-->
ADPowershell is available starting Windows Server 2008 R2. To play with AD Powershell cmdlets, you must have at least one Windows Server 2008 R2 domain controller (DC) in your domain.
Installing AD Powershell module:
Cannot Install Windows Azure AD Module For PowerShell On Windows 8 & 2012 Installing the Windows Azure AD module for managing Office 365 goes fine when the workstation is Windows 7. But, you will be in for a surprise if you try to install the module on Windows 8 or 2012. Once the installation is complete, navigate to the Control Panel and select Programs and Features, and click Remote Server Administration Tools. Select AD DS and AD LDS Tools and then select Active Directory Module for Windows PowerShell. Open a PowerShell prompt and type PS C: Get-Module –ListAvailable.
On a Windows Server 2008 R2 box, open an elevated Powershell console window (powershell.exe) and run the following commands:
PS C:> import-module servermanager PS C:> Add-WindowsFeature -Name 'RSAT-AD-PowerShell' -IncludeAllSubFeature
NOTE: AD Powershell module is installed by default on a DC.
Loading AD Powershell module:
Open a Powershell console window and type
PS C:> import-module activedirectory
Active Directory PSDrive:
If the machine is joined to a domain then a default drive named AD: is created. You can CD into this drive and use all the regular file system commands to navigate the directory. The paths are in X500 format.
PS C:> cd AD:PS AD:> PS AD:> dir…PS AD:> cd 'DC=fabrikam,DC=com'PS AD:DC=fabrikam,DC=com> md 'OU=myNewOU'… PS AD:DC=fabrikam,DC=com> del 'OU=myNewOU'
If you want to create a new drive connected to another domain/forest or use the more readable canonical path format, type:
PS C:> New-PSDrive -PSProvider ActiveDirectory -Server 'contoso.fabrikam.com' -Credential 'ContosoAdministrator' -Root ' -Name Contoso -FormatType Canonical``… PS C:> cd Contoso:PS Contoso:> dir | ft CanonicalName… PS Contoso:> cd 'contoso.fabrikam.com/'
Getting cmdlet list, help and examples:
Powershell uses verb-noun name-pair format to name cmdlets. For example:
New-ADGroupGet-ADDomain
To get a list of AD cmdlets type
PS AD:> get-help *-AD*PS AD:> get-help New-AD* ## would list all the cmdlets that create new AD objects
To get more info on a specific cmdlet or read examples, type
PS AD:> get-help set-aduser -detailedPS AD:> get-help get-aduser -examples
Tips: You can use the tab completion feature of Powershell to complete cmdlet names or parameter names. For example after entering the Verb- part of a cmdlet name you can hit <TAB> key to cycle through all of the nouns available for that verb.
Common tasks:
Here are some examples of commonly performed tasks using AD cmdlets:
PS C:> New-ADUser –Name 'John Smith' –SamAccountName JohnS –DisplayName 'John Smith' –Title 'Account Manager' –Enabled $true –ChangePasswordAtLogon $true -AccountPassword (ConvertTo-SecureString 'p@ssw0rd' -AsPlainText -force) -PassThru
PS C:> New-ADGroup -Name 'Account Managers' -SamAccountName AcctMgrs -GroupScope Global -GroupCategory Security -Description 'Account Managers Group' –PassThru
PS C:> New-ADOrganizationalUnit -Name AccountsDepartment -ProtectedFromAccidentalDeletion $true -PassThru
PS C:> Get-ADUser -Filter { name –like 'john*' } ## Gets all the users whose name starts with John
PS C:> Add-ADGroupMember -Identity AcctMgrs -Members JohnS
PS C:> Get-ADGroupMember -Identity AcctMgrs
PS C:> Get-ADPrincipalGroupMembership -Identity JohnS ## Gets all the groups in which the specified account is a direct member.
PS C:> Get-ADAccountAuthorizationGroup -Identity JohnS ## Gets the token groups of an account
PS C:> Unlock-ADAccount -Identity JohnS
PS C:> Get-ADForest -Current LocalComputer
PS C:> Get-ADDomain -Current LoggedOnUser
PS C:> Get-ADDomainController -Filter { name -like '*' } ## Gets all the DCs in the current domain
What next?
In the next post we will give an overview of Active Directory Powershell and talk about various cmdlets we provide in this release.
Enjoy!
Swami
Swami
--
Swaminathan Pattabiraman [MSFT]
Developer – Active Directory Powershell Team
Swaminathan Pattabiraman [MSFT]
Developer – Active Directory Powershell Team