Active Directory Cmdlets in Windows PowerShell

Here’s a list of all the Active Directory cmdlets in Windows PowerShell that are available in Windows Server 2008 R2 with a link to Microsoft TechNet for each cmdlet for more details. Add-ADComputerServiceAccount Adds one or more service accounts to an Active Directory computer. Add-ADDomainControllerPasswordReplicationPolicy Adds users, computers, and groups to the Allowed List or the Denied List of the read-only domain controller (RODC) Password Replication Policy (PRP). Add-ADFineGrainedPasswordPolicySubject Applies a fine-grained password policy to one more users and groups. Add-ADGroupMember Adds one or more members to an Active Directory group. Add-ADPrincipalGroupMembership Adds a member to one or more Active Directory groups. Clear-ADAccountExpiration Clears the expiration date for an Active Directory account. Disable-ADAccount Disables an Active Directory account. Disable-ADOptionalFeature Disables an Active Directory optional feature. Enable-ADAccount Enables an Active Directory account. Enable-ADOptionalFeature Enables an Active Directory optional feature. Get-ADAccountAuthorizationGroup Gets the Active Directory security groups that contain an account. Get-ADAccountResultantPasswordReplicationPolicy Gets the resultant password replication policy for an Active Directory account. Get-ADComputer Gets one or more Active Directory computers. Get-ADComputerServiceAccount Gets the service accounts that are hosted by an Active Directory computer. Get-ADDefaultDomainPasswordPolicy Gets the default password policy for an Active Directory domain. Get-ADDomain Gets an Active Directory domain. Get-ADDomainController Gets one or more Active Directory domain controllers, based on discoverable services criteria, search parameters, or by providing a domain controller identifier, such as the NetBIOS name. Get-ADDomainControllerPasswordReplicationPolicy Gets the members of the Allowed List or the Denied List of the RODC PRP. Get-ADDomainControllerPasswordReplicationPolicyUsage Gets the resultant password policy of the specified ADAccount on the specified RODC. Get-ADFineGrainedPasswordPolicy Gets one or more Active Directory fine-grained password policies. Get-ADFineGrainedPasswordPolicySubject Gets the users and groups to which a fine-grained password policy is applied. Get-ADForest Gets an Active Directory forest. Get-ADGroup Gets one or more Active Directory groups. Get-ADGroupMember Gets the members of an Active Directory group. Get-ADObject Gets one or more Active Directory objects. Get-ADOptionalFeature Gets one or more Active Directory optional features. Get-ADOrganizationalUnit Gets one or more Active Directory OUs. Get-ADPrincipalGroupMembership Gets the Active Directory groups that have a specified user, computer, or group. Get-ADRootDSE Gets the root of a domain controller information tree. Get-ADServiceAccount Gets one or more Active Directory service accounts. Get-ADUser Gets one or more Active Directory users. Get-ADUserResultantPasswordPolicy Gets the resultant password policy for a user. Install-ADServiceAccount Installs an Active Directory service account on a computer. Move-ADDirectoryServer Moves a domain controller in AD DS to a new site. Move-ADDirectoryServerOperationasterRole Moves operation master (also known as flexible single master operations or FSMO) roles to an Active Directory domain controller. Move-ADObject Moves an Active Directory object or a container of objects to a different container or domain. New-ADComputer Creates a new Active Director computer. New-ADFineGrainedPasswordPolicy Creates a new Active Directory fine-grained password policy. New-ADGroup Creates an Active Directory group. New-ADObject Creates an Active Directory objet. New-ADOrganizationalUnit Creates a new Active Directory OU. New-ADServiceAccount Creates a new Active Directory service account. New-ADUser Creates a new Active Directory user. Remove-ADComputer Removes an Active Directory computer. Remove-ADComputerServiceAccount Removes one or more service accounts from a computer. Remove-ADDomainControllerPasswordReplicationPolicy Removes users, computers, and groups from the Allowed List or the Denied List of the RODC PRP. Remove-ADFineGrainedPasswordPolicy Removes an Active Directory fine-grained password policy. Remove-ADFineGrainedPasswordPolicySubject Removes one or more users from a fine-grained password policy. Remove-ADGroup Removes an Active Directory group. Remove-ADGroupMember Removes one or more members from an Active Directory group. Remove-ADObject Removes an Active Directory object. Remove-ADOrganizationalUnit Removes an Active Directory OU. Remove-ADPrincipalGroupMembership Removes a member from one or more Active Directory groups. Remove-ADServiceAccount Removes an Active Directory service account. Remove-ADUser Removes an Active Directory user. Rename-ADObject Changes the name of an Active Directory object. Reset-ADServiceAccountPassword Resets the service account password for a computer. Restore-ADObject Restores an Active Directory object. Search-ADAccount Gets Active Directory user, computer, and service accounts. Set-ADAccountControl Modifies user account control (UAC) values for an Active Directory account. Set-ADAccountExpiration Sets the expiration date for an Active Directory account. Set-ADAccountPassword Modifies the password of an Active Directory account. Set-ADComputer Modifies an Active Directory computer. Set-ADDefaultDomainPasswordPolicy Modifies the default password policy for an Active Directory domain. Set-ADDomain Modifies an Active Directory domain. Set-ADDomainMode Sets the domain functional level for an Active Directory domain. Set-ADFineGrainedPasswordPolicy Modifies an Active Directory fine-grained password policy. Set-ADForest Modifies an Active Directory forest. Set-ADForestMode Sets the forest mode for an Active Directory forest. Set-ADGroup Modifies an Active Directory group. Set-ADObject Modifies an Active Directory object. Set-ADOrganizationalUnit Modifies an Active Directory OU. Set-ADServiceAccount Modifies an Active Directory service account. Set-ADUser Modifies an Active Directory user. Uninstall-ADServiceAccount Uninstalls an Active Directory service account from a computer. Unlock-ADAccount Unlocks an Active Directory account.