PS Operate AD

最新推荐文章于 2024-10-21 10:42:48 发布

原创最新推荐文章于 2024-10-21 10:42:48 发布 · 481 阅读

0 ·

CC 4.0 BY-SA版权

文章标签：

#user #properties #powershell #domain #access #object

PowerShell 专栏收录该内容

7 篇文章

订阅专栏

本文分享了使用ADSI adapter快速且相对容易地自动化Active Directory中的常见任务，包括创建用户、组、OU，移动用户，以及将用户添加到组。通过具体的代码示例，展示了如何与域控制器交互并执行这些操作。

PowerShell provides very broad set ofmethods to work with Active Directory , one of them is ADSI adapter. It allowsto quickly and relatively easy automate mundane actions or perform sameoperations.

In this blog, please let me share someexamples of using ADSI adapter.

1. CreateSystem.DirectoryServices.DirectoryEntry (ADSI) object

$ouObject=New-ObjectSystem.DirectoryServices.DirectoryEntry("LDAP://<IPAddress>/cn=users,dc=<dcName>,dc=com","<user>","<password>")

172.16.58.10 is the IP address of Domain Controller, alsowe need to provide user name and pass work to access domain controller.

NOTE: If you can’tload System.DirectoryServices.DirectoryEntry, you can loadthis assembly explicitly.

[System.Reflection.Assembly]::LoadWithPartialName("System.DirctoryServices")

2. After connected to domain controller,we can create users with $ouObject.

$newUser=$ouObject.create("user", "CN=user01")

$newUser.setinfo()#savenew user

Please save the new user before specifyother properties, some of properties setting:

$newUser.put("pwdLastSet", -1)#don'tneed change password when next logon

$newUser.setpassword("@WSX3edc")

$newUser.put("userAccountControl",66048) #passwordnever expires

$newUser.setinfo()

3. Create a new group named Group01

$ouObject=New-ObjectSystem.DirectoryServices.DirectoryEntry("LDAP://<IPAddress>/cn=users,dc=<dcName>,dc=com","<user>","<password>")

$newGroup=$ouObject.create("group","cn=Group1")

$newGroup.setInfo()

4. Create a new OUnamed OU_Test

$mainOU=New-ObjectSystem.DirectoryServices.DirectoryEntry("LDAP://<IPAddress>/cn=users,dc=<dcName>,dc=com","<user>","<password>")

$newOU=$mainOU.create("OrganizationalUnit","OU=OU_Test")

$newOU.setinfo()

5. Move user01 to another OU_Test

$user=New-ObjectSystem.DirectoryServices.DirectoryEntry("LDAP://<IPAddress>/cn=users,dc=<dcName>,dc=com","<user>","<password>")

$to=New-ObjectSystem.DirectoryServices.DirectoryEntry("LDAP://<IPAddress>/cn=users,dc=<dcName>,dc=com","<user>","<password>")

$user.PSBase.Moveto($to, "cn="+$user.name)

6. Add user01 to a Group01

$user=New-ObjectSystem.DirectoryServices.DirectoryEntry("LDAP://<IPAddress>/cn=users,dc=<dcName>,dc=com","<user>","<password>")

$group=New-ObjectSystem.DirectoryServices.DirectoryEntry("LDAP://<IPAddress>/cn=users,dc=<dcName>,dc=com","<user>","<password>")

$group.add("LDAP://"+$user.distinguishedName)

$group.setinfo()