There are couple of account-related PowerShell commands that I use on a frequent basis. They are helpful in access troubleshooting, to check that user accounts and groups configuration is correct.
(Windows 10) Before using them you will need to install Remote Server Administration Tools and enable “activedirectory” Powershell module (you can find more details here).
Get information about “jdoe” user (e.g. if user account is locked, home drive location, etc.)
Get-ADUser -Identity jdoe -Properties * -server ldapserver.local
Surname : Doe
Name : Jon Doe
UserPrincipalName :
GivenName : John
Enabled : TRUE
SamAccountName : jdoe
ObjectClass : user
SID : S-1-5-21-2889043008-4136710315-25555524263-3544
ObjectGUID : e14177764-096c-4cb0-b903-ebb66562d99d
....
Get information about “Administrators” group
Get-ADGroup Administrators -server ldapserver.local
DistinguishedName : CN=Administrators,CN=Builtin,DC=ldapserver,DC=com
GroupCategory : Security
GroupScope : DomainLocal
Name : Administrators
ObjectClass : group
ObjectGUID : 02ce3444-dd86-41ba-bddc-013f34432178
SamAccountName : Administrators
SID : S-1-5-32-444
Get group memberships of “jdoe” user
Get-ADPrincipalGroupMembership jdoe -server ldapserver.local|select name
name
--------
Administrators
STG_group
Employees
...
Get members of “Administrators” group
Get-ADGroupMember -identity Administrators -server ldapserver.local|select name
name
--------
LDAP_user
Berezov
SVC_tech
...
Change password of “jdoe” user
Set-ADAccountPassword -Identity jdoe -server ldapserver.local
Please enter the current password for 'CN=jdoe CN=Pat,CN=Users,DC=ldapserver,DC=local'
Password:**********
Please enter the desired password for 'CN=jdoe CN=Pat,CN=Users,DC=ldapserver,DC=local'
Password:***********
Repeat Password:***********
Remove Active Directory object (e.g. SVM, sometime helpful when there is a problem joining SVM to the domain)
Remove-ADComputer -Identity SVM1 -Server ldapserver.local -Credential (Get-Credential)
cmdlet Get-Credential at command pipeline position 1
Supply values for the following parameters:
User: LOCAL\LDAP_user
Password for user LOCAL\LDAP_user: ****************
Confirm
Are you sure you want to perform this action?
Performing the operation "Remove" on target "CN=SVM1,OU=STORAGE,DC=ldap,DC=local".
[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Yes"):
PS>>