Download presentation
Presentation is loading. Please wait.
Published byAdelia Summers Modified over 9 years ago
1
Active Directory Administration (cmdlets) Microsoft Confidential1
2
AD (cmdlets) AD PowerShell Module named ActiveDirectory Self-contained package Consolidates a group of cmdlets Cmdlets used to manage one or multiple AD forests and domains AD Module | Overview 2 Microsoft Confidential
3
AD (cmdlets) Account User Computer Group OU Password Policy Default domain password policy Fine-grained password policy Forest & Domain DC & FSMO Optional Features AD Module | Purpose 3 Microsoft Confidential
4
AD (cmdlets) Cmdlets 4 Microsoft Confidential
5
AD (cmdlets) At least one 2008 R2 DC in the targeted domain OR A 2003 or 2008 DC running the Active Directory Management Gateway Service Client: Windows 7 or Windows Server 2008 R2 Windows 7: Remote Server Administration Tools + AD Module Feature Windows 2008 R2: AD Module via Add Features Wizard Import and use the AD module in a PowerShell session via the Import- Module cmdlet AD Module Prerequisites 5 Microsoft Confidential
6
AD (cmdlets) Active Directory Web Services 6 Microsoft Confidential Windows 2008 R2 ADWS Windows 7 RSAT AD Module Windows 7 RSAT AD Module
7
AD (cmdlets) Binding to AD DN is required to work with AD objects Cmdlets connect to local domain using current user credentials by default All 76 cmdlets have credential & server parameters To target other domains & specific servers Global Catalog connection possible using Port # Connecting To AD 7 Microsoft Confidential TIP:Do not hardcode DC names in scripts! (Use Domain FQDN to discover DC) Get-ADUser –filter * -server contoso.com:3268
8
AD (cmdlets) User Account Management | AD Cmdlets 8 Microsoft Confidential Create User New-ADUser –name benp -SamAccountName “benp" -GivenName “ben" -Surname “Pearce" -DisplayName “Ben Pearce" New-ADUser –name benp -SamAccountName “benp" -GivenName “ben" -Surname “Pearce" -DisplayName “Ben Pearce" Modify User Set-ADUser -Identity “benp" –Title “Engineer" Delete User Remove-ADUser benp Target Single AD Object Only! Enumerate User Enumerate User Get-ADUser -Filter * -Properties * Get-ADUser -Filter * ` -Properties *,msDS-ReplAttributeMetaData Get-ADUser -Filter * -Properties * Get-ADUser -Filter * ` -Properties *,msDS-ReplAttributeMetaData
9
AD (cmdlets) Computer Account Management | AD Cmdlets 9 Microsoft Confidential Find Stale Computer Accounts $OneYearAgo = (Get-Date).AddYears(-1) Get-ADComputer -Filter {LastLogonTimeStamp –lt` $OneYearAgo} | Disable-ADAccount $OneYearAgo = (Get-Date).AddYears(-1) Get-ADComputer -Filter {LastLogonTimeStamp –lt` $OneYearAgo} | Disable-ADAccount Computer Information Get-ADComputer -Filter * ` -property name,OperatingSystem,` OperatingSystemServicePack,OperatingSystemVersion ` | Out-GridView Get-ADComputer -Filter * ` -property name,OperatingSystem,` OperatingSystemServicePack,OperatingSystemVersion ` | Out-GridView
10
AD (cmdlets) Group Management | AD Cmdlets 10 Microsoft Confidential Populate Group $newGroup = New-ADGroup -name "IT" ` -Path "OU=Groups,DC=Contoso,DC=com" ` -GroupScope "Global" –passthru $ITUsers = Get-ADUser -filter {Department -eq "IT"} Add-ADGroupMember -Identity $newGroup -Members $ITUsers OR $ITUsers | Add-ADPrincipalGroupMembership -MemberOf "IT" $newGroup = New-ADGroup -name "IT" ` -Path "OU=Groups,DC=Contoso,DC=com" ` -GroupScope "Global" –passthru $ITUsers = Get-ADUser -filter {Department -eq "IT"} Add-ADGroupMember -Identity $newGroup -Members $ITUsers OR $ITUsers | Add-ADPrincipalGroupMembership -MemberOf "IT" Create Group New-ADGroup –name “Sales” ` -Path “OU=Groups,DC=Contoso,DC=com” ` -GroupScope “Global” ` -GroupCategory “Security” New-ADGroup –name “Sales” ` -Path “OU=Groups,DC=Contoso,DC=com” ` -GroupScope “Global” ` -GroupCategory “Security” To return group object Enumerate Group Get-ADGroupMember IT -Recursive Nested group membership
11
DEMO
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.