Active Directory PowerShell CmdLets for Generating Active Directory based Reports

Microsoft PowerShell for Active Directory offers 76 cmdlets by default. Of these 76 cmdlets, 23 cmdlets are for retreiving information from an Active Directory and could theoretically be used to obtain data that could then be rolled up into an IT management or an IT security report.

These 23 cmdlets are –

1. Search-ADAccount – Gets Active Directory user, computer, and service accounts
2. Get-ADAccountAuthorizationGroup – Gets the Active Directory security groups that contain an account
3. Get-ADAccountResultantPasswordReplicationPolicy – Gets the resultant password replication policy for an Active Directory account
4. Get-ADComputer – Gets one or more Active Directory computers
5. Get-ADComputerServiceAccount – Gets the service accounts that are hosted by an Active Directory computer
6. Get-ADDefaultDomainPasswordPolicy – Gets the default password policy for an Active Directory domain
7. Get-ADDomain – Gets an Active Directory domain
8. Get-ADDomainController – Gets one or more Active Directory domain controllers, based on discoverable services criteria, search parameters, or by providing a domain controller identifier, such as the NetBIOS name
9. Get-ADDomainControllerPasswordReplicationPolicy – Gets the members of the Allowed List or the Denied List of the RODC PRP
10. Get-ADDomainControllerPasswordReplicationPolicyUsage – Gets the resultant password policy of the specified ADAccount on the specified RODC
11. Get-ADFineGrainedPasswordPolicy – Gets one or more Active Directory fine-grained password policies
12. Get-ADFineGrainedPasswordPolicySubject – Gets the users and groups to which a fine-grained password policy is applied
13. Get-ADForest – Gets an Active Directory forest
14. Get-ADGroup – Gets one or more Active Directory groups
15. Get-ADGroupMember – Gets the members of an Active Directory group
16. Get-ADObject – Gets one or more Active Directory objects
17. Get-ADOptionalFeature – Gets one or more Active Directory optional features
18. Get-ADOrganizationalUnit – Gets one or more Active Directory OUs
19. Get-ADPrincipalGroupMembership – Gets the Active Directory groups that have a specified user, computer, or group
20. Get-ADRootDSE – Gets the root of a domain controller information tree
21. Get-ADServiceAccount – Gets one or more Active Directory service accounts
22. Get-ADUser – Gets one or more Active Directory users
23. Get-ADUserResultantPasswordPolicy – Gets the resultant password policy for a user

These cmdlets can be used to obtain information from your Active Directory regarding a variety of resoures ranging from user accounts to fine grained password policies.

You can always obtain additional information on these cmdlets by typing Get-Help into PowerShell, where is the name of the cmdlet you want more information on. This command will give you the basic help for the cmdlet.

To view examples for a specific cmdlet, simply type Get-Help  -examples into PowerShell, where is the name of the cmdlet you to see examples for.

Finally, if you want to see the full help file for the cmdlet, type Get-Help  -full into PowerShell, where  is the name of the cmdlet you want full help information for.

Additional information on some of these cmdlets will follow in additional blogposts.