{"id":21739296,"url":"https://github.com/tech-freedom/ad-management","last_synced_at":"2025-10-10T06:33:33.660Z","repository":{"id":264647286,"uuid":"893958452","full_name":"Tech-Freedom/AD-Management","owner":"Tech-Freedom","description":"Automation of various Active Directory tasks with PowerShell","archived":false,"fork":false,"pushed_at":"2024-11-25T14:14:42.000Z","size":6,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-03-21T00:44:19.537Z","etag":null,"topics":["active-directory","groups-manager","powershell","powershell-script","powershell-scripts"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Tech-Freedom.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-11-25T14:02:00.000Z","updated_at":"2024-11-25T14:16:29.000Z","dependencies_parsed_at":"2024-11-25T15:38:01.644Z","dependency_job_id":null,"html_url":"https://github.com/Tech-Freedom/AD-Management","commit_stats":null,"previous_names":["tech-freedom/ad-management"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/Tech-Freedom/AD-Management","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Tech-Freedom%2FAD-Management","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Tech-Freedom%2FAD-Management/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Tech-Freedom%2FAD-Management/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Tech-Freedom%2FAD-Management/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Tech-Freedom","download_url":"https://codeload.github.com/Tech-Freedom/AD-Management/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Tech-Freedom%2FAD-Management/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279002962,"owners_count":26083489,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-10T02:00:06.843Z","response_time":62,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["active-directory","groups-manager","powershell","powershell-script","powershell-scripts"],"created_at":"2024-11-26T06:08:25.974Z","updated_at":"2025-10-10T06:33:33.644Z","avatar_url":"https://github.com/Tech-Freedom.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# Active Directory Management Toolkit\n\nLab Overview\nThis repository documents a comprehensive Active Directory management solution developed during the Google IT Support Certificate program, providing scripts, documentation, and best practices for Windows Server administration.\n\nObjectives\n\nAutomate Active Directory user and group management\nImplement consistent security policies\nProvide reusable PowerShell scripts for system administrators\n\nYou can find the PowerShell automation scripts here: \n[active-directory-scripts.txt](https://github.com/user-attachments/files/17904114/active-directory-scripts.txt)# Active Directory Management Scripts\n# A collection of useful PowerShell scripts for automating AD tasks\n\n#region User Management Scripts\n\nfunction New-ADUserWithDefaults {\n param(\n [Parameter(Mandatory=$true)]\n [string]$FirstName,\n \n [Parameter(Mandatory=$true)]\n [string]$LastName,\n \n [Parameter(Mandatory=$true)]\n [string]$Username,\n \n [Parameter(Mandatory=$true)]\n [SecureString]$Password,\n \n [string]$Department,\n [string]$Title,\n [string[]]$Groups\n )\n \n try {\n # Create new user with basic attributes\n $userParams = @{\n Name = \"$FirstName $LastName\"\n GivenName = $FirstName\n Surname = $LastName\n SamAccountName = $Username\n UserPrincipalName = \"$Username@$((Get-ADDomain).DNSRoot)\"\n Enabled = $true\n ChangePasswordAtLogon = $true\n AccountPassword = $Password\n Path = (Get-ADDomain).UsersContainer\n }\n \n if ($Department) { $userParams.Department = $Department }\n if ($Title) { $userParams.Title = $Title }\n \n New-ADUser @userParams\n \n # Add user to specified groups\n if ($Groups) {\n foreach ($group in $Groups) {\n Add-ADGroupMember -Identity $group -Members $Username\n }\n }\n \n Write-Host \"User $Username created successfully!