Active Directory

The Active Directory module for Windows PowerShell is a PowerShell module that consolidates a group of cmdlets. You can use these cmdlets to manage your Active Directory domains, Active Directory Lightweight Directory Services (AD LDS) configuration sets, and Active Directory Database Mounting Tool instances in a single, self-contained package.

If you don't have the Active Directory module installed on your machine, you need to download the correct Remote Server Administration Tools (RSAT) package for your OS. If you're running windows 7, you will also need to run the import-module ActiveDirectory command from an elevated PowerShell prompt.

addsadministration

Add-ADCentral Access Policy Member

Adds central access rules to a central access policy in Active Directory.

Add-ADComputer Service Account

Adds one or more service accounts to an Active Directory computer.

Add-ADDomain Controller Password Replication Policy

Adds users, computers, and groups to the allowed or denied list of a read-only domain controller password replication policy.

Add-ADFine Grained Password Policy Subject

Applies a fine-grained password policy to one or more users and groups.

Add-ADGroup Member

Adds one or more members to an Active Directory group.

Add-ADPrincipal Group Membership

Adds a member to one or more Active Directory groups.

Add-ADResource Property List Member

Adds one or more resource properties to a resource property list in Active Directory.

Clear-ADAccount Expiration

Clears the expiration date for an Active Directory account.

Clear-ADClaim Transform Link

Removes a claims transformation from being applied to one or more cross-forest trust relationships in Active Directory.

Disable-ADAccount

Disables an Active Directory account.

Disable-ADOptional Feature

Disables an Active Directory optional feature.

Enable-ADAccount

Enables an Active Directory account.

Enable-ADOptional Feature

Enables an Active Directory optional feature.

Get-ADAccount Authorization Group

Gets the accounts token group information.

Get-ADAccount Resultant Password Replication Policy

Gets the resultant password replication policy for an Active Directory account.

Get-ADAuthentication Policy

Gets one or more Active Directory Domain Services authentication policies.

Get-ADAuthentication Policy Silo

Gets one or more Active Directory Domain Services authentication policy silos.

Get-ADCentral Access Policy

Retrieves central access policies from Active Directory.

Get-ADCentral Access Rule

Retrieves central access rules from Active Directory.

Get-ADClaim Transform Policy

Returns one or more Active Directory claim transform objects based on a specified filter.

Get-ADClaim Type

Returns a claim type from Active Directory.

Get-ADComputer

Gets one or more Active Directory computers.

Get-ADComputer Service Account

Gets the service accounts hosted by a computer.

Get-ADDCCloning Excluded Application List

Gets a list of installed programs and services present on this domain controller that are not in the default or user defined inclusion list.

Get-ADDefault Domain Password Policy

Gets the default password policy for an Active Directory domain.

Get-ADDomain

Gets an Active Directory domain.

Get-ADDomain Controller

Gets one or more Active Directory domain controllers based on discoverable services criteria, search parameters or by providing a domain controller identifier, such as the NetBIOS name.

Get-ADDomain Controller Password Replication Policy

Gets the members of the allowed list or denied list of a read-only domain controller's password replication policy.

Get-ADDomain Controller Password Replication Policy Usage

Gets the Active Directory accounts that are authenticated by a read-only domain controller or that are in the revealed list of the domain controller.

Get-ADFine Grained Password Policy

Gets one or more Active Directory fine-grained password policies.

Get-ADFine Grained Password Policy Subject

Gets the users and groups to which a fine-grained password policy is applied.

Get-ADForest

Gets an Active Directory forest.

Get-ADGroup

Gets one or more Active Directory groups.

Get-ADGroup Member

Gets the members of an Active Directory group.

Get-ADObject

Gets one or more Active Directory objects.

Get-ADOptional Feature

Gets one or more Active Directory optional features.

Get-ADOrganizational Unit

Gets one or more Active Directory organizational units.

Get-ADPrincipal Group Membership

Gets the Active Directory groups that have a specified user, computer, group, or service account.

Get-ADReplication Attribute Metadata

Gets the replication metadata for one or more Active Directory replication partners.

Get-ADReplication Connection

Returns a specific Active Directory replication connection or a set of AD replication connection objects based on a specified filter.

Get-ADReplication Failure

Returns a collection of data describing an Active Directory replication failure.

