-

Active Directory PowerShell CmdLets for Generating Active Directory based Reports

Microsoft PowerShell for Active Directory offers 76 cmdlets by default. Of these 76 cmdlets, 23 cmdlets are for retreiving information from an Active Directory and could theoretically be used to obtain data that could then be rolled up into an IT management or an IT security report.



These 23 cmdlets are –
  1. Search-ADAccount – Gets Active Directory user, computer, and service accounts
  2. Get-ADAccountAuthorizationGroup – Gets the Active Directory security groups that contain an account
  3. Get-ADAccountResultantPasswordReplicationPolicy – Gets the resultant password replication policy for an Active Directory account
  4. Get-ADComputer – Gets one or more Active Directory computers
  5. Get-ADComputerServiceAccount – Gets the service accounts that are hosted by an Active Directory computer
  6. Get-ADDefaultDomainPasswordPolicy – Gets the default password policy for an Active Directory domain
  7. Get-ADDomain – Gets an Active Directory domain
  8. Get-ADDomainController – Gets one or more Active Directory domain controllers, based on discoverable services criteria, search parameters, or by providing a domain controller identifier, such as the NetBIOS name
  9. Get-ADDomainControllerPasswordReplicationPolicy – Gets the members of the Allowed List or the Denied List of the RODC PRP
  10. Get-ADDomainControllerPasswordReplicationPolicyUsage – Gets the resultant password policy of the specified ADAccount on the specified RODC
  11. Get-ADFineGrainedPasswordPolicy – Gets one or more Active Directory fine-grained password policies
  12. Get-ADFineGrainedPasswordPolicySubject – Gets the users and groups to which a fine-grained password policy is applied
  13. Get-ADForest – Gets an Active Directory forest
  14. Get-ADGroup – Gets one or more Active Directory groups
  15. Get-ADGroupMember – Gets the members of an Active Directory group
  16. Get-ADObject – Gets one or more Active Directory objects
  17. Get-ADOptionalFeature – Gets one or more Active Directory optional features
  18. Get-ADOrganizationalUnit – Gets one or more Active Directory OUs
  19. Get-ADPrincipalGroupMembership – Gets the Active Directory groups that have a specified user, computer, or group
  20. Get-ADRootDSE – Gets the root of a domain controller information tree
  21. Get-ADServiceAccount – Gets one or more Active Directory service accounts
  22. Get-ADUser – Gets one or more Active Directory users
  23. Get-ADUserResultantPasswordPolicy – Gets the resultant password policy for a user
These cmdlets can be used to obtain information from your Active Directory regarding a variety of resoures ranging from user accounts to fine grained password policies.
You can always obtain additional information on these cmdlets by typing Get-Help into PowerShell, where is the name of the cmdlet you want more information on. This command will give you the basic help for the cmdlet.

To view examples for a specific cmdlet, simply type Get-Help  -examples into PowerShell, where is the name of the cmdlet you to see examples for.

Finally, if you want to see the full help file for the cmdlet, type Get-Help  -full into PowerShell, where  is the name of the cmdlet you want full help information for.

Additional information on some of these cmdlets will follow in additional blogposts.
Posted by

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)