Skip to main content
The Active Directory section of the PowerShell Toolkit provides battle-tested scripts for managing AD environments at scale. Built from 20 years of hands-on experience in healthcare IT infrastructure, these scripts cover the most common and time-consuming AD administration tasks.
Always test scripts against a dedicated test organizational unit (OU) before running them in production. A mistake in AD can have broad impact across your environment.

What’s covered

The AD scripts are organized into the following categories:
  • User management — Query, create, modify, enable, disable, and report on user accounts
  • Group management — Manage group membership, analyze nested groups, and audit group usage
  • Domain administration — Domain-wide reporting, OU structure queries, and policy-related automation

Prerequisites

Required module

All Active Directory scripts require the ActiveDirectory PowerShell module. Install it with: 
Install-Module -Name ActiveDirectory
On Windows Server, the module is available via RSAT: 
Add-WindowsFeature RSAT-AD-PowerShell
On Windows 10/11 client machines: 
Add-WindowsCapability -Online -Name Rsat.ActiveDirectory.DS-LDS.Tools~~~~0.0.1.0

Required permissions

OperationMinimum permission
Querying users, groups, OUsDomain Users (read access)
Modifying accounts or group membershipAccount Operators or delegated rights
Domain-wide changes, creating OUsDomain Admins

Script categories

User Management

Query user accounts, generate reports, create and modify accounts, and manage account status (enable/disable).

Group Management

Query group membership, add and remove members, analyze nested groups, and audit group usage.

Getting started

1

Clone the repository

git clone https://github.com/bigjoestretch/powershell-toolkit.git
2

Install the ActiveDirectory module

Verify the module is available in your session:
Get-Module -ListAvailable -Name ActiveDirectory
3

Review the script before running

Open the script in a text editor and read the parameters and comment block at the top before executing.
4

Run against a test OU first

Scope your initial run to a non-critical OU to verify behavior:
.\ActiveDirectory\Get-ADUserReport.ps1 -SearchBase "OU=Test,DC=domain,DC=com"

Build docs developers (and LLMs) love

Get started for freeTalk to us