POWERSHELL COMMANDS

# TCP/IP CONF
Computer Name
rename-computer -NewName DC1
Network Card Association
New-NetLbfoTeam -Name Team1 -TeamMembers "Ethernet" -Confirm:$false
#Network Configuration
New-NetIPAddress -InterfaceAlias Team1 -IPAddress 172.16.0.10
-PrefixLength 24
Set-DnsClientServerAddress -InterfaceAlias Team1 -ServerAddresses
172.16.0.10
Activate remote management
Enable-PSRemoting -Force
Windows Firewall
Set-NetFirewallProfile -Name Domain,Private -Enabled False
Time zone
Get-TimeZone -ListAvailable
Set-TimeZone -Id "Morocco Standard Time"
Install a role or feature
Install-WindowsFeature -Name DNS -IncludeAllSubFeature
Include Management Tools
Install-WindowsFeature -Name DHCP -IncludeAllSubFeature
Include Management Tools
Install-WindowsFeature -Name AD-Domain-Services -IncludeAllSubFeature
Include Management Tools
Uninstall a role or feature
Uninstall-WindowsFeature DNS
Uninstall-WindowsFeature DHCP
the role of ADDS services
Install-WindowsFeature AD-Domain-Services -IncludeAllSubFeature
Include Management Tools
to join a computer to the domain
Add-Computer -DomainName OFPPT.MA
Display the domain controllers that hold the FSMO roles:
NetDom query FSMO
Transfer and assumption of role
Move-ADDirectoryServerOperationsMasterRole
Move-ADDirectoryServerOperationsMasterRole -Identity nameserver
-OperationsMasterRole listenomsrôles -Force
Create an OU (default protected from accidental deletions):
New-ADOrganizationalUnit -Name TRI
New-ADOrganizationalUnit -Name NTIC -ProtectedFromAccidentalDeletion
$false
New-ADOrganizationalUnit TRI201 -Path "ou=TRI,dc=ofppt,dc=ma"
Modify an OU:
Set-ADOrganizationalUnit -Identity "ou=TRI,dc=ofppt,dc=ma" -Description
"Sorting Sector" -

ProtectedFromAccidentalDeleton $false
Move an OU:
Move-ADObject -Identity "ou=TRI,dc=ofppt,dc=ma" -TargetPath
ou=NTIC,dc=OFPPT,DC=MA
Rename an OU:
Rename the AD object identified as 'ou=NTIC,dc=OFPPT,DC=MA' to 'DIGITAL'

Delete an OU:
Set-ADOrganizationalUnit -Identity "ou=DIGITAL,dc=OFPPT,DC=MA" -
ProtectedFromAccidentalDeleton $false
Remove-ADOrganizationalUnit -Identity "ou=DIGITAL,dc=OFPPT,DC=MA"
-Confirm:$false

Search for organizational units

Get-ADOrganizationalUnit -Filter *
Get-ADOrganizatonalUnit -Filter 'Name -like "TRI*"' | Format-Table -Property
Name,
Distinguished Name
User account management using PowerShell
Create a user account:
$pwd = ConvertTo-SecureString -AsPlainText 'P@$$word' -Force
New-ADUser User1 -AccountPassword $pwd
New-ADUser -Name User2 -Path "ou=TRI,dc=ofppt,dc=ma" -GivenName User
Surname
TRI
Nb :
An account created without a password will be disabled.

A account created without the –Path parameter will be placed in the default container.

