This script will help you to set the PwdLastSet attribute to the current date and time for multiple users. The user list in this script is built from an organizational unit content. You can adapt it with your own requirement.

This script will help you to change the user UPN (userPrincipalName attribute in the Active Directory) for all the user objects located in the OU OU=Users,OU=Dept,DC=domain,DC=local,DC=net Old UPN : domain.local.net New UPN : newdomain.com To setup a new UPN, follow

This script will help you to disable and move inactive computer accounts to a target OU in the Active Directory. The steps are the following : list all computer accounts inactive for more than 90 days ping each inactive computers

Export users to a CSV file Script : Script (with Microsoft Active Directory module loaded : import-module activedirectory) : Get-ADUser -filter * -ResultSetSize $null -Properties SamAccountName,displayname,description ` | select-Object SamAccountName,displayname,description ` | Export-Csv “c:\folder\export.csv” Script (with Quest Active Directory module)

With this script, you will be able to retrieve the domain controller hostnames in a forest. $myForest = [System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest() $myforest.Sites | % { $_.Servers } | Select Name, Domain References MSDN Forest Class Properties Name Description ApplicationPartitions Gets a collection

Find all locked out user account This cmdlet lists all locked out user account in the current Active Directory domain Script : Search-ADAccount -LockedOut | select DistinguishedName References Search-ADAccount Syntax Search-ADAccount -AccountDisabled [-AuthType { | }] [-ComputersOnly ] [-Credential ]

You will be able to enumerate all domains in a forest : the script lists all domain names (FQDN) in an Active Directory forest Script : @(([System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest()).Domains |select name ) References System.DirectoryServices.ActiveDirectory Namespace The System.DirectoryServices.ActiveDirectory namespace provides a high level abstraction object

With this script you will be able to find an email address in the forest and identify the Active Directory object linked on. (Get-ADobject -Filter {(mail -eq “johndoe@mail.com”)} -Properties sn,givenname,mail,displayname -SearchBase “dc=domain,dc=root” -Server “dc01.domain.root:3268” | ` Select-Object displayname,sn,givenname,mail) References Get-ADObject

This script can be very useful to cleanup data when the user account no longer exists in the Active Directory. Actually, this script moves only the folders linked to a deleted active directory user account (profiles, homes,…) to a temporary

This script copy the group members to another group. You have the choice between Microsoft Active Directory cmdlet or the Quest Active Directory cmdlet. Script (with Microsoft Active Directory module loaded : import-module activedirectory) : $Source_Group = “CN=SourceGroupName,OU=Groups,DC=domain,DC=com” $Destination_Group =