Get-ADReplication Partner Metadata

Returns the replication metadata for a set of one or more replication partners.

Get-ADReplication Queue Operation

Returns the contents of the replication queue for a specified server.

Get-ADReplication Site

Returns a specific Active Directory replication site or a set of replication site objects based on a specified filter.

Get-ADReplication Site Link

Returns a specific Active Directory site link or a set of site links based on a specified filter.

Get-ADReplication Site Link Bridge

Gets a specific Active Directory site link bridge or a set of site link bridge objects based on a specified filter.

Get-ADReplication Subnet

Gets one or more Active Directory subnets.

Get-ADReplication UpTo Dateness Vector Table

Displays the highest Update Sequence Number (USN) for the specified domain controller.

Get-ADResource Property

Gets one or more resource properties.

Get-ADResource Property List

Gets resource property lists from Active Directory.

Get-ADResource Property Value Type

Gets a resource property value type from Active Directory.

Get-ADRootDSE

Gets the root of a directory server information tree.

Get-ADService Account

Gets one or more Active Directory managed service accounts or group managed service accounts.

Get-ADTrust

Gets all trusted domain objects in the directory.

Get-ADUser

Gets one or more Active Directory users.

Get-ADUser Resultant Password Policy

Gets the resultant password policy for a user.

Grant-ADAuthentication Policy Silo Access

Grants permission to join an authentication policy silo.

Install-ADService Account

Installs an Active Directory managed service account on a computer or caches a group managed service account on a computer.

Move-ADDirectory Server

Moves a directory server in Active Directory to a new site.

Move-ADDirectory Server Operation Master Role

Moves operation master roles to an Active Directory directory server.

Move-ADObject

Moves an Active Directory object or a container of objects to a different container or domain.

New-ADAuthentication Policy

Creates an Active Directory Domain Services authentication policy object.

New-ADAuthentication Policy Silo

Creates an Active Directory Domain Services authentication policy silo object.

New-ADCentral Access Policy

Creates a new central access policy in Active Directory containing a set of central access rules.

New-ADCentral Access Rule

Creates a central access rule in Active Directory.

New-ADClaim Transform Policy

Creates a new claim transformation policy object in Active Directory.

New-ADClaim Type

Creates a new claim type in Active Directory.

New-ADComputer

Creates a new Active Directory computer object.

New-ADDCClone Config File

Performs prerequisite checks for cloning a domain controller and generates a clone configuration file if all checks succeed.

New-ADFine Grained Password Policy

Creates a new Active Directory fine-grained password policy.

New-ADGroup

Creates an Active Directory group.

New-ADObject

Creates an Active Directory object.

New-ADOrganizational Unit

Creates an Active Directory organizational unit.

New-ADReplication Site

Creates an Active Directory replication site in the directory.

New-ADReplication Site Link

Creates a new Active Directory site link for in managing replication.

New-ADReplication Site Link Bridge

Creates a site link bridge in Active Directory for replication.

New-ADReplication Subnet

Creates an Active Directory replication subnet object.

New-ADResource Property

Creates a resource property in Active Directory.

New-ADResource Property List

Creates a resource property list in Active Directory.

New-ADService Account

Creates a new Active Directory managed service account or group managed service account object.

New-ADUser

Creates an Active Directory user.

Remove-ADAuthentication Policy

Removes an Active Directory Domain Services authentication policy object.

Remove-ADAuthentication Policy Silo

Removes an Active Directory Domain Services authentication policy silo object.

Remove-ADCentral Access Policy

Removes a central access policy from Active Directory.

Remove-ADCentral Access Policy Member

Removes central access rules from a central access policy in Active Directory.

Remove-ADCentral Access Rule

Removes a central access rule from Active Directory.

Remove-ADClaim Transform Policy

Removes a claim transformation policy object from Active Directory.

Remove-ADClaim Type

Removes a claim type from Active Directory.

Remove-ADComputer

Removes an Active Directory computer.

Remove-ADComputer Service Account

Removes one or more service accounts from a computer.

Remove-ADDomain Controller Password Replication Policy

Removes users, computers, and groups from the allowed or denied list of a read-only domain controller password replication policy.

Remove-ADFine Grained Password Policy

Removes an Active Directory fine-grained password policy.

Remove-ADFine Grained Password Policy Subject

Removes one or more users from a fine-grained password policy.

