Absolutely! Here’s a comprehensive breakdown of PowerShell commands and Active Directory-specific commands for managing users and permissions, both locally and in domain environments.
🖥️ PowerShell (Local User & Group Management)
👤 Local User Management
| Task |
PowerShell Command |
| List all local users |
Get-LocalUser |
| View specific user |
Get-LocalUser -Name "username" |
| Create a new user |
New-LocalUser -Name "username" -Password (Read-Host -AsSecureString) |
| Remove a user |
Remove-LocalUser -Name "username" |
| Enable user |
Enable-LocalUser -Name "username" |
| Disable user |
Disable-LocalUser -Name "username" |
👥 Local Group Management
| Task |
PowerShell Command |
| List all local groups |
Get-LocalGroup |
| View group members |
Get-LocalGroupMember -Group "Administrators" |
| Add user to a group |
Add-LocalGroupMember -Group "Administrators" -Member "username" |
| Remove user from a group |
Remove-LocalGroupMember -Group "Administrators" -Member "username" |
| Create a group |
New-LocalGroup -Name "GroupName" |
| Delete a group |
Remove-LocalGroup -Name "GroupName" |
🧑💼 Active Directory (AD) User & Group Management
Requires the Active Directory module for Windows PowerShell
(Use Import-Module ActiveDirectory)
👤 User Management
| Task |
PowerShell Command |
| List all users |
Get-ADUser -Filter * |
| View specific user |
Get-ADUser username -Properties * |
| Create new AD user |
New-ADUser -Name "John Smith" -SamAccountName jsmith -UserPrincipalName jsmith@domain.com -Path "OU=Users,DC=domain,DC=com" -AccountPassword (Read-Host -AsSecureString) -Enabled $true |
| Delete user |
Remove-ADUser -Identity "jsmith" |
| Enable user account |
Enable-ADAccount -Identity "jsmith" |
| Disable user account |
Disable-ADAccount -Identity "jsmith" |
| Unlock user account |
Unlock-ADAccount -Identity "jsmith" |
| Set new password |
Set-ADAccountPassword -Identity "jsmith" -Reset -NewPassword (Read-Host -AsSecureString) |
👥 Group Management
| Task |
PowerShell Command |
| List all AD groups |
Get-ADGroup -Filter * |
| View group members |
Get-ADGroupMember -Identity "GroupName" |
| Add user to group |
Add-ADGroupMember -Identity "GroupName" -Members "jsmith" |
| Remove user from group |
Remove-ADGroupMember -Identity "GroupName" -Members "jsmith" |
| Create new group |
New-ADGroup -Name "NewGroup" -GroupScope Global -Path "OU=Groups,DC=domain,DC=com" |
| Delete group |
Remove-ADGroup -Identity "GroupName" |
🔐 File/Folder Permissions (NTFS) via PowerShell
| Task |
PowerShell Command |
| View permissions |
Get-Acl "C:\path\to\folder" |
| Set permission |
|
$acl = Get-Acl "C:\folder"
$permission = "DOMAIN\User","FullControl","Allow"
$accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule $permission
$acl.SetAccessRule($accessRule)
Set-Acl "C:\folder" $acl
| Remove permission |
$acl = Get-Acl "C:\folder"
$acl.Access | Where-Object { $_.IdentityReference -eq "DOMAIN\User" } | ForEach-Object { $acl.RemoveAccessRule($_) }
Set-Acl "C:\folder" $acl
Want a PDF version of this? Or perhaps a script bundle to automate some tasks (e.g., bulk user creation)? Just let me know!