Jaa


Using Microsoft's New AD PowerShell Cmdlets

In the past two weeks I have really started playing with the new AD PowerShell cmdlets from Microsoft.  I am really glad these cmdlets are finally here.  I will admit though, to get them working in my lab, it was not easy.  I cant blame this though on the cmdlets themselves, as my problems stemmed from the fact that I don't have 64-bit virtualization capability yet in my own lab.

To use the cmdlets you need to deal with the following 3 steps:

  1. You must have the cmdlets themselves, they are part of the ActiveDirectory module for PowerShell v2.  This module is a Windows Feature that can be installed ONLY on Windows 7 and Windows Server 2008 R2.  Life is super simple if you have a 2008 R2 Domain Controller, as you are good to go to import and use the module on that machine.  When you promote an R2 server to a DC, the AD PowerShell Module Windows feature is installed automatically (if its not it’s the same checkbox you use on Windows 7).  For Windows 7, you need to install the latest RSAT (Remote Server Admin Tools) and then add the Windows Feature for the PowerShell AD Module.  It appears that if you cant use Windows Server 2008 R2 or Windows 7, then you can not leverage these cmdlets right now (this means Windows Server 2008 (non-R2) as well).
  2. Once you have the module physically installed, you must import the module in your PowerShell v2 session.  This is as simple as typing PS C:\> Import-Module ActiveDirectory
  3. You must have an Active Directory Web Service (ADWS) Implemented on at least one of your Domain Controllers.   Any new 2008 R2 DC will have this new service.  If you haven't yet deployed a 2008 R2 DC, then you can install the ADWS on a down-level DC by installing the Active Directory Management Gateway Service.

Once these three steps are in place you can then use the cmdlets.  You can see the cmdlets a few ways, but perhaps the easiest is to do this: PS C:\> Get-Command -Module ActiveDirectory

By running the above cmdlet I found the following cmdlets:

Add-ADComputerServiceAccount Add-ADDomainControllerPasswordReplicationPolicy Add-ADFineGrainedPasswordPolicySubject Add-ADGroupMember Add-ADPrincipalGroupMembership Clear-ADAccountExpiration Disable-ADAccount Disable-ADOptionalFeature Enable-ADAccount Enable-ADOptionalFeature Get-ADAccountAuthorizationGroup Get-ADAccountResultantPasswordReplicationPolicy Get-ADComputer Get-ADComputerServiceAccount Get-ADDefaultDomainPasswordPolicy Get-ADDomain Get-ADDomainController Get-ADDomainControllerPasswordReplicationPolicy Get-ADDomainControllerPasswordReplicationPolicyUsage Get-ADFineGrainedPasswordPolicy Get-ADFineGrainedPasswordPolicySubject Get-ADForest Get-ADGroup Get-ADGroupMember Get-ADObject Get-ADOptionalFeature Get-ADOrganizationalUnit Get-ADPrincipalGroupMembership Get-ADRootDSE Get-ADServiceAccount Get-ADUser Get-ADUserResultantPasswordPolicy Install-ADServiceAccount Move-ADDirectoryServer Move-ADDirectoryServerOperationMasterRole Move-ADObject New-ADComputer New-ADFineGrainedPasswordPolicy New-ADGroup New-ADObject New-ADOrganizationalUnit New-ADServiceAccount New-ADUser Remove-ADComputer Remove-ADComputerServiceAccount Remove-ADDomainControllerPasswordReplicationPolicy Remove-ADFineGrainedPasswordPolicy Remove-ADFineGrainedPasswordPolicySubject Remove-ADGroup Remove-ADGroupMember Remove-ADObject Remove-ADOrganizationalUnit Remove-ADPrincipalGroupMembership Remove-ADServiceAccount Remove-ADUser Rename-ADObject Reset-ADServiceAccountPassword Restore-ADObject Search-ADAccount Set-ADAccountControl Set-ADAccountExpiration Set-ADAccountPassword Set-ADComputer Set-ADDefaultDomainPasswordPolicy Set-ADDomain Set-ADDomainMode Set-ADFineGrainedPasswordPolicy Set-ADForest Set-ADForestMode Set-ADGroup Set-ADObject Set-ADOrganizationalUnit Set-ADServiceAccount Set-ADUser Uninstall-ADServiceAccount

 

On the PowerShell Team Blog they posted a great write-up and a really nice graphic showing the cmdlets organized logically

I hope this is a short and sweet guide to help get the cmdlets working for you!

-Gary Siepser

 

This posting is provided "AS IS" with no warranties, and confers no rights. Use of included script samples are subject to the terms specified at https://www.microsoft.com/info/cpyright.htm.