hostname] -LocalCredential [local admin uname] -DomainName [domain name] -Credential [domain admin uname] -Restart

Question 11

How to find the OU membership of a computer?

Answer 11

Get-ADComputer -Identity [hostname] -Properties * | select CN,CanonicalName,IPv4Address