CN=Users,DC=OFPPT,DC=MA
• Modify the default container for new user accounts or
computers
New-ADOrganizationalUnit NewUsers
New-ADOrganizationalUnit NewComputers
redirusr "ou=NewUsers,dc=OFPPT,dc=Ma"
redircmp "ou=NewComputers,dc=OFPPT,dc=Ma"
Modify a user account:
Set-ADUser -Identity user1 -City CASA
Move a user account:
Move-ADObject -Identity "cn=user1,cn=Users,dc=OFPPT,DC=MA" -TargetPath
ou=TRI,dc=OFPPT,DC=MA
Rename a user account:
Rename-ADObject -Identity "cn=user2,ou=TRI,dc=OFPPT,dc=MA" -NewName
TriUser2
Change the password of a user account
$pwd = ConvertTo-SecureString -AsPlainText 'P@$$word' -Force
Set-ADAccountPassword -Identity user1 -NewPassword $pwd
Activate a user account
Enable-ADAccount -Identity user1
Deactivate a user account
Disable-ADAccount -Identity User2
Delete a user account
Remove-ADUser -Identity user2 -Confirm:$false
Search for user accounts
Get-ADUser -Identity user1
Get-ADUser -Filter * -SearchBase "ou=TRI,dc=OFPPT,dc=MA" -SearchScope
OneLevel
Get-ADUser -Filter {Name -like "Admin*"} -Properties
Name
Get-ADUser -Filter 'City -eq "House"'
Get-ADUser -Filter 'name -like "*User*"' -SearchBase
ou=TRI,dc=ofppt,dc=ma
Group management using PowerShell commands
# create a group
New-ADGroup -name PSgroup -Path "ou=ntc,dc=ofppt,dc=ma" -GroupScope
Global
• modify a group
Set-ADGroup -Identity PSgroup -Description "Group 1"
#add a member to the group
Add-ADGroupMember -Identity PSgroup -Members user7
Add-ADPrincipalGroupMembership -Identity user7 -MemberOf
PSgroup, psgroup2
#remove a member from a group
Remove-ADGroupMember -Identity PSgroup -Members user7 -Confirm:$false
Remove-ADPrincipalGroupMembership user7 -MemberOf PSgroup -Confirm:
$false
#move a group
Move-ADObject -Identity "cn= PSgroup,ou=ntc,dc=ofppt,dc=ma" -TargetPath
ou=ntc2,dc=ofppt,dc=ma
#delete a group
Remove-ADGroup psgroup2 -Confirm:$false
Modifying objects with Windows PowerShell (disable adaccount
last login
Get-ADUser -Filter {lastlogondate -lt "March 29, 2019"} | Disable-ADAccount
Utilization of CSV files
import a csv file
Import-Csv C:\ListUsers.csv -Delimiter ";"
get the number of objects in the imported object collection
$users.Count
get a column from the collection
$users.Name
Get the Nth element
$users[0]
$users[0].Nom
browse the collection
for($i=0; $i -lt $users.Count;$i++){
$users[$i].FirstName
}
foreach($user in $users){
$user.Login
}
Install the DHCP server role
• Install-WindowsFeature -Name dhcp -IncludeAllSubFeature
Include Management Tools
To allow the server to use
• Add-DhcpServerInDC -DnsName dc1.ofppt.ma -IPAddress 172.16.0.10
To create an extended use
• Add-DhcpServerv4Scope -Name Scope1 -StartRange 172.16.0.50 -EndRange
172.16.0.150 - Subnet Mask
255.255.255.0 4• Add-DhcpServerv4ExclusionRange -ScopeId 172.16.0.0
172.16.0.70
DNS Server (DNS Server)
Install the DNS Server role
Install-WindowsFeature dns -IncludeAllSubFeature
Include Management Tools
Create a main direct search area
Add-DnsServerPrimaryZone -Name TRI.ma -ZoneFile tri.ma.dns
Create a main reverse search zone
Add-DnsServerPrimaryZone -NetworkId 172.16.0.0 -ZoneFile 0.16.172.dns
TCP/IP configuration
Create a Secondary Direct Search Zone (On the second server)
DNS)
Add-DnsServerSecondaryZone -Name TRI.ma -ZoneFile tri.ma -MasterServers
172.16.0.10
Resource Record
create a resource record (ResourceRecord) of type (A or
AAAA)
Add-DnsServerResourceRecordA -ZoneName tri.ma -Name PC1 -IPv4Address
172.16.0.110
Add-DnsServerResourceRecordAAAA -ZoneName tri.ma -Name PC1
IPv6Address 2001:ABC:123::110
Create a resource record (ResourceRecord) of type MX
Add-DnsServerResourceRecordMX -ZoneName tri.ma -Name "."
MailExchange PC1.tri.ma
-Preference 10
Create a CNAME (Alias) record
Add-DnsServerResourceRecordCName -ZoneName tri.ma -Name www
HostNameAlias
pc1.tri.ma
create an SRV record
Add-DnsServerResourceRecord -Srv -ZoneName tri.ma -Name "_ldap._tcp"
-port 398 -DomainName pc1.tri.ma -Priority 0 -Weight 100
(The transfer of requests)
Configure the redirector
Add-DnsServerForwarder -IPAddress 172.16.0.20
create a conditional redirect
Add-DnsServerConditionalForwarderZone -Name ofppt.net -MasterServers
172.16.10.10
(The zones integrated into Active Directory)

#create an integrated AD zone (Domain replication)

Add-DnsServerPrimaryZone -name ofppt.com -ReplicationScope Domain
convert a file-based Zone to AD Zone
ConvertTo-DnsServerPrimaryZone -Name tri.ma -ReplicationScope Domain
Force
Convert an AD Zone into a file-based Zone
ConvertTo-DnsServerPrimaryZone -Name ofppt.com -ZoneFile ofppt.com.dns
-Force