Finding Disabled Users:
get-qaduser –disabled
Create a new Active Directory user:
new-QADUser -name '<User CN>' -parentContainer '<Parent DN>' -UserPassword '<Password>' -FirstName '<User First Name>' -LastName '<User Last Name>' -UserPrincipalName '<User UPN>'
Create multiple users in Active Directory:
$parentDN = “<ParentDN>" $strPass = “userPaswd” For ($i = 1; $i -le 1000; $i++) { $strUserName = “User” + $i New-QADUser -name $strUserName -parentContainer $parentDN -UserPassword $strPass }
Modify Attributes for several users:
$strfileServer = "\Servername"
$objOU = [ADSI] "LDAP://<OU DN>"
$objOU.psbase.Children |% {
$uac = [int](($_.userAccountControl).ToString())
if (($_.objectClass -eq "user") -and (($uac -band 2) -eq 0))
{
$_.put("homeDirectory", $strFileServer + $_.sAMAccountName)
$_.SetInfo()
}
}
Delete user in Active Directory
remove-QADObject -identity <User DN>
Set user profile in Active Directory
get-QADUser -identity "<User DN>" | set-QADUser -HomeDirectory '\ServernameKatrin' -HomeDrive 'H:' -ProfilePath '\server1profilesjsmith' -scriptpath '\dcnamenetlogonlogonscript.vbs'
Move User to other OU
move-QADObject -Identity <UserDN> -NewParentContainerName <New OU DN>
Find Locked User Accounts
Get-QADuser -locked
Unlock User Account
Unlock-QADUser -Identity <UserDN>
Retrieve Password lockout policy
Get-QADObject domainname.com | format-list Name, *password*, *lockout*