2. About me Lead Engineer at Dell Windows PowerShell MVP Developer on several PowerShell projects on Codeplex Author of Free eBook: Layman’s guide to PowerShell 2.0 remoting Co-author on Quest’s SharePoint 2010 & PowerShell cheat sheet Blog at http://www.ravichaganti.com/blog Founder & editor of PowerShellFromIndia More details on this soon
3. Giving away.. Two copies (eBook) of Managing Active Directory with Windows PowerShell: TFM Thanks to Sapien Press One copy (eBook) of Windows PowerShell Cookbook Thanks to O'Reilly Media
4. PowerShell for Active Directory [ADSI] adapter In-box Windows Server 2008 R2 includes a PowerShell module In-box Quest Software ActiveRoles Management Shell Free download Softerra Adaxes 2010.2 Commercial product Idera Scripts for Active Directory Free; uses [ADSI]
5. PowerShell for Active Directory Microsoft cmdlets Quest cmdlets PowerShell 2.0 only Require AD Management Gateway for managing pre-Windows 2008 R2 DC Cannot manage local LDS Cannot manage terminal services attributes Version Independent Support Windows 2003, 2008, and 2008 R2 DC management Can manage local LDS Can manage terminal services attributes
6. Microsoft cmdlets for Active Directory In-box from Windows Server 2008 R2 onwards Get enabled by Installing AD DS or LDS server roles or Running DCPromo.exe or Installing RSAT on Windows Server 2008 R2 or Windows 7 To access AD cmdlets Start->Administrative Tools->Active Directory Module for Windows PowerShell or Import-Module ActiveDirectory To list AD cmdlets Get-Command -noun AD* or Get-Command –Module ActiveDirectory
14. Service Accounts Get-ADServiceAccount New-ADServiceAccount Set-ADServiceAccount Install-ADServiceAccount Uninstall-ADServiceAccount Reset-ADServiceAccountPassword
15. AD Recycle Bin Enable AD Optional Feature: “Recycle Bin Feature” This is an irreversible action Restore-ADObject to restore deleted objects
16. Moving an AD Object Use Get-ADObject to get an instance Pipe it to Move-ADObject and specify new location as a value to -TargetPath
17. Learning Resources – PowerShell for AD Cmdlet reference Book: Managing Active Directory with PowerShell: TFM AD cmdlets quick reference guide Adaxes Cmdlets Quest Cmdlets Idera PowerShell Scripts ADMGS for down level servers
18. Learning resources - PowerShell Getting started guide PowerShell Learning center The scripting Guys blog PowerScripting Podcast PowerShell.com free online eBook
$users = [ADSI]"LDAP://cn=users,dc=barcamp,dc=in“[ADSI] can get quite verbose as we start doing advanced tasks
Get-ADForest BarCamp.inGet-ADForest –Current LoggedOnUserGet-ADForest –Current LocalComputerSet-ADForest can be used to change Authentication Type, UPNSuffixes and SPNSuffixe (Default is negotiate. Basic requires SSL)Set-ADForestMode changes the forest functional mode.Set-ADForestMode -Identity BarCamp.in -ForestMode Windows2008R2ForestPossible values for this parameter are: Windows2000Forest or 0 Windows2003InterimForest or 1 Windows2003Forest or 2 Windows2008Forest or 3 Windows2008R2Forest or 4Get-ADDomain BarCamp.in(Get-AdDomain).DomainModeSet-AdDomainMode –DomainMode Windows2008R2DomainWindows2000Domain or 0Windows2003InterimDomain or 1Windows2003Domain or 2Windows2008Domain or 3Windows2008R2Domain or 4
#To Get specific user detailsGet-ADUser –Identity “Ravikanth”#To filter by UserNameGet-ADUser –Filter ‘Name –like ‘Ravi*’”#To filter from a selected OUGet-ADUser -Filter * -SearchBase "CN=Users,DC=BarCamp,DC=in“#To see additional properties than the default setGet-ADUser –Filter ‘Name –like ‘Admin*’” –Properties Description#To see all propertiesGet-AdUser "Ravikanth" -Properties *New-ADUser-Name “Bill Gates" -SamAccountName“BillG" -GivenName“Bill" -Surname “Gates" -DisplayName“Bill Gates" -Path ‘CN=Users,DC=BarCamp,DC=in' -OtherAttributes@{'Title'=“God at Microsoft"} -AccountPassword (Read-Host -AsSecureString"AccountPassword") -Enabled $true#Change user propertiesSet-ADUser Ravikanth -City Bangalore -Replace @{title="PowerShell MVP";Description="Is a part of Domain Users"}Set-ADUser Ravikanth -Clear Description#Remove UserAccountRemove-ADUser "Rchaganti”#Disable AccountDisable-ADAccount -Identity Ravikanth#Enable AccountEnable-ADAccount -Identity Ravikanth#Set account Expiry dateSet-ADAccountExpiration -Identity Ravikanth -DateTime "12/31/2010"#Clear Account ExpiryClear-ADAccountExpiration -Identity Ravikanth#Set Account PasswordSet-ADAccountPassword -Identity Ravikanth ` -Reset -NewPassword (ConvertTo-SecureString -AsPlainText "Warri0r@" -Force)#Unlock AccountUnlock-ADAccount Ravikanth
#Get AD GroupGet-ADGroupDomainUsersGet-ADGroup -Filter *#New AD GroupNew-ADGroup -Name "Bitpro" -SamAccountName "Bitpro" -GroupScope Global -Path "DC=BarCamp,DC=in“#Remove-ADGroupRemove-ADGroup -Identity BITPro -Confirm#Get AD Group memberGet-ADGroupMember -Identity Administrators#Add a user to groupAdd-ADGroupMember -Identity DemoUsers -Members Ravikanth#Remove group membersRemove-ADGroupMember -Identity DemoUsers -Members Ravikanth
#Get-ADServiceAccountGet-ADServiceAccount -Filter *#New AD Service AccountNew-ADServiceAccount -Name DemoService -DisplayName "Demo Service Account" ` -Path "OU=DEMOOU,DC=BarCamp,DC=in" ` -AccountPassword (ConvertTo-SecureString -AsPlainText "Warri0r@" -Force)#remove AD Service AccountRemove-ADServiceAccountDemoService#Install AD Service AccountInstall-ADServiceAccountDemoService#UnInstall AD Service AccountUnInstall-ADServiceAccountDemoService#Reset AD Service AccountPasswordReset-ADServiceAccountPassword -Identity DemoService
#Enable Recycle BinEnable-ADOptionalFeature 'Recycle Bin Feature' -Scope ForestOrConfigurationSet -Target 'BarCamp.in'#Restore AD Object from recycle binGet-ADObject -Filter 'samaccountname -eq "rchaganti"' -IncludeDeletedObjectsGet-ADObject -Filter 'samaccountname -eq "rchaganti"' -IncludeDeletedObjects | Restore-ADObject