Bird
Raised Fist0
PowerShellscripting~20 mins

Why AD management is essential for sysadmins in PowerShell - Challenge Your Understanding

Choose your learning style10 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Challenge - 5 Problems
🎖️
AD Management Master
Get all challenges correct to earn this badge!
Test your skills under time pressure!
🧠 Conceptual
intermediate
1:30remaining
Why is Active Directory (AD) management crucial for sysadmins?
Which of the following best explains why sysadmins must manage Active Directory effectively?
ABecause AD is only used for storing files and has no impact on network security.
BBecause AD automatically manages all network devices without any sysadmin intervention.
CBecause AD is a backup system for user data and does not affect user authentication.
DBecause AD controls user access and security policies across the network, ensuring proper permissions and compliance.
Attempts:
2 left
💡 Hint
Think about what AD controls in a network environment.
💻 Command Output
intermediate
2:00remaining
Output of a PowerShell command to list AD users
What is the output of this PowerShell command? Get-ADUser -Filter * -Properties Name | Select-Object -First 3 -ExpandProperty Name
PowerShell
Get-ADUser -Filter * -Properties Name | Select-Object -First 3 -ExpandProperty Name
A["Name", "Name", "Name"]
BError: The term 'Get-ADUser' is not recognized as the name of a cmdlet
C["Alice", "Bob", "Charlie"]
DEmpty output
Attempts:
2 left
💡 Hint
Get-ADUser lists users; Select-Object picks first 3 names.
📝 Syntax
advanced
2:30remaining
Identify the syntax error in this AD user creation script
Which option contains the correct syntax to create a new AD user with PowerShell?
PowerShell
New-ADUser -Name "John Doe" -SamAccountName "jdoe" -AccountPassword (ConvertTo-SecureString "P@ssw0rd" -AsPlainText -Force) -Enabled $true
ANew-ADUser -Name "John Doe" -SamAccountName "jdoe" -AccountPassword (ConvertTo-SecureString "P@ssw0rd" -AsPlainText -Force) -Enabled $true
BNew-ADUser -Name "John Doe" -SamAccountName "jdoe" -AccountPassword ConvertTo-SecureString "P@ssw0rd" -AsPlainText -Force -Enabled $true
CNew-ADUser -Name "John Doe" -SamAccountName "jdoe" -AccountPassword "P@ssw0rd" -Enabled $true
DNew-ADUser -Name "John Doe" -SamAccountName "jdoe" -AccountPassword (ConvertTo-SecureString "P@ssw0rd" -Force) -Enabled $true
Attempts:
2 left
💡 Hint
AccountPassword needs a secure string wrapped in parentheses.
🔧 Debug
advanced
2:00remaining
Why does this AD group membership script fail?
This script is supposed to add a user to a group but fails. What is the error? Add-ADGroupMember -Identity "Admins" -Members "jdoe"
PowerShell
Add-ADGroupMember -Identity "Admins" -Members "jdoe"
AError: Cannot find an object with identity: 'jdoe' because it does not exist or you do not have permission.
BError: The parameter -Members is not recognized.
CSuccess: User 'jdoe' added to group 'Admins'.
DError: The group 'Admins' does not exist.
Attempts:
2 left
💡 Hint
Check if the user 'jdoe' exists and permissions.
🚀 Application
expert
3:00remaining
Automate user account expiration notification
You want to write a PowerShell script that finds all AD users whose accounts expire within 7 days and sends an email notification. Which snippet correctly filters these users?
PowerShell
Get-ADUser -Filter {AccountExpirationDate -le $dateLimit} -Properties AccountExpirationDate
A$dateLimit = (Get-Date).AddDays(7); Get-ADUser -Filter {AccountExpirationDate -le '$dateLimit'} -Properties AccountExpirationDate
B$dateLimit = (Get-Date).AddDays(7); Get-ADUser -Filter {AccountExpirationDate -le $dateLimit} -Properties AccountExpirationDate
C$dateLimit = (Get-Date).AddDays(7); Get-ADUser -Filter 'AccountExpirationDate -le $dateLimit' -Properties AccountExpirationDate
D$dateLimit = (Get-Date).AddDays(7); Get-ADUser -Filter {AccountExpirationDate -lt (Get-Date).AddDays(7)} -Properties AccountExpirationDate
Attempts:
2 left
💡 Hint
Use a variable for the date and a script block filter.

