Skip Links

Network World

Introducing the Active Directory Module for Windows PowerShell

By John Policelli on Tue, 05/26/09 - 4:00pm.

Windows Server 2008 R2 includes an Active Directory Module for Windows PowerShell. This new feature enables you to perform Active Directory administrative tasks by using Windows PowerShell.

Let’s take a closer look at the Active Directory Module for Windows PowerShell

Overview

The Release Candidate (build 7100) of Windows Server 2008 R2 includes 76 cmdlets with the Active Directory Module for Windows PowerShell. A full list of the cmdlets can be found by going to: http://technet.microsoft.com/en-us/library/dd378783.aspx. You can also get a full list of cmdlets by launching the Active Directory Module for Windows PowerShell and typing Get-Command *-AD*

The Active Directory Module for Windows PowerShell installs the following features by default:

  • Windows PowerShell
  • Microsoft .Net Framework 3.5.1

If you plan to use RSAT on Windows 7 to manage an AD DS domain, an AD LDS instance or configuration set, or an Active Directory Database Mounting Tool instance by using the Active Directory Module for Windows PowerShell, you must have at least one Windows Server 2008 R2 domain controller in your domain or at least one instance in an AD LDS configuration set that is running on a Windows Server 2008 R2 server.

If you want to use the Active Directory Module to manage an Active Directory domain, an AD LDS instance or configuration set, or an Active Directory Database Mounting Tool instance, the Windows Server 2008 R2 Active Directory Web Services (ADWS) service must be installed on at least one domain controller in this domain or on one server that hosts your AD LDS instance.

The Active Directory Module for Windows PowerShell can be installed on the following editions of Windows:

  • Windows Server 2008 R2 Standard
  • Windows Server 2008 R2 Enterprise
  • Windows Server 2008 R2 Datacenter
  • Windows 7

List of Active Directory Module for Windows PowerShell cmdlets

The following is a list of cmdlets included with the Active Directory Module for Windows PowerShell, categorized by the type of action the cmdlets perform:

Retrieve Information

  • Get-ADAccountAuthorizationGroup
  • Get-ADAccountResultantPasswordReplicationPolicy
  • Get-ADComputer
  • Get-ADComputerServiceAccount
  • Get-ADDefaultDomainPasswordPolicy
  • Get-ADDomain
  • Get-ADDomainController
  • Get-ADDomainControllerPasswordReplicationPolicy
  • Get-ADDomainControllerPasswordReplicationPolicyUsage
  • Get-ADFineGrainedPasswordPolicy
  • Get-ADFineGrainedPasswordPolicySubject
  • Get-ADForest
  • Get-ADGroup
  • Get-ADGroupMember
  • Get-ADObject
  • Get-ADOptionalFeature
  • Get-ADOrganizationalUnit
  • Get-ADPrincipalGroupMembership
  • Get-ADRootDSE
  • Get-ADServiceAccount
  • Get-ADUser
  • Get-ADUserResultantPasswordPolicy

Create Objects

  • New-ADComputer
  • New-ADFineGrainedPasswordPolicy
  • New-ADGroup
  • New-ADObject
  • New-ADOrganizationalUnit
  • New-ADServiceAccount
  • New-ADUser

Delete Objects

  • Remove-ADComputer
  • Remove-ADComputerServiceAccount
  • Remove-ADDomainControllerPasswordReplicationPolicy
  • Remove-ADFineGrainedPasswordPolicy
  • Remove-ADFineGrainedPasswordPolicySubject
  • Remove-ADGroup
  • Remove-ADGroupMember
  • Remove-ADObject
  • Remove-ADOrganizationalUnit
  • Remove-ADPrincipalGroupMembership
  • Remove-ADServiceAccount
  • Remove-ADUser

Set Properties

  • Set-ADAccountControl
  • Set-ADAccountExpiration
  • Set-ADAccountPassword
  • Set-ADComputer
  • Set-ADDefaultDomainPasswordPolicy
  • Set-ADDomain
  • Set-ADDomainMode
  • Set-ADFineGrainedPasswordPolicy
  • Set-ADForest
  • Set-ADForestMode
  • Set-ADGroup
  • Set-ADObject
  • Set-ADOrganizationalUnit
  • Set-ADServiceAccount
  • Set-ADUser

Add Objects

  • Add-ADComputerServiceAccount
  • Add-ADDomainControllerPasswordReplicationPolicy
  • Add-ADFineGrainedPasswordPolicySubject
  • Add-ADGroupMember
  • Add-ADPrincipalGroupMembership

Disable Objects and Features

  • Disable-ADAccount
  • Disable-ADOptionalFeature

Enable Objects and Features

  • Enable-ADAccount
  • Enable-ADOptionalFeature

Move Objects

  • Move-ADDirectoryServer
  • Move-ADDirectoryServerOperationMasterRole
  • Move-ADObject

Rename Objects

  • Rename-ADObject

Reset Objects

  • Reset-ADServiceAccountPassword

Restore Objects

  • Restore-ADObject

Search

  • Search-ADAccount

Uninstall

  • Uninstall-ADServiceAccount

Unlock

  • Unlock-ADAccount

Clear

  • Clear-ADAccountExpiration

Install

  • Install-ADServiceAccount

Wrapping Up

As you can see, Microsoft has invested in Windows PowerShell for Active Directory command-line management. The Active Directory Module for Windows PowerShell includes a number of useful and powerful cmdlets, which ultimately make it easier to manage Active Directory from the command line. I will be adding additional posts to this blog in the coming weeks to demonstrate the Active Directory Module for Windows PowerShell

About Microsoft Identity and AD

John Policelli (Microsoft MVP for Directory Services, MCTS, MCSA, ITSM, iNet+, Network+, and A+) is a solutions-focused IT consultant with over a decade of combined success in architecture, security, strategic planning, and disaster recovery planning. John has designed and implemented dozens of complex directory service, e-Messaging, web, networking, and security enterprise solutions.

John has spent the past nine years focused on Identity and Access Management and providing thought leadership for some of the largest installations of Active Directory in Canada. He has been involved as an author, technical reviewer, and subject matter expert for over 50 training, exam writing, press, and whitepaper projects related to Windows Server 2008 Identity and Access Management, networking, and collaboration.

John’s was awarded the Microsoft Most Valuable Professional designation in the Directory Services technical expertise in 2008 and 2009. John’s MVP profile can be read here.

John's is the co-author of MCITP Self-Paced Training Kit (Exam 70-647): Windows Server Enterprise Administration. His latest book Active Directory Domain Services 2008 How-To has been selected as Microsoft Subnet's June, 2009, book giveaway.

To enter to win a copy of the book-of-the-month book giveway, visit the Microsoft Subnet home page.

Read a free chapter from Active Directory Domain Services 2008 How-To hosted by Microsoft Subnet.

 

Most Discussed Posts

Blog Roll
John Policelli's personal blog
http://policelli.com/blog/