Final answer:
To manage AD groups with PowerShell, you use the 'Get-ADGroup', 'Get-ADGroupMember', and 'Get-ADUser' commands with various parameters to list all groups, verify the existence of specific groups, list members, include properties like email, filter by group category, and manage with alternate credentials.
Step-by-step explanation:
To perform various Active Directory (AD) tasks using PowerShell, here are the respective commands:
- Find all AD groups without regard for any criteria:
Get-ADGroup -Filter * - Check to see if a single AD group called HR exists:
Get-ADGroup -Identity HR - List all members of the Administrators group:
Get-ADGroupMember -Identity 'Administrators' - List all groups nested inside the HR group:
Get-ADGroup -Filter {Name -like "HR"} | Get-ADGroupMember | Where-Object { $_.objectClass -eq 'group' } - List all group members of the HR, Accounting, and IT groups using a foreach loop:
$groups = 'HR','Accounting','IT'
foreach ($group in $groups) {
Get-ADGroupMember -Identity $group
} - Check to see if an AD group called HR exists, prompting for alternate username/password:
$cred = Get-Credential
Get-ADGroup -Identity HR -Credential $cred - List all the group members of the HR group with user account’s email address:
Get-ADGroupMember -Identity HR | Get-ADUser -Properties EmailAddress | Select-Object Name,EmailAddress - List only the Security groups:
Get-ADGroup -Filter 'GroupCategory -eq "Security"' - List all AD groups in the "NYC" OU:
Get-ADGroup -Filter * -SearchBase "OU=NYC,OU=Locations,DC=YourDomain,DC=com" - Export all AD groups in the "NYC" OU to a CSV file:
Get-ADGroup -Filter * -SearchBase "OU=NYC,OU=Locations,DC=YourDomain,DC=com" | Export-Csv -Path "nyc.csv" -NoTypeInformation