liminfo

Active Directory Reference

Free reference guide: Active Directory Reference

40 results

About Active Directory Reference

The Active Directory PowerShell Reference is a comprehensive, searchable cheat sheet covering the most important AD administration commands organized into eight categories: Domain, OU (Organizational Units), User, Group, GPO (Group Policy Objects), DNS, Replication, and PowerShell automation. Every entry includes the cmdlet or command syntax, a plain-language description, and a ready-to-run code example showing real-world usage patterns.

This reference is used by Windows system administrators, Active Directory engineers, and IT operations teams responsible for managing enterprise directory services. Common tasks covered include promoting domain controllers (Install-ADDSForest), configuring FSMO roles, setting up site and subnet replication topology, creating and managing OUs with delegation of control, bulk-creating user accounts from CSV imports, managing security groups across Global/Universal/DomainLocal scopes, and creating GPO links with security filtering.

The reference is organized so that related concepts appear together within each category. The Domain section covers forest functional levels, FSMO role queries, domain trusts, and AD site configuration. The PowerShell section focuses on advanced scripting patterns including LDAP filter queries, bulk operations with Import-Csv, and general-purpose Get-ADObject / Set-ADObject usage. DNS integration covers AD-integrated zones, A and CNAME record management, and forwarder configuration.

Key Features

  • Eight searchable categories: Domain, OU, User, Group, GPO, DNS, Replication, PowerShell
  • FSMO role management: Schema Master, Domain Naming, PDC Emulator, RID Master, Infrastructure Master
  • User lifecycle commands: New-ADUser, Get-ADUser, Set-ADUser, Unlock-ADAccount, Search-ADAccount
  • Group management with scope types explained: Global, Universal, and Domain Local groups
  • GPO operations: New-GPO, New-GPLink, Get-GPOReport, Backup-GPO, Restore-GPO, Set-GPPermission
  • AD-integrated DNS zone management: A records, CNAME records, forwarders, and dynamic updates
  • Replication diagnostics: repadmin /replsummary, repadmin /syncall, dcdiag, Get-ADReplicationFailure
  • Advanced PowerShell: LDAP filter queries, CSV-based bulk user creation, Get-ADObject with SearchBase

Frequently Asked Questions

What categories does this Active Directory reference cover?

The reference covers eight categories: Domain (forest/domain setup, FSMO roles, trusts, sites), OU (creation, delegation, moving objects), User (account creation, modification, unlocking, searching), Group (security groups, scopes, membership), GPO (creation, linking, reporting, backup), DNS (A/CNAME records, zones, forwarders), Replication (repadmin, dcdiag, failure diagnostics), and PowerShell (LDAP filters, bulk operations).

How do I use the search and filter feature?

Type any keyword into the search bar to instantly filter entries across all categories. You can also click a category tab to narrow the view to a specific domain. Search matches on syntax, description, and example text.

What is the difference between Global, Universal, and Domain Local groups?

Global groups contain members from the same domain and can access resources forest-wide. Universal groups can contain members from any domain in the forest and access resources anywhere. Domain Local groups are used to assign permissions to resources in a single domain and can contain members from any trusted domain.

How do I check which domain controller holds the FSMO roles?

Run "netdom query fsmo" from any domain member. This lists all five FSMO roles: Schema Master, Domain Naming Master, PDC Emulator, RID Master, and Infrastructure Master, along with the DC holding each role.

What does the OU delegation example demonstrate?

The dsacls example in the OU category shows how to grant the HelpDesk group permission to reset passwords (RPWP;pwdLastSet) on a specific OU, without giving them broader domain admin rights. This is the standard least-privilege approach for tier-1 support teams.

How do I create users in bulk from a CSV file?

The AD Bulk Operations entry in the PowerShell category shows the pattern: use Import-Csv to read a CSV file with columns like Name, SAM, and OU, then pipe each row to New-ADUser. This lets you create hundreds of accounts from a spreadsheet in seconds.

What replication commands should I run to diagnose AD sync issues?

Start with "repadmin /replsummary" for a high-level overview, then "repadmin /showrepl" for detailed per-DC replication status. Use "Get-ADReplicationFailure -Scope Domain" to list all replication failures, and "dcdiag /v /c /d /e" for a full domain controller health check.

How does the AD-integrated DNS zone differ from a standard DNS zone?

An AD-integrated zone stores DNS data as objects in Active Directory rather than in flat zone files. This enables secure dynamic updates, multi-master replication through AD replication channels, and automatic failover when DCs are added or removed — all without separate DNS zone transfer configuration.