Windows & Linux · AD Domain Lab · Managing AD & GP with PowerShell

Managing AD & GP with PowerShell

Import the AD module, create users (single & batch), reset passwords, and link or scope GPOs with OU links and security filtering—all from PowerShell.

Preparing the PowerShell Environment

Import-Module ActiveDirectory

Import the ActiveDirectory module to manage AD DS and LDS from PowerShell.

Importing the Active Directory PowerShell module

Create a Single User

Maintain a reusable .ps1 template, update attributes, and execute to quickly provision a user.

Batch User Creation in AD

Create a CSV with user attributes.
Import the CSV in a script and call New-ADUser for each row.
Verify in ADUC (e.g., TestUsers OU).

Import CSV and create users PowerShell script

Reset a User’s Password

Use Set-ADAccountPassword to reset.

Set-ADAccountPassword -Identity "BTest" -NewPassword (ConvertTo-SecureString "summer2025!" -AsPlainText -Force ) -Reset

Optionally enforce password change at next logon.

Set-ADUser -Identity "BTest" -ChangePasswordAtLogon $true

Force user to change password at next logon

Apply a GPO to Users via OU Link

New-GPLink -Name "Disable Control Panel" -Target "OU=TestUsers,DC=Domain-1,DC=local"

Link an existing GPO to an OU to target all user objects within (unless further constrained by security filtering).

PowerShell command to link a GPO to an OU

Target a Specific User with Security Filtering

Grant the user (or a security group) Read and Apply Group Policy on the GPO.
Optional: Remove Authenticated Users from Security Filtering if you want exclusive targeting.
Be cautious—ensure the correct principals retain required rights.

Set-GPPermission -Name "Disable Control Panel" -TargetName "DRicks" -PermissionLevel GpoApply

Grant GPO permissions for a specific user or group

Apply Group Policy and Read permissions in GPMC

Set-GPPermissions -Name "Disable Control Panel" -TargetName "Authenticated Users" -TargetType Group -PermissionLevel None

Back to Home