\" -ForegroundColor Green\n }\n catch {\n Write-Error \"Failed to create user: $_\"\n }\n}\n\nfunction Remove-InactiveADUsers {\n param(\n [int]$DaysInactive = 90,\n [switch]$WhatIf\n )\n \n $inactiveDate = (Get-Date).AddDays(-$DaysInactive)\n \n Get-ADUser -Filter {\n LastLogonDate -lt $inactiveDate -and Enabled -eq $true\n } -Properties LastLogonDate | ForEach-Object {\n if ($WhatIf) {\n Write-Host \"Would disable user: $($_.SamAccountName)\" -ForegroundColor Yellow\n } else {\n Disable-ADAccount -Identity $_.SamAccountName\n Write-Host \"Disabled inactive user: $($_.SamAccountName)\" -ForegroundColor Green\n }\n }\n}\n\n#endregion\n\n#region Group Management Scripts\n\nfunction New-ADGroupWithMembers {\n param(\n [Parameter(Mandatory=$true)]\n [string]$GroupName,\n \n [string]$Description,\n [string[]]$Members,\n [string]$ParentGroup\n )\n \n try {\n # Create new group\n $groupParams = @{\n Name = $GroupName\n GroupScope = 'Global'\n GroupCategory = 'Security'\n Path = (Get-ADDomain).UsersContainer\n }\n \n if ($Description) { $groupParams.Description = $Description }\n \n New-ADGroup @groupParams\n \n # Add members if specified\n if ($Members) {\n Add-ADGroupMember -Identity $GroupName -Members $Members\n }\n \n # Add to parent group if specified\n if ($ParentGroup) {\n Add-ADGroupMember -Identity $ParentGroup -Members $GroupName\n }\n \n Write-Host \"Group $GroupName created successfully!\" -ForegroundColor Green\n }\n catch {\n Write-Error \"Failed to create group: $_\"\n }\n}\n\nfunction Sync-ADGroupMembers {\n param(\n [Parameter(Mandatory=$true)]\n [string]$SourceGroup,\n \n [Parameter(Mandatory=$true)]\n [string]$DestinationGroup\n )\n \n try {\n $sourceMembers = Get-ADGroupMember -Identity $SourceGroup\n $destMembers = Get-ADGroupMember -Identity $DestinationGroup\n \n # Add missing members\n $sourceMembers | Where-Object {\n $_.distinguishedName -notin $destMembers.distinguishedName\n } | ForEach-Object {\n Add-ADGroupMember -Identity $DestinationGroup -Members $_.distinguishedName\n Write-Host \"Added $($_.name) to $DestinationGroup\" -ForegroundColor Green\n }\n \n # Remove extra members\n $destMembers | Where-Object {\n $_.distinguishedName -notin $sourceMembers.distinguishedName\n } | ForEach-Object {\n Remove-ADGroupMember -Identity $DestinationGroup -Members $_.distinguishedName -Confirm:$false\n Write-Host \"Removed $($_.name) from $DestinationGroup\" -ForegroundColor Yellow\n }\n }\n catch {\n Write-Error \"Failed to sync groups: $_\"\n }\n}\n\n#endregion\n\n#region GPO Management Scripts\n\nfunction New-WallpaperGPO {\n param(\n [Parameter(Mandatory=$true)]\n [string]$GPOName,\n \n [Parameter(Mandatory=$true)]\n [string]$WallpaperPath,\n \n [Parameter(Mandatory=$true)]\n [string]$TargetOU\n )\n \n try {\n # Create new GPO\n $gpo = New-GPO -Name $GPOName\n \n # Set wallpaper configuration\n Set-GPRegistryValue -Name $GPOName -Key \"HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\" `\n -ValueName Wallpaper -Type String -Value $WallpaperPath\n \n Set-GPRegistryValue -Name $GPOName -Key \"HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\" `\n -ValueName WallpaperStyle -Type String -Value \"2\"\n \n # Link GPO to target OU\n New-GPLink -Name $GPOName -Target $TargetOU\n \n Write-Host \"Wallpaper GPO created and linked successfully!