Automating recurring Active Directory tasks with PowerShell is key for successful IT professionals and system engineers.
In the world of IT administration, efficiency and accuracy are paramount. Microsoft's PowerShell is a powerful tool that enables administrators to automate recurring tasks in Active Directory (AD), reducing the time and effort required for routine operations and minimizing the risk of human error. In this article, we'll explore the benefits of using PowerShell for AD tasks and delve into five real-life use cases, complete with PowerShell code snippets.
Benefits of PowerShell automation for Active Directory tasks
- Automation of repetitive tasks: PowerShell allows administrators to perform operations on multiple AD objects at once, which is much faster than handling them individually through the GUI.
- Bulk operations: PowerShell allows administrators to perform operations on multiple AD objects at once, which is much faster than handling them individually through the GUI.
- Consistency and accuracy: Automation ensures that tasks are performed in the same way every time, enhancing consistency and reducing errors.
- Reporting: PowerShell can generate detailed reports on AD configurations and changes, aiding in audit and compliance efforts.
- Integration: PowerShell integrates with other Microsoft products and can manage a range of services, providing a unified scripting language for the entire IT environment.
Let's take a look at some real-life use cases for Active Directory PowerShell automation.
Use case 1: User onboarding
In an organization, it's common to onboard multiple employees at once. PowerShell can automate the creation of user accounts in bulk, which is much more efficient than creating them manually.
$users = Import-Csv -Path "C:\NewUsers.csv"
foreach ($user in $users) {
New-ADUser -Name $user.Name -GivenName $user.FirstName -Surname $user.LastName -SamAccountName $user.Username -UserPrincipalName $user.UPN -Path "OU=Users,DC=example,DC=com" -AccountPassword (ConvertTo-SecureString $user.Password -AsPlainText -Force) -Enabled $true
}
Use case 2: Resetting passwords for multiple Active Directory users
When a security breach occurs, or as a routine security measure, you might need to reset passwords for multiple users. PowerShell can streamline this process.
$users = Get-Content -Path "C:\AffectedUsers.txt"
foreach ($user in $users) {
Set-ADAccountPassword -Identity $user -NewPassword (ConvertTo-SecureString -AsPlainText "NewPassword123!" -Force) -Reset
} 
Use case 3: Cleaning up inactive Active Directory user accounts
Inactive AD accounts pose potential security risks. PowerShell can help identify and disable or remove accounts that have not been used within a specified period. The following code examples contain the -WhatIf parameter. It allows simulating and test the results first.
$inactiveDays = 90
$inactiveDate = (Get-Date).AddDays(-$inactiveDays)
$inactiveUsers = Get-ADUser -Filter {LastLogonTimestamp -lt $inactiveDate -and Enabled -eq $true}
foreach ($user in $inactiveUsers) {
Disable-ADAccount -Identity $user.SamAccountName -WhatIf
}
Use case 4: Updating AD user attributes in bulk
Sometimes, you may need to update attributes for multiple users, such as their department or title following a reorganization.
$users = Import-Csv -Path "C:\UserUpdates.csv"
foreach ($user in $users) {
Set-ADUser -Identity $user.Username -Department $user.Department -Title $user.Title
}
Use case 5: Generating reports of Active Directory user accounts
Reporting is crucial for audit and compliance. PowerShell can extract detailed information about user accounts, such as their creation dates, last login times, and group memberships.
Get-ADUser -Filter * -Properties WhenCreated, LastLogonDate, MemberOf | Select-Object Name, SamAccountName, WhenCreated, LastLogonDate, @{Name="Groups";Expression={$_.MemberOf -join ","}} | Export-Csv -Path "C:\ADUserReport.csv" -NoTypeInformation
Conclusion
PowerShell is an indispensable tool for managing Active Directory efficiently. By automating routine tasks, PowerShell not only saves time but also enhances security and consistency. The use cases above are just the tip of the iceberg. With PowerShell, the possibilities are vast, and the benefits are significant. Whether you're a seasoned administrator or new to PowerShell, investing time in learning and applying these scripts can significantly improve your AD management processes.
Webinar:
Automate Active Directory management – easy as that with PowerShell
Managing Active Directory is one of the most time-consuming recurring tasks of many IT administrators and system engineers.
Creating and maintaining users and groups, managing OUs and computer accounts, providing detailed AD reports is constantly on the to-do lists.
Let us show you how you can streamline, automate, delegate and monitor all your Active Directory processes and tasks.
Save time, reduce errors, and focus on critical IT projects.
In this webinar, we will cover how to:
- Automate repetitive tasks with the Active Directory PowerShell module
- Implement typical use cases using our ScriptRunner ActionPack for Active Directory
- Create scheduled reports with PowerShell and ScriptRunner
- Securely delegate Active Directory management tasks and provide self services for end users
Monitor all PowerShell activities - Streamline and automate daily tasks such as user management, site collection provisioning, and permission settings
- Create SharePoint reports scheduled and interactive with PowerShell
- Enable help desk teams and advanced users to securely create site collections following standard guidelines
- Centrally document configuration changes in SharePoint environments
- And introduce you to PowerShell and SharePoint Online
We look forward to welcoming you as a webinar participant!
Wednesday, March 20th | 4:00 - 5:00 PM CET, 11:00 - 12:00 AM EDT
If you can't attend the event, no problem: register and we'll send you a link to the webinar recording afterwards. Please note that you will need to confirm your email address during the registration process via email to receive the recording.
Participation in all our webinars is free of charge.
Related links
Related posts
About the author:
Heiko Brenn is Product Marketing Manager and responsible for the ScriptRunner marketing team. He has been working in the IT industry for more than 25 years and has extensive expertise in email management, security, collaboration, administration, cloud and automation. He has been working with PowerShell since 2010.