LDAP Archives - Jakub Bielaszka

There are couple of account-related PowerShell commands that I use on a frequent basis. They are helpful in access troubleshooting, to check that user accounts and groups configuration is correct.

(Windows 10) Before using them you will need to install Remote Server Administration Tools and enable “activedirectory” Powershell module (you can find more details here).

Get information about “jdoe” user (e.g. if user account is locked, home drive location, etc.)

Get-ADUser -Identity jdoe -Properties * -server ldapserver.local

Surname           : Doe
Name              : Jon Doe
UserPrincipalName : 
GivenName         : John
Enabled           : TRUE
SamAccountName    : jdoe 
ObjectClass       : user
SID               : S-1-5-21-2889043008-4136710315-25555524263-3544
ObjectGUID        : e14177764-096c-4cb0-b903-ebb66562d99d
....

Get information about “Administrators” group

Get-ADGroup Administrators -server ldapserver.local

DistinguishedName : CN=Administrators,CN=Builtin,DC=ldapserver,DC=com
GroupCategory     : Security
GroupScope        : DomainLocal
Name              : Administrators
ObjectClass       : group
ObjectGUID        : 02ce3444-dd86-41ba-bddc-013f34432178
SamAccountName    : Administrators
SID               : S-1-5-32-444

Get group memberships of “jdoe” user

Get-ADPrincipalGroupMembership jdoe -server ldapserver.local|select name

name
--------
Administrators
STG_group
Employees
...

Get members of “Administrators” group

Get-ADGroupMember -identity Administrators  -server ldapserver.local|select name

name
--------
LDAP_user
Berezov
SVC_tech
...

Change password of “jdoe” user

Set-ADAccountPassword -Identity jdoe -server ldapserver.local

Please enter the current password for 'CN=jdoe CN=Pat,CN=Users,DC=ldapserver,DC=local'
Password:********** 
Please enter the desired password for 'CN=jdoe CN=Pat,CN=Users,DC=ldapserver,DC=local'
Password:*********** 
Repeat Password:***********

Remove Active Directory object (e.g. SVM, sometime helpful when there is a problem joining SVM to the domain)

Remove-ADComputer -Identity SVM1 -Server ldapserver.local -Credential (Get-Credential)

cmdlet Get-Credential at command pipeline position 1
Supply values for the following parameters:
User: LOCAL\LDAP_user
Password for user LOCAL\LDAP_user: ****************
Confirm
Are you sure you want to perform this action?
Performing the operation "Remove" on target "CN=SVM1,OU=STORAGE,DC=ldap,DC=local".
[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Yes"):
PS>>

Tag: LDAP

Useful Active Directory Commands (PowerShell)

My Certificates

Social media

Categories

Recent Posts