Active Directory PowerShell One-Liners for User, Group and Computer Admin

Active Directory PowerShell is one of the fastest ways to handle day-to-day user, group, and computer administration without clicking through multiple MMC consoles. This page is the main TurboGeek hub for practical AD PowerShell work: quick one-liners, common admin tasks, safe execution tips, and links to deeper task-specific guides.

If you need a narrower workflow, jump straight to the bulk user creation with CSV guide or the Active Directory PowerShell cheat sheet.

Key takeaways

• Use the ActiveDirectory module for most day-to-day AD automation tasks.
• One-liners are ideal for search, reporting, cleanup, and single-object changes.
• For onboarding at scale, use a structured CSV workflow instead of hand-built one-liners.
• Always test with -WhatIf, limit scope with -SearchBase, and validate output before making changes in production.

Before you run AD PowerShell commands

Make sure the ActiveDirectory module is available on the server or workstation you are using. On member servers this is usually installed with the AD DS tools, and on admin workstations it normally comes from RSAT.

Import-Module ActiveDirectory
Get-Module ActiveDirectory -ListAvailable

If you are working from a management workstation, confirm your account has permission to view or modify the target OUs. If you are testing a new command, add -WhatIf where supported and export the current state first.

Find users quickly with PowerShell

User lookups are the most common AD task, and they are usually where one-liners save the most time. Start with Get-ADUser and layer on -Properties, -SearchBase, and filters as needed.

Get-ADUser -Identity 'jdoe'
Get-ADUser -Filter * -SearchBase 'OU=Users,DC=contoso,DC=com'
Get-ADUser -Filter 'Department -eq "Finance"' -Properties Department | Select-Object Name,SamAccountName,Department
Get-ADUser -Filter 'Enabled -eq $false' -Properties LastLogonDate | Select-Object Name,SamAccountName,LastLogonDate

For a larger onboarding job, do not loop manually through user records one at a time. Use the dedicated PowerShell and CSV provisioning guide instead.

Create and modify users

PowerShell is ideal for quick single-account changes such as creating a test account, updating a department, changing a manager, or enabling and disabling users.

$Password = Read-Host -AsSecureString -Prompt 'Enter password'
New-ADUser -Name 'John Doe' -SamAccountName 'jdoe' -UserPrincipalName '[email protected]' -AccountPassword $Password -Enabled $true
Set-ADUser -Identity 'jdoe' -Department 'Sales'
Enable-ADAccount -Identity 'jdoe'
Disable-ADAccount -Identity 'jdoe'

These single-object examples are fine for admin work, but they are not the right way to onboard hundreds of users from HR or a project spreadsheet. That is why the cluster also includes the bulk CSV user creation child guide.

Manage passwords and account state

Password resets, unlocks, and account status checks are all good fits for short PowerShell commands.

Set-ADAccountPassword -Identity 'jdoe' -Reset -NewPassword (Read-Host -AsSecureString)
Unlock-ADAccount -Identity 'jdoe'
Set-ADUser -Identity 'jdoe' -ChangePasswordAtLogon $true
Search-ADAccount -LockedOut | Select-Object Name,SamAccountName

Use care here. These commands are powerful, and broad filters can affect more users than expected if you skip scoping and validation.

Manage groups and memberships

Security group hygiene is another area where AD PowerShell is much faster than the GUI, especially when you need to compare members, add users in bulk, or identify stale membership.

Get-ADGroupMember -Identity 'HR Team' | Select-Object Name,ObjectClass
Add-ADGroupMember -Identity 'VPN Users' -Members 'jdoe'
Remove-ADGroupMember -Identity 'VPN Users' -Members 'jdoe' -Confirm:$false
Get-ADPrincipalGroupMembership -Identity 'jdoe' | Select-Object Name

If you are building a reusable library of daily admin commands, keep a second page that is optimized for fast copy-and-paste access. That is the role of the AD PowerShell cheat sheet.

Audit and clean up computer objects

Computer accounts are often neglected compared to users, but PowerShell makes it easy to find stale machines, report on operating systems, and move objects into the right OU structure.

Get-ADComputer -Filter 'OperatingSystem -like "Windows 11*"' -Properties OperatingSystem | Select-Object Name,OperatingSystem
Search-ADAccount -AccountInactive -ComputersOnly -TimeSpan 120.00:00:00 | Select-Object Name,LastLogonDate
Disable-ADAccount -Identity 'PC-001'
Move-ADObject -Identity 'CN=PC-001,OU=Workstations,DC=contoso,DC=com' -TargetPath 'OU=Disabled Computers,DC=contoso,DC=com'

Build quick reports for AD hygiene

AD PowerShell is often most useful for reporting rather than direct changes. Exporting stale users, disabled accounts, or group membership snapshots makes it easier to review and approve changes before acting.

Get-ADUser -Filter 'Enabled -eq $false' | Select-Object Name,SamAccountName | Export-Csv .\disabled-users.csv -NoTypeInformation
Get-ADUser -Filter * -Properties LastLogonDate | Select-Object Name,SamAccountName,LastLogonDate | Export-Csv .\user-lastlogon.csv -NoTypeInformation
Get-ADGroupMember -Identity 'Domain Admins' | Select-Object Name,ObjectClass | Export-Csv .\domain-admins.csv -NoTypeInformation

Safe execution checklist

• Start with read-only commands before making changes.
• Use -SearchBase to limit scope to the right OU.
• Use -WhatIf on destructive commands where supported.
• Export current state before bulk changes.
• Run large changes during a maintenance window and keep logs.

Which AD PowerShell page should you read next?

• How to Bulk Create Active Directory Users with PowerShell and CSV if you need repeatable onboarding from a spreadsheet.
• Active Directory PowerShell Cheat Sheet if you want short copy-and-paste commands for daily admin work.

Related TurboGeek guides

• How to Bulk Create Active Directory Users with PowerShell and CSV
• Active Directory PowerShell Cheat Sheet