Practice

(1/5)
1. Why is Active Directory (AD) management important for system administrators?
easy
A. It helps control user access to network resources.
B. It allows users to install any software they want.
C. It slows down network performance.
D. It removes all security settings automatically.

Solution

  1. Step 1: Understand AD's role in access control

    Active Directory manages who can access files, printers, and other resources on a network.

  2. Step 2: Recognize sysadmin responsibilities

    Sysadmins use AD to set permissions and keep the network secure and organized.

  3. Final Answer:

    It helps control user access to network resources. -> Option A

  4. Quick Check:

    AD controls access = A [OK]
Hint: AD controls access rights for users and devices [OK]
Common Mistakes:
  • Thinking AD slows down the network
  • Believing AD removes security settings
  • Assuming AD lets users install any software
2. Which PowerShell cmdlet is used to create a new Active Directory user?
easy
A. New-ADUser
B. Get-ADUser
C. Remove-ADUser
D. Set-ADGroup

Solution

  1. Step 1: Identify cmdlets for AD user management

    New-ADUser creates users, Get-ADUser retrieves users, Remove-ADUser deletes users, Set-ADGroup modifies groups.

  2. Step 2: Match cmdlet to creation task

    Creating a new user requires New-ADUser.

  3. Final Answer:

    New-ADUser -> Option A

  4. Quick Check:

    Create user cmdlet = New-ADUser [OK]
Hint: New-ADUser creates users; Get-ADUser only reads [OK]
Common Mistakes:
  • Using Get-ADUser to create users
  • Confusing Remove-ADUser with creation
  • Using Set-ADGroup for user creation
3. What will this PowerShell command output?
Get-ADUser -Filter 'Enabled -eq $true' | Select-Object -ExpandProperty Name
medium
A. List of all disabled user names
B. Error due to wrong filter syntax
C. List of all group names
D. List of all enabled user names

Solution

  1. Step 1: Understand the filter condition

    The filter 'Enabled -eq $true' selects only users whose Enabled property is true (active users).

  2. Step 2: Analyze the Select-Object usage

    Select-Object -ExpandProperty Name extracts just the user names from the results.

  3. Final Answer:

    List of all enabled user names -> Option D

  4. Quick Check:

    Filter enabled users = list names [OK]
Hint: Filter Enabled -eq $true lists active users only [OK]
Common Mistakes:
  • Thinking it lists disabled users
  • Assuming it returns groups instead of users
  • Believing the filter syntax causes error
4. Identify the error in this PowerShell snippet for disabling an AD user:
Disable-ADUser -Identity $userName
medium
A. The variable $userName must be a user object, not a string.
B. The parameter should be -UserName, not -Identity.
C. Disable-ADUser cmdlet does not exist.
D. The cmdlet requires the -Confirm parameter.

Solution

  1. Step 1: Check if Disable-ADUser exists

    There is no Disable-ADUser cmdlet in PowerShell AD module; disabling is done with Set-ADUser.

  2. Step 2: Correct method to disable user

    Use Set-ADUser -Identity $userName -Enabled $false to disable a user.

  3. Final Answer:

    Disable-ADUser cmdlet does not exist. -> Option C

  4. Quick Check:

    No Disable-ADUser cmdlet = A [OK]
Hint: Use Set-ADUser -Enabled $false to disable users [OK]
Common Mistakes:
  • Assuming Disable-ADUser cmdlet exists
  • Using wrong parameter names
  • Thinking -Confirm is mandatory
5. A sysadmin wants to automate disabling all inactive AD users who haven't logged in for 90 days. Which PowerShell approach is best?
hard
A. Use Get-ADGroupMember to find users and disable them.
B. Use Get-ADUser with -Filter on LastLogonDate, then pipe to Set-ADUser -Enabled $false.
C. Run Remove-ADUser on all users without checking last logon date.
D. Manually disable users one by one in Active Directory Users and Computers.

Solution

  1. Step 1: Identify how to find inactive users

    Get-ADUser can filter users by LastLogonDate to find those inactive for 90 days.

  2. Step 2: Automate disabling users

    Piping filtered users to Set-ADUser -Enabled $false disables them efficiently.

  3. Final Answer:

    Use Get-ADUser with -Filter on LastLogonDate, then pipe to Set-ADUser -Enabled $false. -> Option B

  4. Quick Check:

    Filter inactive users + disable = D [OK]
Hint: Filter inactive users by last logon, then disable in bulk [OK]
Common Mistakes:
  • Disabling users manually one by one
  • Removing users instead of disabling
  • Using group membership instead of last logon date