PowerShell allows you to read, write and update Active Directory Objects. In conjunction with PowerShell’s many other advanced features this provides a great environment to manage your AD, and to automate tasks.

To Create a user object:

First we need to set a variable to hold the domain object, and link the instance to the domain.

PS C:\> $domain = [ADSI] “LDAP://main:389/dc=domain,dc=local”

This will allow you to interact with AD from using this $domain variable.

You can list the root of your domain by typing:

PS C:\> $domain.psbase.Get_children()

This will list the root containers in your active directory by Distinguished Name.

To get more information about a specific branch in the directory we can associate that branch to a new variable.

$usersOU = [ADSI] “LDAP://CN=Users,DC=domain,DC=local”

and then again using the “psbase.Get_children()”

$usersOU.psbase.Get_children()

This will list all the AD objects (users and computers) in the OU.

Lets finish off by creating a user.

PS C:\> $newUser = $usersOU.Create(”user”,”cn=MyNewUser”)
PS C:\> $newUser.put(”title”, “PowerShell Test Account”)
PS C:\> $newUser.put(”employeeID”, 123)
PS C:\> $newUser.put(”description”, “Test User Account for LazyAdmin Demo”)
PS C:\> $newUser.SetInfo()

Now If you enter this into your command prompt you may get an access denied error:

This is

…