Hey, Scripting Guy! Is there a way to use Windows PowerShell to query Active Directory that does not involve writing a convoluted script? There are in fact, several ways that you can query Active Directory Domain Services from Windows PowerShell that do not involve writing a convoluted script. For example, one tool that can be used is DSQuery. This is seen here where I list all users who have been inactive for 4 weeks. Blog post are adapted from material in my book Windows PowerShell 2.
11 PowerShell commands to use in managing Active Directory
csv - PowerShell script for Active Directory and permissions - Stack Overflow
AVTech Hardware Device bundles available trhough our web store. This script is not intended for use in a production environment. SetInfo Next WScript. Echo "Group1 created and Users added to the group. SetInfo Changing the Scope of a Group Changes a global distribution group named Scientists to a universal security group. GetEx "memberOf" WScript. Connection" objConnection.
How to Bulk Modify Active Directory User Attributes
Active Directory is the defacto standard for computer and user authentication in basically all business environments. At its core, AD is simply a database of objects with properties. Microsoft has been so kind as to give us a plethora of built-in Windows tools to query and modify the database objects. Some time ago one of my clients with about deployed computers called me in a panic. This client needed to know who was logged into that computer.
The two above tasks can be run independently using the provided command-line switches. As a matter of fact, being able to automatically disable AD accounts after X days of inactivity is a good security practice. Unfortunately, such feature is not yet supported by any version of Windows or Windows Server, at least up to Windows 10 and Windows Server To disable all AD users that has been inactive for days or more and also delete those that have been previously disabled more than days ago.