Problem1: The administrator password does not meet the requirement. we recommend that you use the net user command-line tool with the /passwordreq
Solution: open a CMD window, type
net user Administrator <password> /passwordreq:yes
The <password> is the password you would set.
Active Directory Administrative Center (ADAC) is the primary tool for performing day-to-day tasks in the administration of an Active Directory environment.
Enable Recycle bin: in the ADAC, right click on the domain name, click “Enable recycle bin...”, note that this is not reversible.
Check the object in the bin: Click the arrow to the right of the domain name, choose Deleted Objects.
Empty recycle bin: There is no GUI to delete object in recycle bin, but we can use powershell. Following one empty all the objects:
Get-ADObject -Filter 'isDeleted -eq $true -and Name -like "*DEL:*"' -IncludeDeletedObjects | Remove-ADObject -Confirm:$false
To delete a specific one, e.g, user name peter, you can use
Get-ADObject -Filter 'isDeleted -eq $true -and Name -like "*DEL:*"' -and Name -like "*peter*" -IncludeDeletedObjects | Remove-ADObject -Confirm:$false
Restore-ADobject CMDLET syntax:
Restore-ADObject -Confirm:$false -Identity:”8713b0xxxxxxxx” -Server:”test.hom.com”
The Identity can be found in ADAC, right click the user, property, scroll down to extentions, then “attribute editor” find the objectGUID. Use this as the identity in the command.
Anyway, if we are in the core environment, How to get this by command???
This is the one for existing user: Get-ADuser -identity Bella
New-ADFineGrainedPasswordPolicy -Name:”Fallback” -Precedence:”3″ -MaxPasswordAge:”9″
All the parameters should be in the double quotation mark ” ” .
Remove-ADFineGrainedPasswordPolicy //enter, then you will need to input the name.
Create users in bulk:
PS C:\> Import-Csv C:\data\new-users.csv | New-ADUser -PassThru | ` Set-ADAccountPassword -Reset ` -NewPassword (ConvertTo-SecureString -AsPlainText "Pa$$w0rd" -Force) ` -PassThru | Enable-ADAccount
The command takes the string “Pa$$w0rd” and converts it from plain text to a secure string so that it can be used by the –NewPassword parameter of the Set-ADAccountPassword cmdlet The –Force parameter is needed to suppress the confrimation prompt generated by use of the –AsPlainText parameter