Active Directory PowerShell User Management Windows Server 2016

In the last few weeks I have been covering a few core technologies In my Weekly Series like Docker Basics and Office 365 PowerShell and today I’m starting a new Weekly series about management Of Active Directory using PowerShell.

With the upcoming release of Windows Server 2016 Windows Active Directory PowerShell Module comes with 147 cmdlets.

The Active directory PowerShell module Is load by default when Installing a Domain Controller.

You could access the module directly from the Administrative Control Panel on your Domain Controller as seen below:

You Could also load the module from any PowerShell Session on the DC using:

Import-module activedirectory

To get started I’ll show you how to use the AD PowerShell to run built In queries using the AD PowerShell Module.

To search AD for locked AD accounts type:

Search-adaccount -accountdisabled | ft

To search for Account with Expired password type:

Search-adaccount -passwordExpired| ft

To search for user with Password Never Expired setting type:

Search-adaccount -passwordneverExpires| ft

To search for users that have not logged on to the network for the last 90 days type:

Search-ADAccount -AccountInactive -TimeSpan 90.00:00:00 | ft

To search locked accounts type:

Search-ADAccount -lockout

You could also use search for computers only by using the -ComputersOnly switch

Search-adaccount -accountdisabled -computersOnly | ft