--- Sjoerd Hooft's InFormation Technology ---

User Tools

Site Tools


PowerShell AD Management

Import ActiveDirectory Module

To import the AD module for powershell issue this command:

import-module activedirectory

Get User Data

To see the full info for an AD account issue this command:

Get-ADUser <accountname> -properties *

Quest AD Management CMDLETs

Quest (part of Dell by the way) also provides some seriously well created commandlets, which can be downloaded here. Just download the “Quest One ActiveRoles Management Shell for Active Directory 32-bit - Zip” file (version 1.6.0) and install (as an administrator).

After installation you can start the shell and use the commandlets.

Connect to Different Domain

By default the domain you authenticate or are installed on will be used. If you want another domain use the service parameter:

get-qadgroup groupname -service dc.domain.local:389


These are some examples I used in an AD migration project:

Script example:

# Author: Sjoerd Hooft
# Purpose script: This script collects all groups in the new domain that have a groupmember in the old domain
$timestamp = Get-Date -format ""
$csvfile = "F:\qadgroups-$timestamp.csv"
$myCol = @()
ForEach ($adgroup in (Get-QADgroup -SizeLimit 0)){
$name = $adgroup.Name
Write-Host "Now processing $name"
ForEach ($member in (Get-QADGroupMember $adgroup -SizeLimit 0 | where {$_.Type -eq "group"} | where {$_.DN -match "olddomain"})){
$groupinfo = "" | Select ParentName,ParentDN,MemberName,MemberDN
$groupinfo.ParentName = $adgroup.Name
$groupinfo.ParentDN = $adgroup.DN
$groupinfo.MemberName = $member.Name
$groupinfo.MemberDN =$member.DN
$myCol += $groupinfo
$mycol | export-csv -notypeinformation $csvfile

These onliners collect all groups based on grouptype:

get-qadgroup -SizeLimit 0 -Service 'dc.olddomain:389' | where {$_.ParentcontainerDN -ne "CN=Builtin,DC=olddomain"} | where {$_.ParentcontainerDN -ne "CN=Users,DC=olddomain"}| where {$_.ParentcontainerDN -ne "OU=SMS,DC=olddomain"}| where {$_.groupscope -eq "DomainLocal"} | select Name | sort Name | Export-Csv -notypeinformation "F:\ad-groups-olddomain-domainlocal.csv"
get-qadgroup -SizeLimit 0 -Service 'dc.olddomain:389' | where {$_.ParentcontainerDN -ne "CN=Builtin,DC=olddomain"} | where {$_.ParentcontainerDN -ne "CN=Users,DC=olddomain"}| where {$_.ParentcontainerDN -ne "OU=SMS,DC=olddomain"}| where {$_.groupscope -eq "global"} | select Name | sort Name | Export-Csv -notypeinformation "F:\ad-groups-olddomain-global.csv"
get-qadgroup -SizeLimit 0 -Service 'dc.olddomain:389' | where {$_.ParentcontainerDN -ne "CN=Builtin,DC=olddomain"} | where {$_.ParentcontainerDN -ne "CN=Users,DC=olddomain"}| where {$_.ParentcontainerDN -ne "OU=SMS,DC=olddomain"}| where {$_.groupscope -eq "universal"} | select Name | sort Name | Export-Csv -notypeinformation "F:\ad-groups-olddomain-universal.csv"
get-qadgroup -SizeLimit 0 | where {$_.ParentcontainerDN -ne "CN=Builtin,DC=newdomain"} | where {$_.ParentcontainerDN -ne "CN=Users,DC=newdomain"}| where {$_.ParentcontainerDN -ne "OU=SMS,DC=newdomain"}| where {$_.groupscope -eq "universal"} | select Name | sort Name | Export-Csv -notypeinformation "F:\ad-groups-newdomain-universal.csv"
powershellad.txt · Last modified: 2021/09/24 00:25 by