Using Microsoft's New AD PowerShell Cmdlets
In the past two weeks I have really started playing with the new AD PowerShell cmdlets from Microsoft. I am really glad these cmdlets are finally here. I will admit though, to get the working in my lab, it was not easy. I cant blame this though on the cmdlets themselves, as my problems stemmed from the fact that I don't have 64-bit virtualization capability yet in my own lab.
First I want to briefly explain what has to be in order to use the cmdlets:
- You must have the cmdlets themselves, they are part of the ActiveDirectory module for PowerShell v2. This module is a Windows Feature that can be installed on Windows 7, 2008, and 2008 R2. Life is super simple if you have a 2008 R2 Domain Controller, as you are good to go to import and use the module on that machine. When you promote an R2 server to a DC, I believe that the AD PowerShell Module Windows feature is installed automatically. For Windows 7 and 2008 (non R2), you need to install the latest RSAT (Remote Server Admin Tools) and then add the Windows Feature for the PowerShell AD Module.
- Once you have the module physically installed, you must import the module in your PowerShell v2 session. This is as simple as typing PS C:\> Import-Module ActiveDirectory
- You must have an Active Directory Web Service (ADWS) Implemented on at least one of your Domain Controllers. Any new 2008 R2 DC will have this new service. If you haven't yet deployed a 2008 R2 DC, then you can install the ADWS on a down-level DC by installing the Active Directory Management Gateway Service.
Once these three steps are in place you can then use the cmdlets. You can see the cmdlets a few ways, but perhaps the easiest is to do this: PS C:\> Get-Command -Module ActiveDirectory
By running the above cmdlet I found the following cmdlets:
Add-ADComputerServiceAccount
Add-ADDomainControllerPasswordReplicationPolicy
Add-ADFineGrainedPasswordPolicySubject
Add-ADGroupMember
Add-ADPrincipalGroupMembership
Clear-ADAccountExpiration
Disable-ADAccount
Disable-ADOptionalFeature
Enable-ADAccount
Enable-ADOptionalFeature
Get-ADAccountAuthorizationGroup
Get-ADAccountResultantPasswordReplicationPolicy
Get-ADComputer
Get-ADComputerServiceAccount
Get-ADDefaultDomainPasswordPolicy
Get-ADDomain
Get-ADDomainController
Get-ADDomainControllerPasswordReplicationPolicy
Get-ADDomainControllerPasswordReplicationPolicyUsage
Get-ADFineGrainedPasswordPolicy
Get-ADFineGrainedPasswordPolicySubject
Get-ADForest
Get-ADGroup
Get-ADGroupMember
Get-ADObject
Get-ADOptionalFeature
Get-ADOrganizationalUnit
Get-ADPrincipalGroupMembership
Get-ADRootDSE
Get-ADServiceAccount
Get-ADUser
Get-ADUserResultantPasswordPolicy
Install-ADServiceAccount
Move-ADDirectoryServer
Move-ADDirectoryServerOperationMasterRole
Move-ADObject
New-ADComputer
New-ADFineGrainedPasswordPolicy
New-ADGroup
New-ADObject
New-ADOrganizationalUnit
New-ADServiceAccount
New-ADUser
Remove-ADComputer
Remove-ADComputerServiceAccount
Remove-ADDomainControllerPasswordReplicationPolicy
Remove-ADFineGrainedPasswordPolicy
Remove-ADFineGrainedPasswordPolicySubject
Remove-ADGroup
Remove-ADGroupMember
Remove-ADObject
Remove-ADOrganizationalUnit
Remove-ADPrincipalGroupMembership
Remove-ADServiceAccount
Remove-ADUser
Rename-ADObject
Reset-ADServiceAccountPassword
Restore-ADObject
Search-ADAccount
Set-ADAccountControl
Set-ADAccountExpiration
Set-ADAccountPassword
Set-ADComputer
Set-ADDefaultDomainPasswordPolicy
Set-ADDomain
Set-ADDomainMode
Set-ADFineGrainedPasswordPolicy
Set-ADForest
Set-ADForestMode
Set-ADGroup
Set-ADObject
Set-ADOrganizationalUnit
Set-ADServiceAccount
Set-ADUser
Uninstall-ADServiceAccount
On the PowerShell Team Blog they posted a great write-up and a really nice graphic showing the cmdlets organized logically
I hope this is a short and sweet guide to help get the cmdlets working for you!
Комментариев нет:
Отправить комментарий