If you set up Active Directory by clicking through the GUI in Episode 1, good. You learned the shape of it. Now we’re going to stop doing that.
This is Episode 2 of the TrevTech homelab series. Everything we do here runs on trevtech.lab — the domain we built on the Dell R730 in the last video. This episode is about managing Active Directory with PowerShell: creating users, building OUs, assigning groups, and running the kind of bulk operations that would take you hours in the GUI.
Why PowerShell for AD?
Because the GUI doesn’t scale.
If you’re managing 10 users, clicking through Active Directory Users and Computers is fine. If you’re onboarding 50 new starters, or restructuring a department’s OU layout, or auditing group membership across the domain — you need automation.
PowerShell is also what sysadmins actually use at work. In a real environment, nobody is clicking to create 200 student accounts at the start of term. That’s a script. Understanding how to write and run those scripts is the difference between a help desk tech who knows where the buttons are, and a sysadmin who can own the environment.
The Essential AD PowerShell Commands
Here’s what you actually need to know. Not a comprehensive list — just the commands that will do 90% of what you need day-to-day.
Getting Information
#List all users
Get-ADUser -Filter * | Select-Object Name, SamAccountName, Enabled
#Find a specific user
Get-ADUser -Identity "jsmith" -Properties *
#List all OUs
Get-ADOrganizationalUnit -Filter * | Select-Object Name, DistinguishedName
#List all groups
Get-ADGroup -Filter * | Select-Object Name, GroupScope, GroupCategory
#Who's in a group?
Get-ADGroupMember -Identity "IT-Admins" | Select-Object Name, SamAccountName
Creating and Managing Users
# Create a single user
New-ADUser `
-Name "Jane Doe" `
-GivenName "Jane" `
-Surname "Doe" `
-SamAccountName "jdoe" `
-UserPrincipalName "jdoe@trevtech.lab" `
-Path "OU=Users,DC=trevtech,DC=lab" `
-AccountPassword (ConvertTo-SecureString "P@ssword123!" -AsPlainText -Force) `
-Enabled $true
# Bulk create users from a CSV
Import-Csv "C:\Scripts\new-users.csv" | ForEach-Object {
New-ADUser `
-Name "$($_.FirstName) $($_.LastName)" `
-GivenName $_.FirstName `
-Surname $_.LastName `
-SamAccountName $_.Username `
-UserPrincipalName "$($_.Username)@trevtech.lab" `
-Path "OU=Users,DC=trevtech,DC=lab" `
-AccountPassword (ConvertTo-SecureString $_.Password -AsPlainText -Force) `
-Enabled $true
Write-Host "Created: $($_.Username)"
}Managing Groups and OUs
# Add a user to a group
Add-ADGroupMember -Identity "IT-Admins" -Members "jdoe"
# Create an OU
New-ADOrganizationalUnit -Name "Finance" -Path "DC=trevtech,DC=lab"
# Move a user to a different OU
Move-ADObject `
-Identity "CN=Jane Doe,OU=Users,DC=trevtech,DC=lab" `
-TargetPath "OU=Finance,DC=trevtech,DC=lab"
# Disable a user account
Disable-ADAccount -Identity "jdoe"
# Reset a password
Set-ADAccountPassword -Identity "jdoe" `
-NewPassword (ConvertTo-SecureString "NewP@ss456!" -AsPlainText -Force) `
-ResetIs It Worth Learning?
Yes. Full stop.
PowerShell for AD is one of those skills that looks impressive in interviews and saves you genuine hours in the job. Even if your employer isn’t running everything from scripts yet, knowing how to do it puts you in a different tier.
This is also the foundation for everything that comes later in this series. Group Policy can be managed with PowerShell. DNS records can be managed with PowerShell. File share permissions can be set with PowerShell. We’ll use it in every remaining episode.
What’s Next
Episode 3 is Group Policy — we’re going to create, link, and test GPOs on the domain. Password policies, software restrictions, desktop lockdowns — the stuff that actually governs what users can and can’t do on trevtech.lab.
Watch it on TrevTech-IT on YouTube and drop your scripts (or your script errors) in the comments.
— Trev | *I broke it. Fixed it.
