Share via

Windows 2008 R2: Managing AD LDS using the AD PowerShell Module

  • Article

Hello it’s LaNae again. Now that Windows 2008 R2 is available we get to use the coolness of PowerShell with AD LDS. When you install the AD LDS role on a Windows 2008 R2 server it will also install the AD PowerShell module.

Unfortunately the documentation in the help files for each cmdlet does not give an example of what the syntax would be for AD LDS. You can find a list of the cmdlets in the “What’s New in AD DS: Active Directory Module for Windows PowerShell” located at

https://technet.microsoft.com/en-us/library/dd378783(WS.10).aspx

Active Directory Cmdlets used with AD LDS

Below you will find a list of Active Directory cmdlets as well as the syntax that can be used to manage AD LDS instances.

Enable-ADOptionalFeature: Enable an optional feature.

Example: Enable-ADOptionalFeature “Recycle Bin Feature” –server servername:port –scope ForestorConfigurationSet –target “CN=Configuration,CN={GUID}”

Get-ADObject: Gets one or more AD LDS objects.

Example: Get-ADObject -filter ‘objectclass -eq "user"’ -searchbase 'partition DN' -server servername:port - properties DistinguishedName | FT Name, DistinguishedName –A

image

Get-ADOrganizationalUnit: Gets one or more AD LDS OUs

Example: Get-ADOrganizationalUnit -Filter {Name -Like '*'} -searchbase "partition DN" -server 'servername:port' - AuthType Negotiate | FT Name, DistinguishedName –A

image

Get-ADUser: Gets one or more AD LDS users

Example: Get-ADUser -Filter 'Name -like "*"' -searchbase "partition DN” -server 'servername:port'

image

Get-ADGroup: Gets one or more AD LDS groups

Example: Get-ADGroup' -Filter 'Name -like "*"' -searchbase "DN of partition to search" -server 'servername:port'

image

Get-ADGroupMember: Gets the members of an AD LDS group

Example: Get-ADGroupMember -identity 'DN of group' -server 'servername:port' -partition "DN of partition where group resides" | FT Name,DistinguishedName -A

image

New-ADGroup: Creates a new AD LDS group

Example: New-ADGroup -Name "groupname" -server 'servername:port' -GroupCategory Security -GroupScope Global -DisplayName "group display name" -path "DN where new group will reside"

image

New-ADUser: Creates a new AD LDS user

Example: New-ADUser -name "username" -Displayname "Display Name" -server 'servername:port' -path "DN of where the new user will reside"

image

ADD-ADGroupMember: Adds an AD LDS user to a group

Example: Add-ADGroupMember -identity "DN of group" -member "DN of user" -partition "DN of partition where group resides"

image

New-ADOrganizationalUnit: Creates a new AD LDS OU

Example: New-ADOrganizationalUnit -name "OU Name" -server 'servername:port' -path "DN of OU location"

image

Remove-ADGroup: Removes an AD LDS group

Example: Remove-ADGroup 'SID of Group' -server 'servername:portnumber' -partition "partition where group resides"

image

Remove-ADGroupMember: Removes an AD LDS user from a group.

Example: Remove-ADGroupMember -identity "DN of group" -member "DN of user" -server 'servername:port' -partition "DN of partition where group resides"

image

Remove-ADOrganizationalUnit: Deletes an OU in AD LDS

Example: Remove-ADOrganizationalUnit -identity "DN of OU" -recursive -server 'servername:port' -partition "DN of partition where OU resides"

image

Remove-ADUser: Deletes a user from AD LDS

Example: Remove-ADUser -identity "DN of user" -server 'servername:port' -partition "DN of partition where user resides"

image

-LaNae Wade

Comments

  • Anonymous
    August 10, 2015
    I know this post is old, but the graphic under ADD-ADGroupMember is a GET-ADGroupMember image and not ADD-ADGroupMember.