It handle the password in a secure way. Look at this as a template and do the necessary changes.
By doing this programmatically you can give multiple users or group(s) the right to add or remove users from an AD group. If you do this in ADUC you can only give the user you set as ‘Managed by’ the permissions.
There is no Get-GPLink cmdlet, but this script will help you. https://github.com/GoateePFE/GPLinkReport
The complete list
How you can add the recovery password to AD after the disk has been encrypted
http://blog.jocha.se/tech/remove-orphaned-admx-gpo-values Example: 1Remove-GPRegistryValue -Name "My Group Policy" -key "HKLM\Software\Policies\Microsoft\Windows\Skydrive" -ValueName DisableFileSync
Run gpedit.msc (Local Group Policy Editor) Next navigate to Computer Configuration\Administrative Templates\Windows Components\OneDrive. In the right panel, double click Prevent the usage of OneDrive for File Storage. Set it to Disable
Analyzing Microsoft’s 2016 security reports reveals that 94% of critical vulnerabilities could easily be mitigated http://news.softpedia.com/news/most-of-microsoft-s-critical-vulnerabilities-solved-by-removing-admin-rights-513202.shtml
Have a look at this tool from Sysinternal https://technet.microsoft.com/en-us/sysinternals/ff700229.aspx