PowerShell is very useful for automating Active Directory. It allows to quickly and relatively easy automate mundane actions or perform same operations with many objects.
PowerShell provides very broad set of methods to work with Active Directory. There is some of them:
In this article provided examples of using ADSI adapter and .NET classes. This is not an easiest method, but sometimes you just need it. For example if you working in organization that uses old operating system for domain controllers (not 2008R2+), and you cannot install any additional software on controllers or servers, but need to work with Active Directory in your script.
Receiving an object representation of Active Directory object.
This method requires knowledge of object's LDAP path.
Filter property of the Searcher object uses standard LDAP query syntax . You can also use FindOne() method to receive just first found object.
Setting "Password never expire" attribute on user object
This property unlike many other properties of AD object are contained in bitmask attribute UserAccountControl (not related in any way with User Account Control feature of Windows). To set it you need to retrieve current value of this attribute and use binary OR operation (-bor) to calculate new value.
Members of the group are contained as Distinguished Names in Member array property of a group. To get objects representing the members one need to get contents of this property and create ADSI objects from them.