154 lines
4.4 KiB
Markdown
154 lines
4.4 KiB
Markdown
# Learn Powershell with Active Directory in Less than 2 Hours
|
|
|
|
## Windows Server
|
|
|
|
Windows Server is a Microsoft operating system designed to manage networks,
|
|
users, and applications in a business environment.
|
|
It provides services such as file sharing, security management,
|
|
and server hosting to support reliable and centralized IT operations.
|
|
|
|
|
|
## Active Directory
|
|
|
|
Active Directory (AD) is a directory service developed by Microsoft
|
|
that helps organizations manage and organize users, computers,
|
|
and other resources within a network.
|
|
It allows administrators to control access, enforce security policies,
|
|
and manage permissions from a central location.
|
|
|
|
## Import-Module
|
|
|
|
Before using active Directory with Powershell we have to imports the cmdlet
|
|
|
|
```powershell
|
|
Import-Module ActiveDirectory
|
|
Get-Command -Module ActiveDirectory
|
|
```
|
|
|
|
## Get-Help
|
|
|
|
To see all the options for one command
|
|
|
|
```powershell
|
|
Get-Help New-ADUser
|
|
```
|
|
|
|
## OU
|
|
|
|
An Organizational Unit (OU) is a container in Active Directory used
|
|
to organize users, computers, and groups within a domain.
|
|
It helps administrators manage resources more efficiently by grouping objects based on departments,
|
|
roles, or locations.
|
|
|
|
### New-ADOrganizationalUnit
|
|
|
|
```powershell
|
|
New-ADOrganizationalUnit -Name "ROCK" -Path "DC=mrsh,DC=org"
|
|
New-ADOrganizationalUnit -Name "Staff" -Path "OU=ROCK DC=mrsh,DC=org"
|
|
New-ADOrganizationalUnit -Name "Students" -Path "OU=ROCK DC=mrsh,DC=org"
|
|
New-ADOrganizationalUnit -Name "LedZep" -Path "OU=Students OU=ROCK DC=mrsh,DC=org"
|
|
New-ADOrganizationalUnit -Name "Cream" -Path "OU=Students OU=ROCK DC=mrsh,DC=org"
|
|
New-ADOrganizationalUnit -Name "Who" -Path "OU=Students OU=ROCK DC=mrsh,DC=org"
|
|
New-ADOrganizationalUnit -Name "Hendrix" -Path "OU=Students OU=ROCK DC=mrsh,DC=org"
|
|
```
|
|
|
|
## Users
|
|
|
|
In Active Directory, users are directory objects that represent individual
|
|
people or service accounts and are used to authenticate
|
|
and authorize access to network resources.
|
|
Each user account contains attributes such as a username, password, group memberships,
|
|
and profile information, which allow administrators to manage
|
|
identity, security, and permissions centrally.
|
|
Through Active Directory, users can log on to domain-joined computers,
|
|
access shared files, applications, and services, and inherit
|
|
permissions based on their group assignments, making user management more efficient,
|
|
secure, and scalable in enterprise environments.
|
|
|
|
### New-ADUser
|
|
|
|
For creating a new user
|
|
|
|
```powershell
|
|
New-ADUser -Name "Jimmy Page" -SamAccountName "jpage" -UserPrincipalName "jpage@mrsh.org"
|
|
`-Path "OU=Rock , OU=Students, OU=LedZep, DC=mrsh, DC=org" -AccountPassword (ConvertTo-SecureString "Music123" -AsPlainText -force) -Enabled $true
|
|
```
|
|
|
|
### Get-ADUser
|
|
|
|
For fetching informations about a user
|
|
|
|
```powershell
|
|
Get-ADUser -Identity "jpage"
|
|
Get-Aduser -Filter 'Enabld -eq $true'
|
|
|
|
#setting a varialbe to a user
|
|
|
|
$ADUser = Get-ADUser -Identity "jpage"
|
|
$ADUser.UserPrincipalName
|
|
|
|
# return
|
|
# jpage@mrsh.org
|
|
|
|
$ADUser = Get-Aduser -Identity "jpage" | Select-Object Name,SamAccountName,UserPrincipalName
|
|
```
|
|
|
|
### Set-ADUser
|
|
|
|
Change property of an user
|
|
|
|
```powershell
|
|
Set-ADUser -Identity "jpage" -Email "jimmy.page@mrsh.org" -OfficePhone "800-555-0000"
|
|
|
|
Set-ADUser -Identity 'jpage' -Enabled:$false
|
|
```
|
|
|
|
### Set-ADAccountPassowrd
|
|
|
|
How to change password of an account
|
|
|
|
|
|
```powershell
|
|
Set-ADAccountPassowrd -Identity "jpage" -Reset -NewPassword (ConvertTo-SecureString "NewPassqord1" -AsPlainText -Force)
|
|
#for security the user have to set a new password at logon
|
|
Set-ADUser -Identity "jpage" -ChangePasswordAtLogon $true
|
|
```
|
|
|
|
###
|
|
|
|
### Unlock-ADAccount
|
|
|
|
Unlock a Active directory user
|
|
|
|
```powershell
|
|
Unlock-ADAccount -Identity 'jpage'
|
|
```
|
|
|
|
## Group
|
|
|
|
In Active Directory, groups are used to organize users, computers,
|
|
and other objects so administrators can manage permissions
|
|
and access more efficiently.
|
|
By assigning permissions to a group rather than to individual users,
|
|
changes can be made quickly by adding or removing members from the group.
|
|
Active Directory supports different group scopes and types, allowing
|
|
organizations to control access to resources such as files,
|
|
applications, and network services in a structured and scalable way.
|
|
|
|
### New-ADGroup
|
|
|
|
```powershell
|
|
New-ADGroup -Name "Guitar" -Path "OU=Students, OU=Rock, DC=mrsh, DC=org -GroupScope Gloabal"
|
|
```
|
|
### Add-ADGroupMember
|
|
|
|
```powershell
|
|
Add-ADGroupMember -Identity "Guitar" -Members "jpage"
|
|
```
|
|
|
|
### Get-ADGroup
|
|
|
|
```powershell
|
|
$Group = Get-ADGroup -Identity 'Guitar'
|
|
```
|