Active Directory Powershell Befehle

Windows Server 2012

OU einer Zugriffsgruppe hinzufügen
Get-ADUser -SearchBase ‘CN=Test2,OU=Users,OU=Konfiguration,DC=NDSEDV,DC=DE’ -Filter * | % {Add-ADGroupMember ‘Zugriff_File’ -Members $_.DistinguishedName}

Zeige die Mitglieder einer Gruppe
Get-ADGroupMember -Identity “Group-A” | Format-Table Name

Add Members of Group-A to Group-B
Get-ADGroupMember -Identity “Group-A” | Format-Table Name
Get-ADGroupMember -Identity “Group-B” | Format-Table Name
Get-ADGroupMember “Group-A” | Get-ADUser | ForEach-Object {Add-ADGroupMember -Identity “Group-B” -Members $_}
Get-ADGroupMember -Identity “Group-A” | Format-Table Name
Get-ADGroupMember -Identity “Group-B” | Format-Table Name

Zeige alle Gruppen die mit x beginnen
Get-ADGroup -LDAPFilter “(name=Group-*)” | Format-Table

Zeige Mitglieder aller Gruppen die mit Group-x beginnen
Get-ADGroupMember -Identity “Group-A” | Format-Table Name
Get-ADGroupMember -Identity “Group-B” | Format-Table Name
Get-ADGroup -LDAPFilter “(name=Group-*)” | Get-ADGroupMember | Format-Table Name

Zeige die Mitglieder einer Gruppe rekursiv
Get-ADGroupMember -Identity “Group-A” | Format-Table Name
Get-ADGroupMember -Identity “Group-B” | Format-Table Name
Get-ADGroupMember -Identity “Group-C” | Format-Table Name
Get-ADGroupMember -Identity “Group-A” -Recursive | Format-Table Name

Füge die Mitglieder der Gruppe-A rekursiv der Gruppe-C hinzu
Get-ADGroupMember -Identity “Group-A” | Format-Table Name
Get-ADGroupMember -Identity “Group-B” | Format-Table Name
Get-ADGroupMember -Identity “Group-C” | Format-Table Name
Get-ADGroupMember -Identity “Group-A” -Recursive | Get-ADUser | ForEach-Object {Add-ADGroupMember -Identity “Group-C” -Members $_}

Entferne die Mitglieder aus der Gruppe-A die in Gruppe-B sind
Get-ADGroupMember -Identity “Group-A” | Format-Table Name
Get-ADGroupMember -Identity “Group-B” | Format-Table Name
Get-ADGroupMember -Identity “Group-B” | Get-ADUser | ForEach-Object {Remove-ADGroupMember -Identity “Group-A” -Members $_ -Confirm:$False}

Zeige die Mitglieder der Gruppe-A deren Accounts deaktiviert sind
Get-ADGroupMember -Identity “Group-A” | Get-ADUser | Format-Table Enabled,SamAccountName
Get-ADGroupMember -Identity “Group-A” | Get-ADUser | Where-Object {$_.Enabled -eq $False} | Format-Table Enabled,SamAccountName

Zeige die Mitglieder aller Gruppen die mit Group-x beginnen und deren Accounts deaktiviert sind
Get-ADGroupMember -Identity “Group-A” | Get-ADUser | Format-Table Enabled,SamAccountName
Get-ADGroupMember -Identity “Group-B” | Get-ADUser | Format-Table Enabled,SamAccountName

Entferne aus der Gruppe A alle deaktivierten Accounts
Get-ADGroupMember -Identity “Group-A” | Get-ADUser | Format-Table Enabled,SamAccountName
Get-ADGroupMember -Identity “Group-A” | Get-ADUser | Where-Object {$.Enabled -eq $False} | ForEach-Object {Remove-ADGroupMember -Identity “Group-A” -Members $ -Confirm:$False}
Get-ADGroupMember -Identity “Group-A” | Get-ADUser | Format-Table Enabled,SamAccountName

Download als .txt Datei

Active Directory Powershell Befehle