Platforms · AD Domain Lab · Managing AD & GP with PowerShell

Managing AD & GP with PowerShell

Import the AD module, create users (single & batch), reset passwords, and link or scope GPOs with OU links and security filtering—all from PowerShell.

Preparing the PowerShell Environment

Import the ActiveDirectory Module

Import-Module ActiveDirectory

Import the ActiveDirectory module to manage AD DS and LDS from PowerShell.

Importing the Active Directory PowerShell module

Create a Single User

Single User Creation Script

Maintain a reusable .ps1 template, update attributes, and execute to quickly provision a user.

Single user creation script template
Running a new user creation script

Batch User Creation in AD

Import Users from CSV

  1. Create a CSV with user attributes.
  2. Import the CSV in a script and call New-ADUser for each row.
  3. Verify in ADUC (e.g., TestUsers OU).
CSV structure for importing users
Import CSV and create users PowerShell script
Created users shown in ADUC

Reset a User's Password

Set-ADAccountPassword

  1. Use Set-ADAccountPassword to reset.
Set-ADAccountPassword -Identity "BTest" -NewPassword (ConvertTo-SecureString "summer2025!" -AsPlainText -Force ) -Reset
Reset user password using PowerShell
  1. Optionally enforce password change at next logon.
Set-ADUser -Identity "BTest" -ChangePasswordAtLogon $true
Force user to change password at next logon

Apply a GPO to Users via OU Link

New-GPLink

New-GPLink -Name "Disable Control Panel" -Target "OU=TestUsers,DC=Domain-1,DC=local"

Link an existing GPO to an OU to target all user objects within (unless further constrained by security filtering).

PowerShell command to link a GPO to an OU

Target a Specific User with Security Filtering

Grant GPO Apply Permissions

  1. Grant the user (or a security group) Read and Apply Group Policy on the GPO.
  2. Optional: Remove Authenticated Users from Security Filtering if you want exclusive targeting.
  3. Be cautious—ensure the correct principals retain required rights.
Set-GPPermission -Name "Disable Control Panel" -TargetName "DRicks" -PermissionLevel GpoApply
Grant GPO permissions for a specific user or group
Apply Group Policy and Read permissions in GPMC

Remove Authenticated Users

Set-GPPermissions -Name "Disable Control Panel" -TargetName "Authenticated Users" -TargetType Group -PermissionLevel None
Security filtering edit example
← Back to Home