本文共 8289 字,大约阅读时间需要 27 分钟。
List all computer accounts in a domainGet-ADComputer –Filter {Name –Like "*"}View all computers that are logged in for 90 days to the Active DirectorySearch-ADaccount -AccountInactive -Timespan 90 -ComputersOnlyOR $lastLogon = (get-date).adddays(-90).ToFileTime() Get-ADComputer -filter {lastLogonTimestamp -gt $lastLogon} Find and delete all disabled Computer accounts in Active DirectorySearch-ADAccount -AccountDisabled -ComputersOnly | Sort-Object | Remove-ADComputerFind and delete disabled computer accounts from a specific OUSearch-ADAccount -AccountDisabled -Searchbase "OU=IT,DC=Contoso,DC=Com" -ComputersOnly | Sort-Object | Remove-ADComputerFind and delete all computer accounts that no longer have signed up since 11/20/2011 to the Active DirectorySearch-ADAccount -AccountInactive -DateTime "20.11.2011" –ComputersOnly | Sort-Object | Remove-ADComputerList only disabled Computer accounts in DomainSearch-ADAccount -AccountDisabled -ComputersOnly | Format-Table Name Move Computer to other OU (example: Computer=CLIENT1 to OU=IT)Get-ADComputer CLIENT1 | Move-ADObject -TargetPath "OU=IT,DC=Contoso,DC=Com"See Computer account detail (example: Computer=CLIENT1)Get-ADComputer -Filter {Name -Like "CLIENT1"}Get a specific computer showing all the properties (example: Computer=CLIENT1)Get-ADComputer "CLIENT1" -Properties *List Computers (Name, Operating System, Service Pack, Operating System version)Get-ADComputer -Filter * -Property * | Format-Table Name,OperatingSystem,OperatingSystemServicePack,OperatingSystemVersion -Wrap –AutoExport Computers List (Name, Operating System, Service Pack, Operating System version)to CSV FileGet-ADComputer -Filter * -Property * | Select-Object Name,OperatingSystem,OperatingSystemServicePack,OperatingSystemVersion | Export-CSV AllWindows.csv -NoTypeInformation -Encoding UTF8Get Computer IPv4 Address and DnsHostNameGet-ADComputer -Filter {Name -Like "Computer-Name"} -Properties IPv4Address | Format-List Name,DnsHostName,IPv4AddressGet all Computers in a specific OU (example: OU=IT, Domain=Contoso.com)Get-ADComputer -SearchBase "OU=IT,DC=Contoso,DC=Com" -filter *Get all the Computers without a specific DNS suffixGet-ADComputer -filter "DnsHostName -notlike '*.Contoso.Com'"Get Computer Service Principal Names (SPNs)Get-ADComputer "Computer-Name" –Properties ServicePrincipalNames | Select-Object –Expand ServicePrincipalNamesGet Computers Security Identifiers (SIDs)Get-ADComputer -Filter {Name -like "*"} | Select Name,SID | Format-Table -Auto All computer accounts that were created in the last 90 days in the Active DirectoryGet-ADComputer -Filter * -Properties whenCreated | ? { ((Get-Date) - $_.whenCreated).Days -lt 90} | Format-Table Name,WhenCreated,Name,DistinguishedName -Autosize -WrapAll computer accounts that were created as of December 1, 2011 (12/01/2011) in the Active DirectoryGet-ADComputer -LDAPFilter "(&(objectCategory=person)(whenCreated>=20111201000000.0Z))" -Properties whenCreated | Format-Table Name,whenCreated,distinguishedName -Autosize -WrapAll computer accounts that were created here in a given time, between the 10/01/2011 and 12/01/2011 in Active Directory$Start = Get-Date -Day 01 -Month 10 -Year 2011 -Hour 00 $End = Get-Date -Day 01 -Month 12 -Year 2011 -Hour 23 -Minute 59 Get-ADComputer -Filter * -Properties whenCreated | ? { ($_.whenCreated -gt $Start) -and ($_.whenCreated -le $End) } | Format-Table Name,WhenCreated,DistinguishedName -Autosize -WrapAll computer accounts, Last Password Set in a given time, between the 10/01/2011 and 12/01/2011 in Active Directory$Start = Get-Date -Day 01 -Month 10 -Year 2011 -Hour 00 $End = Get-Date -Day 01 -Month 12 -Year 2011 -Hour 23 -Minute 59 Get-ADComputer -Filter * -Properties PasswordLastSet | ? { ($_.PasswordLastSet -gt $Start) -and ($_.PasswordLastSet -le $End) } | Format-Table Name,WhenCreated,DistinguishedName -Autosize -WrapAll computer accounts, Last Password Set in the last 90 days in Active Directory$Date = (Get-Date).AddDays(-90) Get-ADComputer -Filter * -Properties PasswordLastSet | where { $_.PasswordLastSet -le $Date } | Format-Table Name,PasswordLastSet,DistinguishedName -Autosize -Wrap
Move a Group to another OU (example: Group=Experts, Old-OU=IT, New-OU=Service, Domain=Contoso.com)Move-ADObject "CN=Experts,OU=IT,DC=Contoso,DC=com" -TargetPath "OU=Service,DC=Contoso,DC=com"
Add members to a group (example: Group=Experts, User=EdPrice)Add-ADGroupmember Experts -Member EdPriceDelete Group (example: Group=Experts)Remove-ADGroup ExpertsDelete a User from a Group (example: Group=Experts, User=EdPrice)Remove-ADGroupMember Experts -Member EdPrice Set Description for a Group (example: Group=JoinPC, Description=This group is allowed join PCs to Domain)Set-ADGroup JoinPC -Description "This group is allowed join PCs to Domain"Add Users from one Group to another Group (example: from Group1=DataUsers to Group2=SQLUsers)Get-ADGroupMember DataUsers | Select sAMAccountName | ForEach { Add-ADGroupMember SQLUsers -Members $_.sAMAccountName }Comparing two Groups to see the Group memberships (example: Group1=Administratorso, Group2=DNSAdmins)Compare-Object ( Get-ADGroupMember Administrators) ( Get-ADGroupMember DNSAdmins) -IncludeEqual转载地址:http://cfgka.baihongyu.com/