PowerShell 活动目录 |安装活动目录模块 |示例

---

PowerShell 活动目录简介

管理 Active Directory 是 Windows 管理员的一个组成部分。管理员无法手动向 AD 添加或删除用户。这种通用操作需要自动化，而这正是 PowerShell 所提供的。它有一个单独的模块，其中包含可让管理员执行这些活动的 cmdlet。本文将展示如何使用 PowerShell 来处理 Active Directory 以及 PowerShell 的 Active Directory 模块中提供的一些流行的 cmdlet。

安装活动目录模块

在计算机中导入或安装 Active Directory 模块以访问 cmdlet 非常重要。这可以通过根据系统操作系统下载相应的RSAT包来完成。从 Windows 10 开始，RSAT 是按需权限的一部分，可以通过可选功能激活。

完成后，可以按如下方式导入模块：

导入模块ActiveDirectory

查看模块中可用的 cmdlet 列表。

获取命令-模块 ActiveDirectory

一些最常用的 cmdlet 如下：

Cmdlet Use Example New-ADUser This is to create a new user in the AD. New-ADUser -Name “Vignesh” -OtherAttributes @{‘title’=”engineer”;’mail’=”[email ”}. New-ADGroup This cmdlet is used to create an Active Directory group. New-ADGroup -Name “tested group” -SamAccountName testadmin -GroupCategory Security -GroupScope Global -DisplayName “o365 admin” -Path “CN=Users,DC=admin,DC=Com” -Description “this is a test group”. New-ADOrganizationalUnit This cmdlet is used to create a new organizational unit. New-ADOrganizationalUnit -Name “testaccounts” -Path “DC=test,DC=COM”. Add-ADGroupMember To add users to an Active Directory group. Add-ADGroupMember -Identity testadgorup -Members Vignesh,arun,vyapini. Remove-ADGroupMember To remove users from an active directory group. Remove-ADGroupMember -Identity testadgroup -Members Vignesh,nandhini,vyapini. Add-Computer This cmdlet is used to join a computer to a specific domain. Add-Computer -DomainName testdomain -Restart. Enable-ADAccount This cmdlet is used to enable a user or service account in the active directory. Enable-ADAccount -Identity “vignesh”. Disable-ADAccount This cmdlet is used to disable a user or service in the active directory. Disable-ADAccount -Identity “vignesh”. Unlock-ADAccount This cmdlet is used to unlock locked out accounts. Unlock-ADAccount -Identity “vignesh”. Search-ADAccount This cmdlet is used to search for accounts based on condition. Search-ADAccount -AccountDisabled -UsersOnly.

The above cmdlet will retrieve only the user accounts disabled. Test-ComputerSecureChannel This cmdlet is used to test and repair the connecting channel between the domain and the client system. Test-ComputerSecureChannel-Server “test.com”.

PowerShell 活动目录示例

下面给出了 PowerShell Active Directory 的示例：

例子#1

将用户添加到 Active Directory。

代码：

Write-Host "Welcome to the example of creating users in Active Directory"
$csv=Import-Csv -Path "C:\vignesh\test.csv"
foreach($row in $cvs)
{
$prop = @{
'GivenName' = $row.Gname
'Surname' = $row.Sname
'Name' = $row.Name
'AccountPassword' = (ConvertTo-SecureString 'p@$$123345' -AsPlainText -Force)
'ChangePasswordAtLogon' = $true
}
New-AdUser @prop
Write-Host "User is added to Ad" -ForegroundColor Green
}

上面的脚本将从 csv 文件中读取用户属性并在 AD 中创建用户。

输出：

例子#2

在 AD 组中添加和删除用户。

代码：

Write-Host "Welcome to the example of adding  users to Active Directory"
$csv=Import-Csv -Path "C:\vignesh\test.csv"
foreach($row in $cvs)
{
if($row.ISadd -eq "true")
{
Add-AdGroupMember -Identity $row.GroupName -Members $row.Member
Write-Host "User is added to the AD Group" -ForegroundColor Green
}
else
{
Remove-AdGroupMember -Identity $row.GroupName -Members $row.Member
Write-Host "User is removed  from the Active Directory Group" -ForegroundColor Red
}
}