\" -ForegroundColor Green\n }\n catch {\n Write-Error \"Failed to create GPO: $_\"\n }\n}\n\nfunction Export-GPOSettings {\n param(\n [string]$OutputPath = \"C:\\GPOBackups\",\n [switch]$IncludeACL\n )\n \n # Create backup directory if it doesn't exist\n if (!(Test-Path $OutputPath)) {\n New-Item -ItemType Directory -Path $OutputPath\n }\n \n $date = Get-Date -Format \"yyyy-MM-dd_HH-mm\"\n $backupPath = Join-Path $OutputPath $date\n \n try {\n # Backup all GPOs\n Backup-GPO -All -Path $backupPath\n \n if ($IncludeACL) {\n # Export GPO permissions\n $gpos = Get-GPO -All\n foreach ($gpo in $gpos) {\n $aclPath = Join-Path $backupPath \"$($gpo.DisplayName)_ACL.csv\"\n Get-GPPermissions -Name $gpo.DisplayName -All | \n Export-Csv -Path $aclPath -NoTypeInformation\n }\n }\n \n Write-Host \"GPO backup completed successfully at: $backupPath\" -ForegroundColor Green\n }\n catch {\n Write-Error \"Failed to backup GPOs: $_\"\n }\n}\n\n#endregion\n\n#region Reporting Scripts\n\nfunction Get-ADUserReport {\n param(\n [string]$OutputPath = \"C:\\Reports\\UserReport.csv\"\n )\n \n try {\n Get-ADUser -Filter * -Properties Department, Title, LastLogonDate, \n Enabled, PasswordLastSet, PasswordExpired, PasswordNeverExpires |\n Select-Object Name, SamAccountName, Department, Title, LastLogonDate,\n Enabled, PasswordLastSet, PasswordExpired, PasswordNeverExpires |\n Export-Csv -Path $OutputPath -NoTypeInformation\n \n Write-Host \"User report generated at: $OutputPath\" -ForegroundColor Green\n }\n catch {\n Write-Error \"Failed to generate user report: $_\"\n }\n}\n\nfunction Get-ADGroupReport {\n param(\n [string]$OutputPath = \"C:\\Reports\\GroupReport.csv\"\n )\n \n try {\n $groups = Get-ADGroup -Filter * -Properties Description, Members\n \n $groupReport = foreach ($group in $groups) {\n [PSCustomObject]@{\n Name = $group.Name\n Description = $group.Description\n MemberCount = @($group.Members).Count\n Members = ($group.Members | ForEach-Object { (Get-ADObject $_).Name }) -join '; '\n }\n }\n \n $groupReport | Export-Csv -Path $OutputPath -NoTypeInformation\n Write-Host \"Group report generated at: $OutputPath\" -ForegroundColor Green\n }\n catch {\n Write-Error \"Failed to generate group report: $_\"\n }\n}\n\n#endregion\n\n# Example Usage:\n\n\u003c#\n\n# Create new user\n$password = ConvertTo-SecureString \"ComplexPass123!\" -AsPlainText -Force\nNew-ADUserWithDefaults -FirstName \"John\" -LastName \"Doe\" -Username \"jdoe\" -Password $password -Department \"IT\" -Groups \"Python Developers\"\n\n# Create new group\nNew-ADGroupWithMembers -GroupName \"Python Developers\" -Description \"Python Development Team\" -ParentGroup \"Developers\"\n\n# Create wallpaper GPO\nNew-WallpaperGPO -GPOName \"Developer Wallpaper\" -WallpaperPath \"C:\\Wallpapers\\dev.jpg\" -TargetOU \"OU=Developers,DC=example,DC=com\"\n\n# Generate reports\nGet-ADUserReport\nGet-ADGroupReport\n\n#\u003e\n\n\n Prerequisites\n\nWindows Server\nPowerShell 5.1 or later\nActive Directory Domain Services (AD DS) installed\nAdministrator privileges\n\n Lab Walkthrough: Active Directory Installation\n1. Active Directory Installation Process\nPowerShell Installation Commands\npowershellCopy# Install Active Directory Domain Services\nC:\\Qwiklabs\\ADSetup\\active_directory_install.ps1\n\n# Configure Active Directory post-installation\nC:\\Qwiklabs\\ADSetup\\configure_active_directory.ps1\n2. User Management Workflow\nCreating a New User\n\nOpen Active Directory Administrative Center (ADAC)\nNavigate to Users container\nClick \"New\" → \"User\"\nComplete user details\nSet initial password\nEnable account\n\nPowerShell Script Example\npowershellCopy# Create new user with defaults\n$password = ConvertTo-SecureString \"ComplexPass123!