Set is a new crypto-collectable game that’s challenging the way we think about games. They want to change how you play and offer an alternative experience for gamers who are tired of what they consider “pay-to-win” gaming experiences with high entry costs.,
The “set online game” is a command-line tool that allows users to set their current online status. The command takes the form of the word “set”, followed by the name of the application, and then an optional list of options.
Do you get bored of using the Active Directory (AD) Users and Computers (ADUC) console program to make changes to an Active Directory account? If that’s the case, why not save time by utilizing PowerShell’s set-aduser cmdlet to automate the simple process of updating AD objects?
With Specops’ 100% free Password Auditor Pro, you can find, report, and prevent unsafe Active Directory account passwords in your environment. Now is the time to get it!
Using the ADUC program installed on your PC is a typical technique to edit AD accounts. However, this method has the drawback of taking longer on average to perform AD account modifications. This is a job that may rapidly become boring.
This post will go through how to utilize the AD PowerShell cmdlet set-aduser to modify AD user accounts in detail.
Prerequisites/Requirements
This post will show you how to use the Set-ADUser PowerShell cmdlet. If you want to follow along, make sure you have the following things in order.
Scripts for Creating a Test Environment
You may also download a script called Create-OU-Structure.ps1 to help you quickly set up a test environment. In AD, this script will create the following OU structure:
- the division (Root OU)
- Accounting is a term that refers to (Nested OU)
- Users
- Computers
- promoting (Nested OU)
- Users
- Computers
- IT (Information Technology) (Nested OU)
- Users
- Computers
You may also download and execute the Populate-AD Accounts.ps1 PowerShell script to acquire some AD user accounts to cooperate with you. This script will populate the Accounting, Marketing, and IT OUs with example user accounts.
This post will make use of the OUs and user accounts established by these two scripts.
Using Get-ADUser to inspect AD user accounts
Before you can make changes to a user account, you must first read it. The Get-ADUser cmdlet is used to read an AD user account. You may investigate one or more AD user accounts using the Get-ADUser cmdlet.
To illustrate, investigate the accountant user1 user account generated by the user-provisioning script mentioned earlier using the Get-ADUser cmdlet.
To provide the username, utilize the Identity argument. This is a necessary parameter. We’re also utilizing the Properties option, as you can see below. Not all AD user account attributes are returned by default. Get-ADUser is told to return additional properties using the Properties argument.
Distinguished Name, GUID (objectGUID), Security Identifier (objectSid), and SAM Account Name are all valid options for the Identity parameter (sAMAccountName).
Furthermore, the Select-Object cmdlet is being used to restrict the output of the AD attributes obtained from AD. This command only returns the user characteristics Name, Department, physicalDeliveryOffice, and State, as shown below.
PS51> Get-ADUser -Identity accountant_user1 -Properties Name,Department,physicalDeliveryOfficeName,st | Select-Object -Property Name,Department,physicalDeliveryOfficeName,State Name Department physicalDeliveryOfficeName State —- ———- ————————– — accountant_user1 Accounting Miami FL
Using Set-ADUser to change the properties of an AD user account
Now that you know what the account user1 user account settings are configured to, use Set-ADUser to modify them.
The Identity argument is the most critical parameter to utilize with Set-ADUser. Get-ADUser expects the same value for this argument.
Without explicitly utilizing the Identity option, you may utilize the PowerShell pipeline to transfer the result of Get-ADUser to Set-ADUser.
Changing the AD Attributes for the Office and State
Change the Office AD property for the accountant user1 object from Miami to Atlanta and the State AD attribute from FL to GA to show updating various user account properties. Set-ADUser contains arguments that correspond to the AD properties they are updating, as shown below.
PS51> Set-ADUser -Identity accountant_user1 -Office ‘Atlanta’ -State ‘GA’
When you perform the Set-ADUser command, there is no output by default. The Verbose parameter, on the other hand, may be used to adjust this behavior. The Verbose argument provides extensive information about the task that the cmdlet is doing.
Run Get-ADUser with the Properties option again, this time sending the Get-ADUser result to Select-Object.
