-
One thing we have to do quite frequently is change the values in various AD attributes. This can be achieved as follows if ( -not ( Get-Module ActiveDirectory ) ) { Import-Module ActiveDirectory } $ou = "OU=England,DC=Manticore,DC=org" $desc...
-
We have seen how get, add to and clear the UPN suffix list. The last piece of processing I want to look at is removing a single value from the list of suffixes if ( -not ( Get-Module ActiveDirectory ) ) { Import-Module ActiveDirectory } $domain...
-
You need to remove all UPN suffixes from AD if ( -not ( Get-Module ActiveDirectory ) ) { Import-Module ActiveDirectory } $domain = [System.DirectoryServices.ActiveDirectory.Domain] :: GetCurrentDomain ( ) $domaindn = ( $domain . GetDirectoryEntry...
-
Last time we looked at reading the available UPN suffixes -remember the default one doesn’t show in the list This is how we add a suffix to the list of available suffixes. This is a good example of working with a multi-valued AD attribute...
-
When we were creating users on of the properties we created was the UPN – userPrincipalName. This takes the form name@suffix Name defaults to the samaccountname and the suffix is usually the DNS name of your domain BUT you can define additional...
-
A quick look at enabling accounts if ( -not ( Get-Module ActiveDirectory ) ) { Import-Module ActiveDirectory } $ou = "OU=England,DC=Manticore,DC=org" "`nMicrosoft" $name = "UserA" Enable-ADAccount -Identity $name "`nAD...
-
In the last post we enabled an account that had been created in a disabled state. In this post and the next I want to look at deliberately disabling and enabling a normal account First off lets disable some accounts if ( -not ( Get-Module ActiveDirectory...
-
Last time we looked at creating new user accounts in Active Directory. The barest of information was used to create the account. This did not include a password. The accounts were also created disabled. We need to give the user a password and enable...
-
The AD examples in recent posts have shown the *-Item cmdlets used against the AD provider. If you would like more information on how these cmdlets (and the *-ItemProperty cmdlets) work in the AD provider – use Get-Help inside the provider. For example...
-
In this post I’ll show the absolute bare bones code required to create an AD user if ( -not ( Get-Module ActiveDirectory ) ) { Import-Module ActiveDirectory } $ou = "OU=England,DC=Manticore,DC=org" $domain = "manticore.org" "...
-
At sometime we have to delete user accounts. This can be accomplished using any of the following methods. The important point is to ensure your processes have enough checks and balances to ensure you delete the correct account! if ( -not ( Get-Module...
-
Moving users between OUs in Active Directory is a straight forward task DON’T RUN THIS AS ONE SCRIPT OR ALL BUT THE FIRST MOVE WILL FAIL. COMMENT OUT THE BITS YOU DON’T NEED if ( -not ( Get-Module ActiveDirectory ) ) { Import-Module ActiveDirectory...
-
If you look closely at the AD cmdlets you will see that they have parameters that allow filtering of the result Get-QADUser has an –LDAPFilter parameter Get-ADUser has an –LDAPFilter parameter and a –Filter parameter. How do these work? if ( -not ( Get...
-
Lets look at searching for a single user $name = "NEWTON Isaac" $ou = "OU=England,DC=Manticore,DC=org" $dn = "cn=$name,$ou" "`nMicrosoft" Get-ADUser -Identity $dn | Format-Table Name , DistinguishedName "`nAD...
-
One thing I forgot in my last post was using the AD provider that comes with the Microsoft AD cmdlets. $ou = "OU=England,DC=Manticore,DC=org" Get-ChildItem -Path AD:\$ou | Format-Table Name, DistinguishedName Gives the same result Use $ou =...