Remove-ADGroup

Removes an Active Directory group.

Remove-ADGroup Member

Removes one or more members from an Active Directory group.

Remove-ADObject

Removes an Active Directory object.

Remove-ADOrganizational Unit

Removes an Active Directory organizational unit.

Remove-ADPrincipal Group Membership

Removes a member from one or more Active Directory groups.

Remove-ADReplication Site

Deletes the specified replication site object from Active Directory.

Remove-ADReplication Site Link

Deletes an Active Directory site link used to manage replication.

Remove-ADReplication Site Link Bridge

Deletes a replication site link bridge from Active Directory.

Remove-ADReplication Subnet

Deletes the specified Active Directory replication subnet object from the directory.

Remove-ADResource Property

Removes a resource property from Active Directory.

Remove-ADResource Property List

Removes one or more resource property lists from Active Directory.

Remove-ADResource Property List Member

Removes one or more resource properties from a resource property list in Active Directory.

Remove-ADService Account

Removes an Active Directory managed service account or group managed service account object.

Remove-ADUser

Removes an Active Directory user.

Rename-ADObject

Changes the name of an Active Directory object.

Reset-ADService Account Password

Resets the password for a standalone managed service account.

Restore-ADObject

Restores an Active Directory object.

Revoke-ADAuthentication Policy Silo Access

Revokes membership in an authentication policy silo for the specified account.

Search-ADAccount

Gets Active Directory user, computer, or service accounts.

Set-ADAccount Authentication Policy Silo

Modifies the authentication policy or authentication policy silo of an account.

Set-ADAccount Control

Modifies user account control (UAC) values for an Active Directory account.

Set-ADAccount Expiration

Sets the expiration date for an Active Directory account.

Set-ADAccount Password

Modifies the password of an Active Directory account.

Set-ADAuthentication Policy

Modifies an Active Directory Domain Services authentication policy object.

Set-ADAuthentication Policy Silo

Modifies an Active Directory Domain Services authentication policy silo object.

Set-ADCentral Access Policy

Modifies a central access policy in Active Directory.

Set-ADCentral Access Rule

Modifies a central access rule in Active Directory.

Set-ADClaim Transform Link

Applies a claims transformation to one or more cross-forest trust relationships in Active Directory.

Set-ADClaim Transform Policy

Sets the properties of a claims transformation policy in Active Directory.

Set-ADClaim Type

Modify a claim type in Active Directory.

Set-ADComputer

Modifies an Active Directory computer object.

Set-ADDefault Domain Password Policy

Modifies the default password policy for an Active Directory domain.

Set-ADDomain

Modifies an Active Directory domain.

Set-ADDomain Mode

Sets the domain mode for an Active Directory domain.

Set-ADFine Grained Password Policy

Modifies an Active Directory fine-grained password policy.

Set-ADForest

Modifies an Active Directory forest.

Set-ADForest Mode

Sets the forest mode for an Active Directory forest.

Set-ADGroup

Modifies an Active Directory group.

Set-ADObject

Modifies an Active Directory object.

Set-ADOrganizational Unit

Modifies an Active Directory organizational unit.

Set-ADReplication Connection

Sets properties on Active Directory replication connections.

Set-ADReplication Site

Sets the replication properties for an Active Directory site.

Set-ADReplication Site Link

Sets the properties for an Active Directory site link.

Set-ADReplication Site Link Bridge

Sets the properties of a replication site link bridge in Active Directory.

Set-ADReplication Subnet

Sets the properties of an Active Directory replication subnet object.

Set-ADResource Property

Modifies a resource property in Active Directory.

Set-ADResource Property List

Modifies a resource property list in Active Directory.

Set-ADService Account

Modifies an Active Directory managed service account or group managed service account object.

Set-ADUser

Modifies an Active Directory user.

Show-ADAuthentication Policy Expression

Displays the Edit Access Control Conditions window update or create security descriptor definition language (SDDL) security descriptors.

Sync-ADObject

Replicates a single object between any two domain controllers that have partitions in common.

Test-ADService Account

Tests a managed service account from a computer.

Uninstall-ADService Account

Uninstalls an Active Directory managed service account from a computer or removes a cached group managed service account from a computer.

Unlock-ADAccount

Unlocks an Active Directory account.