Lab 1: Query Users
Get-ADUser, properties
0 / 3
Lab 2: Manage Users
Create, modify accounts
0 / 3
Lab 3: Groups
Groups and membership
0 / 3
Lab 4: Search AD
Filters, advanced queries
0 / 3

Lab 1: Querying Users

Learn to retrieve user information from Active Directory.

1 Get all users
List all user accounts in the domain.
Get-ADUser -Filter *
2 Get specific user
Retrieve a single user by their username.
Get-ADUser -Identity administrator
3 Get user with all properties
View all attributes of a user account.
Get-ADUser -Identity jsmith -Properties *
By default, only common attributes are returned. Use -Properties * to see everything.

Lab 2: Managing Users

Create and modify user accounts with PowerShell.

1 Create a new user
Create a new AD user account.
New-ADUser -Name "Test User" -SamAccountName "tuser" -Enabled $true
2 Modify user attributes
Update a user's department.
Set-ADUser -Identity tuser -Department "IT"
3 Unlock a user account
Unlock a locked out user.
Unlock-ADAccount -Identity jlocked
Account lockouts are one of the most common helpdesk tickets!

Lab 3: Group Management

Manage security groups and membership.

1 Get group members
List members of a security group.
Get-ADGroupMember -Identity "Domain Admins"
2 Create a security group
Create a new global security group.
New-ADGroup -Name "IT Support" -GroupScope Global -GroupCategory Security
3 Add user to group
Add a user to a security group.
Add-ADGroupMember -Identity "IT Support" -Members tuser
Use -Members with multiple usernames separated by commas for bulk adds.

Lab 4: Searching AD

Use filters to find specific objects efficiently.

1 Find disabled users
Search for all disabled user accounts.
Get-ADUser -Filter {Enabled -eq $false}
2 Search in specific OU
Find users within a specific OU.
Get-ADUser -Filter * -SearchBase "OU=IT,DC=hexworth,DC=local"
3 Find locked accounts
Search for all locked out user accounts.
Search-ADAccount -LockedOut
Search-ADAccount is a powerful cmdlet for finding various account states!