# User Management with PowerShell PowerShell is a powerful tool for managing users and groups in Windows and Active Directory. It allows you to create and delete user accounts, reset passwords, manage group memberships, and much more. #### Overview of Active Directory Active Directory (AD) is a directory service developed by Microsoft and is a component of the Windows Server operating system. It provides a centralized database for all domain-joined devices, users, printers, applications, and other resources on your network. With Active Directory, you can create, manage, and delete user accounts from a single central location. It also allows you to perform actions like resetting user passwords, enforcing password policies, and managing user profiles and access permissions. Group policies allow you to apply the same settings to multiple users or devices easily. Through these policies, you can ensure consistency in areas such as software distribution, desktop settings, and security settings, and control user and computer behavior. Active Directory is scalable from small networks to large enterprise networks, supporting thousands of users and devices, and can expand your infrastructure as needed. RSAT RSAT, short for Remote Server Administration Tools, is a Microsoft technology that allows you to manage remote Windows Servers from a computer running the Windows operating system. RSAT includes various server management tools, some of which are graphical user interface (GUI) tools, while others are offered as PowerShell cmdlets. Through modules installed as part of RSAT, PowerShell provides an extensive set of commands for server management. These modules include cmdlets specific to server roles and features. Installation 1. Open the Start menu. 2. Go to Settings. 3. Select Apps. 4. Click on Apps & features. 5. In the right panel, find "Optional features". 6. Click on "Add a feature". 7. In the window that opens, search for "RSAT". 8. Select the result from the search. 9. Click "Install". #### User and Group Management Why should we list and identify users and groups? By listing users, groups, and their permissions, you can identify potential security weaknesses on the network and Active Directory/Windows machines. For example, you can find user accounts with excessive permissions or groups with unwanted members. Remember that these commands require elevated privileges. If you encounter errors while trying these commands on your machine, open PowerShell as an administrator. Local Users Get-LocalUser Retrieves user accounts. Lists all users if no parameter is specified. ```auto PS C:\Windows\system32> Get-LocalUser Name Enabled Description ---- ------- ----------- Administrator False Built-in account for administering the computer/domain DefaultAccount False A user account managed by the system. Guest False Built-in account for guest access to the computer/domain user True WDAGUtilityAccount False A user account managed and used by the system for Windows Defender Application Guard scenarios. ``` New-LocalUser Creates a new local user account on the computer. ```auto PS C:\Windows\system32> New-LocalUser -Name "j.doe" -Password (ConvertTo-SecureString -String 'password123' -AsPlainText -Force) Name Enabled Description ---- ------- ----------- j.doe True ``` Set-LocalUser Modifies properties of an existing local user account. ```auto Set-LocalUser -Name "j.doe" -Description "This is a test user." ``` Disable-LocalUser Disables a local user account. ```auto Disable-LocalUser -Name "j.doe" ``` Enable-LocalUser Re-enables a disabled local user account. ```auto Enable-LocalUser -Name "j.doe" ``` Remove-LocalUser Deletes a local user account from the computer. ```auto Remove-LocalUser -Name "j.doe" ``` Local Groups Get-LocalGroup Lists all local groups on the computer. ```auto Get-LocalGroup ``` New-LocalGroup Creates a new local group on the computer. ```auto New-LocalGroup -Name "Students" ``` Set-LocalGroup Modifies properties of an existing local group. ```auto Set-LocalGroup -Name "Students" -Description "Improvise. Adapt. Overcome." ``` Add-LocalGroupMember Adds a user or another group to a specified local group. ```auto Add-LocalGroupMember -Group "Students" -Member "j.doe" ``` Remove-LocalGroupMember Removes a user or another group from a specified local group. ```auto Remove-LocalGroupMember -Group "Students" -Member "j.doe" ``` Remove-LocalGroup Deletes a local group from the computer. ```auto Remove-LocalGroup -Name "Students" ``` Active Directory Users Get-ADUser Queries and retrieves information about one or more user accounts from Active Directory. Search by a specific username: ```auto Get-ADUser "j.doe" ``` List all users: ```auto Get-ADUser -Filter * ``` New-ADUser Creates a new user account in Active Directory. ```auto New-ADUser -Name "j.doe" -SamAccountName j.doe -AccountPassword (ConvertTo-SecureString "sifre123!" -AsPlainText -Force) ``` Set-ADUser Modifies properties of an existing user account in Active Directory. Change the user's surname: ```auto Set-ADUser -Identity "j.doe" -Surname "doe" ``` Remove-ADUser Deletes a user account from Active Directory. ```auto Remove-ADUser "j.doe" ``` Active Directory Groups Get-ADGroup Queries and retrieves information about one or more security groups from Active Directory. Search by a specific group name: ```auto Get-ADGroup "Students" ``` List all security groups: ```auto Get-ADGroup -Filter * ``` New-ADGroup Creates a new security group in Active Directory. This example uses the "Universal" group scope. Other scopes can be selected based on need. ```auto New-ADGroup -Name "Students" -GroupScope Universal ``` Set-ADGroup Modifies properties of an existing security group in Active Directory. Change the group's description: ```auto Set-ADGroup -Identity "Students" -Description "Learn as if you were to live forever" ``` Get-ADGroupMember Displays members of a specified security group in Active Directory. List members of the "Students" group: ```auto Get-ADGroupMember -Identity "Students" ``` Add-ADGroupMember Adds a user to a security group. ```auto Add-ADGroupMember -Identity "Students" -Members j.doe ``` Remove-ADGroupMember Removes a user or another group from a specified security group. ```auto Remove-ADGroupMember -Identity "Students" -Member "j.doe" ``` Remove-ADGroup Deletes a security group from Active Directory. ```auto Remove-ADGroup "Students" ```