These commands are best run on a domain controller. Alternatively you can invoke these commands through a remote session, or on a system that has RSAT tools installed with the Active Directory components.

First, import the module with the following command:

Import-Module ActiveDirectory

If the above command fails, you will not be able to use PowerShell to manage the AD environment. This will often happen if you are running remotely without AD components installed.

If the module loads, the below commands can now be used! Be sure to replace any items in italics with the username you are targeting.

I want to review a user’s account details

Get-ADUser Username

For full details, be sure to add -Properties * to the end of the command. This can output a lot of detail, so output it to a text file if you are unsure by appending this to the end of the command: > C:\filename.txt

I want to disable a user account

Disable-ADUser Username

I want to enable a user account (not for password lockouts)

Enable-ADUser Username

I want to remove a user account

Note: This command does not remove a user’s Exchange account, user folders, or any other related object. It just removes them from AD.

Remove-ADUser Username

I want to check the status of a user account

Get-ADUser Username -Properties Enabled

I want to reset a user’s password

This is a multi-step command, so please enter in order as shown.

  1. $pass=Read-Host “PASSWORD” –AsSecureString  (This will prompt you for the password you want to use)
  2. Set-ADAccountPassword USERNAME -NewPassword $pass
  3. Set-ADUser USERNAME –ChangePasswordAtLogon $true (Optional, but recommended for good password hygiene)

Leave a Comment

Your email address will not be published. Required fields are marked *