Active Directory PowerShell Module

The Good news there will be better support for Active Directory scripting using Windows Powershell (2.0)
The Bad news, at the time of writing, you will probably have to wait some time before you can use this in production,
because it’s only possible from a 2008R2 or a Windows-7 machine:
‘You can install Active Directory PowerShell by using any of the following methods:
By default, on a Windows Server 2008 R2 server when you install the AD DS or AD LDS server roles
By default, when you make a Windows Server 2008 R2 server a domain controller by running Dcpromo.exe
As part of the RSAT feature on a Windows Server 2008 R2 server
As part of the RSAT feature on a Windows 7 computer’
And also important:
‘If you want to use Active Directory PowerShell in Windows 7 to remotely manage an Active Directory domain, an AD LDS instance or configuration set, or an Active Directory Database Mounting Tool instance, you must have at least one Windows Server 2008 R2 domain controller in your domain or at least one instance in an AD LDS configuration set that is running on a Windows Server 2008 R2 server.’
‘For Active Directory PowerShell to function correctly, Windows PowerShell and the .NET Framework 3.5.1 must be installed on your Windows Server 2008 R2 or Windows 7 computer.’
(This probably has to do with the dependancy of the AD Module on the ‘Active Directory WebServices’ Service that exists in Win2008R2 and
serves as an interface between PowerShell and AD or AD LDS)

Anyhow it looks promising,

I’m posting a few examples, based on the Active Directory PowerShell Cookbook at:

There’s also an Active Directory PSDrive that you can access in the standard Powershell way,
you can access it like in following example:
New-PSDrive -Name ADDrive -PSProvider ActiveDirectory -Root "DC=lab,DC=net"
cd ADDrive:
cd ou=yourOUhere
I’m also posting some examples below that sound useful to me as I’ve needed similar things in the past and had to use a variety
of 3rd party tools and VBscripts. Those can now (or at least when W2K8R2/Windows Seven are mainstream) be replaced with mostly oneliner
Powershell code!
#Create a new Active Directory user
New-ADUser -SamAccountName Johnny -Name "Johnny" -AccountPassword (ConvertTo-SecureString -AsPlainText "p@ssw0rd" -Force) -Enabled $true -Path ‘OU=sandbox,DC=lab2,DC=int’
#Search for locked out accounts
Search-ADAccount -LockedOut | where {$_.ObjectClass -eq ‘user’}
#Resetting a Computer Account
Test-ComputerSecureChannel -Repair -Server
#Finding Inactive or Unused Computers
$lastSetdate = [DateTime]::Now – [TimeSpan]::Parse("45")
Get-ADComputer -Filter {PasswordLastSet -le $lastSetdate} -Properties passwordLastSet -ResultSetSize $null | FT samaccountname,PasswordLastSet
#Changing the Maximum Number of Computers That a User Can Join to the Domain
Set-ADDomain -Replace @{"ms-ds-MachineAccountQuota"="2"}’
#Finding Computers with a Particular Operating System
Get-ADComputer -Filter ‘OperatingSystem -eq "Windows Server 2008 Enterprise"’
#Listing All the Computer Accounts in a Domain
Get-ADcomputer -Filter ‘Name -like "*"’
#Viewing the Direct Members of a Group
Get-ADGroupMember G1 | FT Name,ObjectClass -A
#Adding and Removing Members of a Group
Add-ADGroupMember -Identity AccGroup -Member Johnny
#Remove member from a Group
Remove-ADGroupMember -Identity AccGroup -Member Johnny
#Enumerating the OUs in a Domain
Get-ADOrganizationalUnit -Filter {Name -like ‘*’} | FT Name, DistinguishedName -A
#Enumerating the Objects in an OU
Get-ADObject -Filter ‘Name -like "*"’ -Searchbase ‘OU=myusers,DC=lab,DC=local’
#Viewing the RootDSE
#Viewing the Trusts for a Domain
Get-ADObject -Filter {objectClass -eq "trustedDomain"} -Properties TrustPartner,TrustDirection,trustType | FT Name,TrustPartner,TrustDirection,TrustType
#Finding the Operations Master Role Holders
Get-ADForest | FT SchemaMaster,DomainNamingMaster
Get-ADDomain | FT PDCEmulator,RIDMaster,InfrastructureMaster
 And there are a large number of additional Active Directory cmdlets available, have fun trying them!





Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s