Locating Disabled User Accounts,Creating a UPN Suffix for a Forest,

Creating a UPN Suffix for a Forest

This topic explains how to use the Active Directory module for Windows PowerShell to create a new user principal name (UPN) suffix for the users in a forest. Creating an additional UPN suffix helps simplify the names that are used to log on to another domain in the forest.

Example

The following example demonstrates how to create a new UPN suffix for the users in the Fabrikam.com forest:
Set-ADForest -UPNSuffixes @{Add="headquarters.fabrikam.com"}

Additional information

You can use the following parameters when you set many of the common values that are associated with forest management in Active Directory Domain Services (AD DS):

• -SPNSuffixes
  
• -UPNSuffixes
  

For a full explanation of the parameters that you can pass to Set-ADForest, at the Active Directory module command prompt, type Get-Help Set-ADForest –detailed, and then press ENTER.

Locating Disabled User Accounts

This topic explains how to use the Active Directory module for Windows PowerShell to find users whose accounts are disabled.

Example

The following example demonstrates how to find users with disabled accounts in the Fabrikam.com domain:
Search-ADAccount -AccountDisabled | where {$_.ObjectClass -eq 'user'} | FT Name,ObjectClass -A

Additional information

For a full explanation of the parameters that you can pass to Search-ADAccount, at the Active Directory module command prompt, type Get-Help Search-ADAccount –detailed, and then press ENTER.

Viewing a User's Managed Objects

This topic explains how to use the Active Directory module for Windows PowerShell to view a user’s managed objects. Managed objects are objects that a user owns in Active Directory Domain Services (AD DS), such as an organizational unit (OU) or group.

Example

The following example demonstrates how to view the managed objects for the user JaneDow:
Get-ADUser JaneDow -Properties ManagedObjects

Additional information

In addition to the standard Lightweight Directory Access Protocol (LDAP) attributes, you can retrieve the following extended properties of the Get-ADUser cmdlet by using the -Properties parameter:

• City
  
• Country
  
• EmailAddress
  
• Fax
  
• LogonWorkstations
  
• MobilePhone
  
• Office
  
• OfficePhone
  
• Organization
  
• OtherName
  
• POBox
  
• SmartcardLogonRequired
  
• State
  
• Surname
  

For a full explanation of the parameters that you can pass to Get-ADUser, at the Active Directory module command prompt, type Get-Help Get-ADUser –detailed, and then press ENTER.