Starting powershell 3.0, modules can be loaded automatically without manually import everytime. So make sure you at least have powershell 3.0 installed.

Add new user via powershell:

New-ADUser Name "John Smith" SamAccountName JohnS DisplayName "John Smith" Title "Account Manager" Enabled $true ChangePasswordAtLogon $true -AccountPassword (ConvertTo-SecureString "<a href="mailto:[email protected]">[email protected]</a>" -AsPlainText -force) -PassThru

In some case, we may need pipe to combin two or more commands and actions together, but we can’t use pipe after powershell command. If the piped action is still under same powershell environment: powershell -Command & {Get-ADUser -Identity zchen -Properties memberof | Select-Object -ExpandProperty memberof} The correct ssh version would be ssh [email protected] 'powershell -Command " & {Get-ADUser -Identity zchen -Properties memberof | Select-Object -ExpandProperty memberof}"'

Note: Powershell is like windows cmd shell, doesn’t like ', but use " instead.

Following article explains how to use powershell to manage AD users

creating a new user from an existing user

$userInstance = Get-ADUser -Identity “saraDavis”
New-ADUser -SAMAccountName “ellenAdams”  -Instance $userInstance -DisplayName “EllenAdams”

A request has been received to grant additional permissions to an existing user in your organizations Active Directory environment. The username of this existing user is “frank0”. In additional to his current responsibilities, Frank will be taking on the responsibilities of Alan who goes by the username of “alan0”.

Note: The examples shown in this blog article are being performed on a Windows 8.1 machine that has theremote server administration tools installed. The Active Directory module is not explicitly imported in these examples since Windows 8.1 runs PowerShell version 4 and the module auto-loading feature which was first introduced in PowerShell version 3 takes care of importing the module.

First, take a look at what Active Directory groups “alan0” is a member of. These are the groups that “frank0” needs to be made a member of:

Get-ADUser -Identity alan0 -Properties memberof |
Select-Object -ExpandProperty memberof

The dotted notation style of accessing the MemberOf property could also be used:

(Get-ADUser -Identity alan0 -Properties memberof).memberof

Frank is currently a member of the “Information Technology” group:

(Get-ADUser -Identity frank0 -Properties memberof).memberof

A simple one-liner can be used to add Frank as a member of each of Alan’s groups:

Get-ADUser -Identity alan0 -Properties memberof |
Select-Object -ExpandProperty memberof |
Add-ADGroupMember -Members frank0

Nothing is returned by default if the command completes successfully:

Use the -PassThru parameter with the previous command to receive feedback about what groups Frank is being added as a member of:

Get-ADUser -Identity alan0 -Properties memberof |
Select-Object -ExpandProperty memberof |
Add-ADGroupMember -Members frank0 -PassThru |
Select-Object -Property SamAccountName

In addition to the “Information Technology” group, Frank is now a member of all the groups that Alan is a member of:

(Get-ADUser -Identity frank0 -Properties memberof).memberof

Want to add multiple users to the same groups that Alan is a member of? No problem:

Get-ADUser -Identity alan0 -Properties memberof |
Select-Object -ExpandProperty memberof |
Add-ADGroupMember -Members frank0, gary0, jack0, john0, michael0, paul0