Powershell for Active Directory

The Active Directory (AD) module needs to be imported before use. This can be done using the following Powershell (PS) command:

Import-Module ActiveDirectory

AD Organizational Unit

Users in AD can be organized into groups called Organizational Units (OU). The OU must be created before adding AD users can be added to the group. Users under an OU can be managed under the group, for example, deleting an ADOU will also remove AD users that are within the group.

Create ADOU
function Example-CreateADOU{
    param([string] $ADOUName,[string] $ADOUParentPath)
    $fullExpectedPath = "OU=$ADOUName,$ADOUParentPath"
    if(-Not ([ADSI]::Exists("LDAP://$fullExpectedPath")))
    {
        New-ADOrganizationalUnit -Name $ADOUName -Path $ADOUParentPath
        Get-ADOrganizationalUnit -Identity $fullExpectedPath
    }
}
Example-CreateADOU -ADOUName "Managers" -ADOUParentPath "DC=enterprise,DC=com"
Example of ADOU being created under an AD domain
Create AD user under ADOU
function Example-CreateAD{
    param([string] $ADUsersJson,[bool] $ThrowException=$False)
    $NewADUserObjs = $ADUsersJson | ConvertFrom-Json
    ForEach ($NewADUserObj in $NewADUserObjs)
    {
        if (Get-ADUser -Filter "SamAccountName -eq '$($NewADUserObj.SamAccountName)'")
        {
            if ($ThrowException) { throw "User that you are trying to create already exists" }
        }
        else
        {
            New-ADUser -Name $NewADUserObj.Name `
            -Path $NewADUserObj.ADOUPath `
            -SamAccountName $NewADUserObj.SamAccountName `
            -AccountPassword (ConvertTo-SecureString $NewADUserObj.AccountPassword -AsPlainText -Force) `
            -GivenName $NewADUserObj.GivenName `
            -DisplayName $NewADUserObj.DisplayName `
            -Surname $NewADUserObj.Surname `
            -UserPrincipalName $NewADUserObj.UserPrincipalName `
            -EmailAddress $NewADUserObj.EmailAddress `
            -ChangePasswordAtLogon $false `
            -Enabled $true
        }        
        Get-ADUser -Filter "SamAccountName -eq '$($NewADUserObj.SamAccountName)'"
    }
}
Example-CreateAD -ADUsersJson "[{`"GivenName`":`"GivenName01`", `
    `"Name`":`"Name01`", `
    `"Surname`":`"Surname01`", `
    `"DisplayName`":`"Surname01 Name01`", `
    `"ADOUName`":`"Managers`", `
    `"ADOUPath`":`"OU=Managers,DC=enterprise,DC=com`", `
    `"SamAccountName`":`"SampleUser01`", `
    `"UserPrincipalName`":`"SampleUser01`", `
    `"EmailAddress`":`"SampleUser01@enterprise.com`", `
    `"AccountPassword`":`"Password01`" `
    }]"
Delete ADOU
function Example-DeleteADOU{
    param([string] $ADOUPath)
    if([ADSI]::Exists("LDAP://$ADOUPath"))
    {
        Get-ADOrganizationalUnit -Identity $ADOUPath |Set-ADOrganizationalUnit –ProtectedFromAccidentalDeletion $false
        Remove-ADOrganizationalUnit -Identity $ADOUPath -Confirm:$false -recursive
    }
}
Example-DeleteADOU -ADOUPath "OU=Managers,DC=enterprise,DC=com"

source – creating ad users with Powershell

Leave a Reply

Your email address will not be published. Required fields are marked *