How to manage an active directory using powershell command

Everyone knows Microsoft because of Windows and its operating system graphics.

It’s true that graphics will be simple and easy to use but can’t be better and more efficient than Powershell commands.

In the Powershell service, we will work with commands that are used to manage the active directory.

Creating a user through PowerShell:

To do this, we will first run the Windows Powershell ISE service in the Windows search section with Administrator priority.

As you can see in Figure 1, we came into the ISE service that you see to create a user with a specific name and specification that we will check.

New-ADUser -name amir -DisplayName “amir said” -State Guilin – City Rasht – StreetAddress “Shahid a lame” -Homephone 0111 -Homepage   -Department cisco
Check above: The new-ADUser command must be used to create a user in PowerShell.

After that, we’ll put a dash (-) (after the dash for ease of typing, press the space bar to display the word automatically), followed by a list of commands New-ADUser is shown to us as a list that we will use depending on our needs.

After each command, there should be a dash to show us the commands for the main command.

The next step is to introduce the user name, which must first enter the name, and then the user name that is here amir, and then you can execute the code without entering the rest of the information because the rest of the information is complementary. Is the user.

Enter the full name with the display name command and after that.

Important Note: When you want to enter a name and the name is a few words apart, you have to put your desired words inside the double quotation mark (“”) such as “arash fall” to avoid an error. Don’t face it.
The rest of the commands are for the name of the province, city, street, etc. You can enter as desired.

This information is the same as the information in the properties section of a user by clicking on the run script icon. The instructions are executed and the user is created.

In Figure 2 you will need to enter your password after creating the user to type the following command:
set-ADAccountPassword amir
Entering this command will require you to enter the name of the user we have listed in the name field to display the password window for you.

If your user already has a password set, you must enter the password you want in the current window.
Otherwise, you have to click ok without entering a word and then enter the new password in the desired section then click ok and repeat the password in the last window Click ok to have the desired password.

Tip: First enter the first box to enter the password and enter the desired password in the current section to avoid errors.

Until this moment you will see a user with the details specified in Figure 3, and we have created a password. You should use the following command in Figure 4:

Enable-ADAccount air In this command, you must enter your username instead of Amir to enable the user to click on the run script icon at the top of the page.

As you can see in Figure 5 above the amir user is activated and can log in.
Creating a group using PowerShell:
Enter the PowerShell to create a group. Here are 6 commands to create a group called msc20 with the following settings:

New-ADGroup -Name msc20 -ManagedBY amir -GroupCategory Security -GroupScope Global –Description
“Network learning ”

  • New-ADGroup command to create a group
  • You must enter the name of the group in the name-band store
  • Next, with the ManagedBY command – specify which user or group to be the administrator of the group to enter the Amir username we created in the previous section
  • After this, the group type and scope of the group activity should be specified by the GroupCategory command, which you specify to be the security type or distribution
  • Also, with the GroupScope command, enter the group activity field which has three types global here and you can enter it in the Description section if there are any explanations

By accessing the Active Directory Users and Computers service in the Users section you can view the target group and click on it to see its related settings.

Build an organization unit using PowerShell:

Enter the PowerShell ise section and execute the following 7 rough commands:

New-ADOrganizationalUnit –Name sales12 -ProtectedFromAccidentalDeletion 1

  1. Using the New-ADOrganizationalUnit command you can create an organizational unit in your active directory First enter this command Next, write the name command – which is the name of the organizational unit we have named sales12, and you will create an organizational unit.
  2. You see the ProtectedFromAccidentalDeletion 1- command to prevent the object from being deleted when the number is 1 means it is enabled and if it is 0 it means disabled as you see the target group Created correctly.

After doing the Active Directory refreshes on your domain to display the relevant organization.

Remove users/groups/organization unit via PowerShell:

After creating users and user groups and organizations via PowerShell we should also be able to remove it. To remove a user from the active directory users and computer list, you should use the following command:

Remove-ADuser amir
After the above command in PowerShell as shown in Figure 8, you will be asked if you want to delete a user named Amir located in the user’s section. If you click yes and yes to all the user will be removed.

To remove the user group as shown in Figure 9, we use the following command in the power shell
Remove-ADGroup msc20.

As you can see, with the Remove-ADGroup command and then the name of the target group and its execution, the question is whether the target group you want to delete is removed.

To delete organizational units you should use the following command:
Remove – ADOrganizationalUnit sales12.

Sales 12 is the name of the organizational unit we created in the previous step and we want to delete it.

After executing the command you will encounter the following error:
In Figure 10 the opposite command is error-prone because the object is not found and to solve this problem you need to modify the following command to make the object available.

Remove-ADOrganizationalunit “OU = Sales 12, DC = hiva, DC = local”
In the above command, to find the sales 12 objects we have to put in the two ” ou = sales 12 names and then the comma and then enter the second name which is our hiva system and after By comma dc = local, this means that the entity name and the domain name must first be written to eliminate the error of the step.

As shown in Figure 11, you may still get an error after executing the above command, which means that you cannot access the object in question and this means that a command must be written to resolve it when defining the object. To disable the object protection section, enter the following command:

Set-ADOrganizationalUnit “OU = Sales 12, DC = hiva, DC = local” -ProtectedFromAccidentalDeletion 0
According to this command, we will select sales 12 with the Set-ADOrganizationalUnit command0  – Disable protection with ProtectedFromAccidentalDeletion command (zero is disabled)

Note: When the object in question is protected, the ou command or organizational unit can be easily removed by the previous command.
As you can see in Figure 12, the commands are typed in tandem with two lines and can be easily deleted.
As you can see in Figure 13, the group named Sales 12 was completely removed from the service list.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top