输出：

例子#3

代码：

Write-Host "Welcome to the example of Enabling an Active Directory Account"
Enable-ADAccount -Identity "vignesh"
Write-Host "Success: The account vignesh is enabled" -ForegroundColor Green
Enable-ADAccount -Identity "Nandhini"
Write-Host "Success: The account Nandhini is enabled" -ForegroundColor Green
Enable-ADAccount -Identity "Vyapini"
Write-Host "Success: The account vyapini is enabled" -ForegroundColor Green
Enable-ADAccount -Identity "vijay"
Write-Host "Success: The account vijay is enabled" -ForegroundColor Green
Write-Host "Welcome to the example of disbaling an Active Directory Account"
Disable-ADAccount -Identity "vignesh"
Write-Host "Success: The account vignesh is disabled" -ForegroundColor Red
Disable-ADAccount -Identity "Nandhini"
Write-Host "Success: The account Nandhini is disabled" -ForegroundColor Red
Disable-ADAccount -Identity "Vyapini"
Write-Host "Success: The account vyapini is disabled" -ForegroundColor Red
Disable-ADAccount -Identity "vijay"
Write-Host "Success: The account vijay is disabled" -ForegroundColor Red
Write-Host "Welcome to the example of unlocking an Active Directory Account"
Unlock-ADAccount -Identity "sethu"
Write-Host "Success: The account sethu is disabled" -ForegroundColor Yellow
Unlock-ADAccount -Identity "krish"
Write-Host "Success: The account krish is disabled" -ForegroundColor Yellow
Unlock-ADAccount -Identity "siva"
Write-Host "Success: The account siva is disabled" -ForegroundColor Yellow
Unlock-ADAccount -Identity "madhavan"
Write-Host "Success: The account madhavan is disabled" -ForegroundColor Yellow

输出：

例子#4

代码：

Write-Host "Welcome to the example of Removing an Active Directory Account"
Remove-ADUser -Identity "vignesh"
Write-Host "Success: The account vignesh is removed" -ForegroundColor Red
Remove-ADUser -Identity "Nandhini"
Write-Host "Success: The account Nandhini is Removed" -ForegroundColor Red
Remove-ADUser -Identity "Vyapini"
Write-Host "Success: The account vyapini is Removed" -ForegroundColor Red
Remove-ADUser -Identity "vijay"
Write-Host "Success: The account vijay is removed" -ForegroundColor Red
Write-Host "Example of resetting users password"
$newpass=Read-Host "Please Enter the passowrd to be used" -AsSecureString
Set-ADAccountPassword -Identity "Vignesh" -NewPassword $newpass -Reset
Write-Host "Password is reset for vignesh successfully" -ForegroundColor Green
Set-ADAccountPassword -Identity "Nandhini" -NewPassword $newpass -Reset
Write-Host "Password is reset for Nandhini successfully" -ForegroundColor Green
Set-ADAccountPassword -Identity "Vyapini" -NewPassword $newpass -Reset
Write-Host "Password is reset for Vyapini successfully" -ForegroundColor Green
Write-Host "Example of creating a new AD Group"
New-ADGroup -Name "test Admins" -SamAccountName testadmins -GroupCategory Security -GroupScope Global -DisplayName "testadmins" -Path "CN=Users,DC=test,DC=Com" -Description "test"
Write-Host "new test ad group is created" -ForegroundColor Magenta
New-ADGroup -Name "test Admins1" -SamAccountName testadmins1 -GroupCategory Security -GroupScope Global -DisplayName "testadmins1" -Path "CN=Users,DC=test,DC=Com" -Description "test1"
Write-Host "new test ad group1 is created" -ForegroundColor Magenta
New-ADGroup -Name "test Admins2" -SamAccountName testadmins2 -GroupCategory Security -GroupScope Global -DisplayName "testadmins2" -Path "CN=Users,DC=test,DC=Com" -Description "test2"
Write-Host "new test ad group2 is created" -ForegroundColor Magenta
Write-Host "Demo of creating new OU Group"
New-ADOrganizationalUnit -Name "testou1" -Path "DC=test,DC=com"
Write-Host "testou1 is created" -ForegroundColor Yellow
New-ADOrganizationalUnit -Name "testou2" -Path "DC=test,DC=com"
Write-Host "testou2 is created" -ForegroundColor Yellow
New-ADOrganizationalUnit -Name "testou3" -Path "DC=test,DC=com"
Write-Host "testou3 is created" -ForegroundColor Yellow

输出：

结论

因此，本文详细介绍了如何使用PowerShell连接AD。我们还详细了解了一些常用的 AD 模块 cmdlet 以及示例。显示示例脚本执行最常见的自动化任务。