\" -AsPlainText -Force\nNew-ADUserWithDefaults `\n -FirstName \"John\" `\n -LastName \"Doe\" `\n -Username \"jdoe\" `\n -Password $password `\n -Department \"IT\" `\n -Groups \"Python Developers\"\n3. Group Management\nCreating Security Groups\n\nOpen Active Directory Administrative Center\nNavigate to Users container\nClick \"New\" → \"Group\"\nDefine group name and scope\n\nPowerShell Script Example\npowershellCopy# Create new group with members\nNew-ADGroupWithMembers `\n -GroupName \"Python Developers\" `\n -Description \"Python Development Team\" `\n -Members \"jdoe\", \"msmith\" `\n -ParentGroup \"Developers\"\n4. Group Policy Configuration\nCreating Wallpaper GPO\n\nOpen Group Policy Management\nRight-click domain/OU\nCreate new GPO\nConfigure wallpaper settings\n\nPowerShell Script Example\npowershellCopy# Create wallpaper GPO\nNew-WallpaperGPO `\n -GPOName \"Developer Wallpaper\" `\n -WallpaperPath \"C:\\Wallpapers\\dev.jpg\" `\n -TargetOU \"OU=Developers,DC=example,DC=com\"\n \n Key Automation Scripts\nUser Management\n\nNew-ADUserWithDefaults: Automated user creation\nRemove-InactiveADUsers: Disable inactive user accounts\n\nGroup Management\n\nNew-ADGroupWithMembers: Create groups with optional membership\nSync-ADGroupMembers: Synchronize group memberships\n\nGPO Management\n\nNew-WallpaperGPO: Create wallpaper group policies\nExport-GPOSettings: Backup GPO configurations\n\nReporting\n\nGet-ADUserReport: Generate comprehensive user reports\nGet-ADGroupReport: Create detailed group membership reports\n\n Best Practices\n\nUse strong, complex passwords\nImplement principle of least privilege\nRegularly audit user and group memberships\nBackup GPO configurations\nMonitor inactive accounts\n\nQuick Start\nScript Execution\n\nOpen PowerShell as Administrator\nImport the AD-Management-Scripts.ps1\nUse functions as demonstrated in examples\n\nExample Workflow\npowershellCopy# Import the script\n. .\\AD-Management-Scripts.ps1\n\n# Create user\n$securePass = ConvertTo-SecureString \"SecurePassword123!\" -AsPlainText -Force\nNew-ADUserWithDefaults -FirstName \"Jane\" -LastName \"Smith\" -Username \"jsmith\" -Password $securePass\n\n# Generate reports\nGet-ADUserReport\nGet-ADGroupReport\nSecurity Considerations\n\nNever hardcode passwords in scripts\nUse secure string for password handling\nImplement multi-factor authentication\nRegularly update and patch systems\n\n Additional Resources\n\nMicrosoft Active Directory Documentation\nPowerShell Active Directory Module\nWindows Server Security Best Practices\n\n Notes\nCreated during Google IT Support Certificate training\nFor educational and demonstration purposes\n License\nThis project is open-source. Refer to the licensing terms in the repository.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftech-freedom%2Fad-management","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftech-freedom%2Fad-management","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftech-freedom%2Fad-management/lists"}