EmailRavikanth@Ravichaganti.com

Twitter@Ravikanth

Bloghttp://www.ravichaganti.com/blog

PowerShell for Managing Active Directory

Ravikanth C

EmailRavikanth@Ravichaganti.com

Twitter@Ravikanth

Bloghttp://www.ravichaganti.com/blog

About me Lead Engineer at Dell Windows PowerShell MVP Developer on several PowerShell projects on

Codeplex Author of

Free eBook: Layman’s guide to PowerShell 2.0 remoting

Co-author on Quest’s SharePoint 2010 & PowerShell cheat sheet

Blog at http://www.ravichaganti.com/blog Founder & editor of PowerShellFromIndia

More details on this soon

EmailRavikanth@Ravichaganti.com

Twitter@Ravikanth

Bloghttp://www.ravichaganti.com/blog

Giving away..Two copies (eBook) of Managing Active Directory with Windows PowerShell: TFM

Thanks to Sapien Press

One copy (eBook) of Windows PowerShell Cookbook

Thanks to O'Reilly Media

EmailRavikanth@Ravichaganti.com

Twitter@Ravikanth

Bloghttp://www.ravichaganti.com/blog

PowerShell for Active Directory [ADSI] adapter

In-box Windows Server 2008 R2 includes a

PowerShell module In-box

Quest Software ActiveRoles Management Shell Free download

Softerra Adaxes 2010.2 Commercial product

Idera Scripts for Active Directory Free; uses [ADSI]

EmailRavikanth@Ravichaganti.com

Twitter@Ravikanth

Bloghttp://www.ravichaganti.com/blog

PowerShell for Active Directory

Microsoft cmdlets Quest cmdlets

PowerShell 2.0 only

Require AD Management Gateway for managing pre-Windows 2008 R2 DC

Cannot manage local LDS

Cannot manage terminal services attributes

Version Independent

Support Windows 2003, 2008, and 2008 R2 DC management

Can manage local LDS

Can manage terminal services attributes

EmailRavikanth@Ravichaganti.com

Twitter@Ravikanth

Bloghttp://www.ravichaganti.com/blog

Microsoft cmdlets for Active Directory In-box from Windows Server 2008 R2 onwards Get enabled by

Installing AD DS or LDS server roles or Running DCPromo.exe or Installing RSAT on Windows Server 2008 R2 or

Windows 7 To access AD cmdlets

Start->Administrative Tools->Active Directory Module for Windows PowerShell or

Import-Module ActiveDirectory To list AD cmdlets

Get-Command -noun AD* or Get-Command –Module ActiveDirectory

EmailRavikanth@Ravichaganti.com

Twitter@Ravikanth

Bloghttp://www.ravichaganti.com/blog

Managing down level servers

• Requires AD Management Gateway Services

• AD PowerShell cmdlets & ADAC use AD web servicesto administer directory

• Available for Windows2003 R2 with SP22003 SP220082008 SP2

EmailRavikanth@Ravichaganti.com

Twitter@Ravikanth

Bloghttp://www.ravichaganti.com/blog

Microsoft cmdlets for Active Directory Cmdlets can be grouped under

Forests & Domains User & Computer accounts Groups Password Policies OU tasks Service Accounts Schema Tasks

EmailRavikanth@Ravichaganti.com

Twitter@Ravikanth

Bloghttp://www.ravichaganti.com/blog

Forest & Domains Get-ADForest Set-ADForest Set-ADForestMode Get-ADDomain Set-ADDomainMode

EmailRavikanth@Ravichaganti.com

Twitter@Ravikanth

Bloghttp://www.ravichaganti.com/blog

User Accounts Get-ADUser New-ADUser Set-ADUser Remove-ADUser Disable-ADAccount Enable-ADAccount Set-ADAccountExpiration Clear-ADAccountExpiration Set-ADAccountPassword Unlock-ADAccount

EmailRavikanth@Ravichaganti.com

Twitter@Ravikanth

Bloghttp://www.ravichaganti.com/blog

Groups Get-ADGroup New-ADGroup Set-ADGroup Remove-ADGroup Get-ADGroupMember Add-ADGroupMember Remove-ADGroupMember

EmailRavikanth@Ravichaganti.com

Twitter@Ravikanth

Bloghttp://www.ravichaganti.com/blog

OU tasks Get-ADOrganizationalUnit New- ADOrganizationalUnit

EmailRavikanth@Ravichaganti.com

Twitter@Ravikanth

Bloghttp://www.ravichaganti.com/blog

Service Accounts Get-ADServiceAccount New-ADServiceAccount Set-ADServiceAccount Install-ADServiceAccount Uninstall-ADServiceAccount Reset-ADServiceAccountPassword

EmailRavikanth@Ravichaganti.com

Twitter@Ravikanth

Bloghttp://www.ravichaganti.com/blog

AD Recycle Bin Enable AD Optional Feature: “Recycle Bin

Feature” This is an irreversible action

Restore-ADObject to restore deleted objects

EmailRavikanth@Ravichaganti.com

Twitter@Ravikanth

Bloghttp://www.ravichaganti.com/blog

Moving an AD Object Use Get-ADObject to get an instance Pipe it to Move-ADObject and specify new

location as a value to -TargetPath

EmailRavikanth@Ravichaganti.com

Twitter@Ravikanth

Bloghttp://www.ravichaganti.com/blog

Learning Resources – PowerShell for AD Cmdlet reference Book: Managing Active Directory with PowerShell:

TFM AD cmdlets quick reference guide Adaxes Cmdlets Quest Cmdlets Idera PowerShell Scripts ADMGS for down level servers

EmailRavikanth@Ravichaganti.com

Twitter@Ravikanth

Bloghttp://www.ravichaganti.com/blog

Learning resources - PowerShell Getting started guide PowerShell Learning center The scripting Guys blog PowerScripting Podcast PowerShell.com free online eBook

EmailRavikanth@Ravichaganti.com

Twitter@Ravikanth

Bloghttp://www.ravichaganti.com/blog

Q & A

Thanks