PS51> Get-ADUser -Identity accountant_user1 -Properties Name,Department,physicalDeliveryOfficeName,State | Select-Object -Property Name,Department,physicalDeliveryOfficeName,State Name Department physicalDeliveryOfficeName State —- ———- ————————– — accountant_user1 Accounting Atlanta GA
Viola! Atlanta and Georgia (as GA) have been added to the accountant user1 user object as Office and State AD attribute values, respectively.
To see the complete set of arguments and syntax for the Set-ADUser cmdlet, execute the following command: Set-ADUser, Get-help, Get-help, Get-help, Get-help, Get-help,
Changing the AD Attribute Title
Several arguments are provided in the Set-ADUser cmdlet to adjust the property values of AD accounts. This section will concentrate on updating the Title attribute for a single user account as an example.
Using the same method as in the previous section, you can update the Title AD property on Set-ADUser by using the Title argument.
PS51> Set-ADUser -Identity it_user12 -Title ‘CIO’
After you’ve made the change, use Get-ADUser to double-check that it was successful, exactly as we did in the previous step. The AD attribute Title has been updated to CIO as seen below.
PS51> Get-ADUser -Identity it_user12 -Properties Name,Department,title | Select-Object -Property Name,Department,title Name Department title —- ———- —– it_user12 IT CIO
Using a Different Set of Credentials
Set-ADUser operates in the context of the currently logged-on user by default. However, you may override this behavior by using the Credential argument to provide a different credential set.
To authenticate to AD using other credentials, use Get-Credential to produce a PSCredential object, as shown below.
Check out the ATA blog article Using the PowerShell Get-Credential cmdlet and all things credentials for further information on building a PSCredential object.
PS51> $credential = Get-Credential
Now, using Set-ADUser, send the PSCredential object to the Credential argument, as seen below. This instructs AD to authenticate and perform the needed modification using the login and password contained in the credential set.
PS51> Set-ADUser -Identity it_user12 -Title ‘Senior Software Developer’ -Credential $credential
Disabling Active Directory User Accounts
It is recommended practice to deactivate AD accounts that are no longer in use or, in the case of a firm, when individuals depart. In the Marketing OU, the next procedure is to deactivate a single user account.
Before you use the Get-ADUser cmdlet with the Properties argument and the Select-Object cmdlet to make changes to the AD user object, study it first. An example of checking the market user6 user account may be seen below.
You can see that the Enabled attribute is set to True. When this attribute is deactivated, it returns False.
PS51> Get-ADUser -Identity market_user6 -Properties Name,Department,Enabled | Select-Object -Property Name,Department,Enabled Name Department Enabled —- ———- ——- market_user6 Marketing True
Then, using the set-aduser cmdlet, deactivate the user objects. Set the value of the Enabled parameter to $false or 0 to disable the AD account for the market user6 user. You can see an example of this below.
Find leaked & unsafe passwords in your Active Directory by checking against the NCSC Password list.
PS51> Set-AdUser -Identity market_user6 -Enabled $False
Do you want to rapidly check your Active Directory for credentials that have been leaked? Specops provides a free program that performs this and also creates a good report.
Run the Get-ADUser command again to ensure that the modifications were applied correctly, as shown below.
PS51> Get-ADUser -Identity market_user6 -Properties Name,Department,Enabled | Select-Object -Property Name,Department,Enabled Name Department Enabled —- ———- ——- market_user6 Marketing False
In AD, the market user6 user has been deactivated!
Note that you may also deactivate AD accounts using the Disable-ADAccount cmdlet.
Summary
You learned how to use the Get-ADUser PowerShell cmdlet to examine AD user accounts and the Set-ADUser cmdlet to make changes to AD user objects in this article.
Many businesses want the ability to make changes to user objects in AD in order to eliminate the requirement for a GUI and increase automation.
Now it’s time to automate!
Additional Reading
The “free online set” is a free online tool that allows users to create and share sets of images. Users can also use the site to find other sets they like.
Related Tags
- daily set
- set synonym
- set game
- set card game
- set daily puzzle