一、
批量创建用户
1. Import-Module ActiveDirectory
2. import-csv e:users
ewusers.csv |
3. New-ADUser -path "ou=test1,dc=contoso,dc=com" -passthru |
4. ForEach-Object {
5. $_ | Set-ADAccountPassword -Reset -NewPassword (ConvertTo-SecureString -AsPlainText "Pa$$w0rd" -Force)
6. $_ | Enable-ADAccount }
二、
import-csv Accounts.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true - AccountPassword (ConvertTo-SecureString $_.Password -AsPlainText -force)}
Run the Set-ADServiceAccount cmdlet.设置服务账户
三、
Sample AD PowerShell command to update UPNs in bulk:(修改upn需要使用域和信任关系)
Get-ADUser-Filter * -properties homemdb | where {$_.homemdb -ne $null} | ForEach-Object ($_.SamAccountName) {$CompleteUPN = $_.SamAccountName + "@contoso.com"; Set-ADUser -Identity $_.DistinguishedName -UserPrincipalName $CompleteUPN}
四、
Set-ADObject
Modifies an Active Directory object.
Parameter
-ProtectedFromAccidentalDeletion <Boolean>
Specifies whether to prevent the object from being deleted. When this property is set to true, you cannot delete the corresponding object without changing the value of the property. Possible values for this parameter include:
$false or 0
$true or 1
五、
dsquery user domainroot -desc "Temp" | dsmod user -disabled yes 查询账户并修改属性
六、
Set-ADForest -UPNSuffixes @{Add="headquarters.fabrikam.com"} 添加upn后缀
七、
CSVDE -f onlyusers.csv -r "objectCategory=person" -l "CN,<CustomAttributeName>" 查看所有用户属性导出为excel文件
八、颗粒化密码策略——————————图解说明
1、设置名称
2、设置策略优先级
3、用可还原的加密来存储
4、强制密码历史
5、密码复杂性要求
6、密码最小长度
7、密码使用最小期限
8、密码最长使用期限
9、登陆锁定阈值
10、重置账户锁定计数器
11、锁定时间
