Something Microsoft missed out on in Powershell v1 was active directory cmdlet, however for v1 Quest came to the rescue with their AD commands available free at http://www.quest.com/powershell/activeroles-server.aspx. Now for the release of Windows Server 2008r2 the Active Directory guys have finally developed full set of cmdlets in a module for working with Active Directory out of the box. Once Active Directory is installed onto a 2008R2 Domain Controller you will be able to do either “Import-Module ActiveDirectory” or you can just load from the shortcut in the Administrative Tools area on the start menu (but this is something you will want every day if your an AD Admin so right click the shortcut and say ‘pin to taskbar’. Or if you want to manage your servers from your workstation you’ll require the Remote Server Administration Tools for Windows 7. Which ever way you enter you will need to know what to do when you get in – below is a poster for your bedroom wall (or somewhere more useful) with your day to day commands, the image will link you to the Active Driectory Powershell Blog from where you can download it.
So, Let get started… Once you are in powershell and have the ActiveDirectory module loaded type “Get-PSDrive” and you will see AD as one of the options – Yes this means you can “Set-Location AD:” and work your way through just like it was Windows Explorer (Thank you MS). When you get the prompt of “PS AD:\>” try Dir and see where you can go.
As my server is just a test domain awaiting expansion my FQ domain name is just called Forest.Local . To get into my active Directory I would just type “Set-Location ‘\DC=Forest,DC=Local’”. Dir again and you will see your OU’s and Containers and you can keep going though using the Set-Location command or its’ alias CD to navigate to where you want to go. If you go “Set-Location .\CN=Users" you can then try out some of the new cmdlets such as New-ADUser, Get-ADUser, Remove-ADUser – should all be self explanatory what they do (in case you’re wondering though New-ADUser will create a user, Get-ADUser will get you the users info of a specified user, and Remove-ADUser will Remove the users), if you need to know more use the Get-Help command.
The same applies to ADComputer, ADGoup, ADOrganisationalUnit, Etc. This should cover you for all basic tasks you want to carry out in Active Directory from Powershell.
Something to be aware of is when you are using the Set-Location cmdlet you will need to know whether you are going to a container (CN) or OrganisationalUnit (OU) and when navigation to the domain you will need the DC.
You can tell what you need by using dir or the cmdlet Get-ChildItem and looking at the DistinguishedName. So for my domain I start with “Set-Location ‘\DC=Forest,DC=Local’” then from there you can go into a container with “Set-Location .\CN=Users", go back up a level with “Set-Location ..”, and go into an Organisational Unit with “Set-Location .\OU=MyOrgUnit”
I know this is very basic stuff but it’ll get you by if you’re just starting out, so I hope it was a valuable read for someone.
Thanks for reading and please leave feedback,
Dave