Home / Solution / Active Directory Group Management Using PowerShell

Active Directory Group Management Using PowerShell

In this text, we’ll take a look at PowerShell options to handle Active Directory area teams. We’ll see create a brand new group in AD, add customers to it and take away them, to show the record of group customers and another helpful actions with the area teams, that are extraordinarily helpful to on a regular basis administration. The following fundamental cmdlets can be found for managing AD teams within the module Active Directory for Windows PowerShell:

To use these cmdlets, you could have a particular module to work together with AD — Active Directory Module for Windows PowerShell. This module was launched in Windows Server 2008 R2. In Windows Server 2012/2012R2/2016, it’s enabled by default on the DCs. You can set up and allow it on consumer computer systems (Windows 10,eight.1 and seven) as one among RSAT parts. You can be sure if the module is accessible as follows:

Get-Module -Listavailable

activedirectory module for powershell

As you possibly can see, ActiveDirectory module is loaded. If not, import it utilizing this command:

Import-Module ActiveDirectory

You can get a whole record of module instructions by operating the next:

Get-Command -Module ActiveDirectory

There are 147 cmdlets obtainable within the module, and 11 of them seek advice from managing the AD teams.

Get-Command -Module ActiveDirectory -Name "*Group*"

Here is the record:

Module ActiveDirectory to manage AD group in powershell

  • Add-ADGroupMember
  • Add-ADPrincipalGroupMembership
  • Get-ADAccountAuthorizationGroup
  • Get-ADGroup
  • Get-ADGroupMember
  • Get-ADPrincipalGroupMembership
  • New-ADGroup
  • Remove-ADGroup
  • Remove-ADGroupMember
  • Remove-ADPrincipalGroupMembership
  • Set-ADGroup

New-ADGroup – Creating a New AD Group

Create a brand new group within the specified Active Directory container (OU) utilizing New-ADGroup command:

New-ADGroup "TestADGroup" -path 'OU=Groups,OU=NY,OU=US,DC=corp,dc=woshub,DC=com' -GroupScope Global -PassThru –Verbose

Using the Description attribute, you possibly can set a gaggle description, and utilizing ShowName, the displayed title may be modified.

New-ADGroup - create new ad group

One of the next group sorts may be set by GroupScope parameter:

  • zero = DomainLocal
  • 1 = Global
  • 2 = Universal

You can create a distribution group as follows:

New-ADGroup "TestADGroup-Distr" -path 'OU=Groups,OU=NY,OU=US,DC=corp,dc=woshub,DC=com' -GroupClass Distribution -GroupScope Global -PassThru –Verbose

Add-AdvertGroupMember – Adding Users to an AD Group

You can add customers to an Active Directory group utilizing Add-AdvertGroupMember cmdlet. Add two new customers to your new group:

Add-AdvertGroupMember -Identity TestADGroup -Members user1, user2

Add-AdGroupMember

If the record of customers to be added to the group is sort of giant, it can save you the record of person accounts to a CSV file, then import this file and add every person to the group.

The format of the CSV file needs to be as follows (customers should be listed by one in a row with customers because the column header).

add users to ad group from a csv fileusers.csv

Import-CSV .customers.csv -Header customers | ForEvery-Object

To get all members of a gaggle (groupX) and add them to a different group (groupY), use this command:

Get-ADGroupMember “GroupX” | Get-ADUser | ForEvery-Object

If it’s essential to copy the members of all subgroups (recursively) to a brand new group, run this command:

Get-ADGroupMember -Identity “GroupX” -Recursive | Get-ADUser | ForEvery-Object

Remove-ADGroupMember – Removing Users from an AD Group

To take away customers from the AD group, use Remove-ADGroupMember cmdlet. Let’s take away two customers from the group:

Remove-ADGroupMember -Identity TestADGroup -Members user1, user2

Confirm person removing:

Remove-ADGroupMember

If you need to take away customers from a gaggle in keeping with the customers record from a CSV file, use this command:

Import-CSV .customers.csv -Header customers | ForEvery-Object

Get-ADGroup – Getting Information About an AD Group

Get-ADGroup cmdlet will assist to get details about the group:

Get-ADGroup 'TestADGroup'

This command shows details about the primary attributes of the group (DN, group kind, title, SID). To show the values of all AD area group attributes, run the next command:

Get-ADGroup 'TestADGroup' -properties *

Get-ADGroup properties

As you possibly can see, such attributes, like time of group creation and modification, description, and many others., are actually displayed.

Using Get-ADGroup cmdlet, you could find teams by a sure sample. For instance, you need to discover all AD teams, whose title accommodates the phrase admins::

Get-ADGroup -LDAPFilter “(title=*admins*)” | Format-Table

Get-ADGroupMember – Displaying the List of Users in an AD Group

To show the record of customers within the group:

Get-ADGroupMember 'TestADGroup'

To depart solely person names within the outcomes, run:

Get-ADGroupMember 'TestADGroup'| ft title

Get-ADGroupMember - ad group membership with username

If different area teams are included on this group, use Recursive parameter to show the total record of members together with all nested teams.

Get-ADGroupMember ADadmins -recursive| ft title

To export the record of accounts being the members of a particular group right into a CSV file (for additional use in Excel), run the next command:

Get-ADGroupMember 'ADadmins' -recursive| ft samaccountname| Out-File c:PSADadminsList.csv

To add AD person account knowledge to a textual content file, use Get-ADUser cmdlet. For instance, along with person account, it’s essential to show the place and the cellphone variety of a person:

Get-ADGroupMember -Identity ADadmins -recursive| foreach Select-Object title, OfficePhone

You can depend the variety of customers in a gaggle like this:

(Get-ADGroupMember -Identity 'area admins').Count

It turned out that there are 7 administrator accounts within the “area admins” group.

Get-ADGroupMember

To get the record of empty teams within the particular OU, use this command:

Get-ADGroup -Filter * -Properties Members -searchbase “OU=NY,OU-US,DC=corp,dc=woshub,DC=com”  | the place | choose Name

Check Also

Licensing Mode for Remote Desktop Session Host is not Configured

When attempting to configure a brand new host within the RDS farm working Windows Server …

Leave a Reply

Your email address will not be published. Required fields are marked *