Introducing the Active Directory Module for Windows PowerShell

Windows Server 2008 R2 includes an Active Directory Module for Windows PowerShell. This new feature enables you to perform Active Directory administrative tasks by using Windows PowerShell.

Let’s take a closer look at the Active Directory Module for Windows PowerShell

Overview

The Release Candidate (build 7100) of Windows Server 2008 R2 includes 76 cmdlets with the Active Directory Module for Windows PowerShell. A full list of the cmdlets can be found by going to: http://technet.microsoft.com/en-us/library/dd378783.aspx. You can also get a full list of cmdlets by launching the Active Directory Module for Windows PowerShell and typing Get-Command *-AD*

The Active Directory Module for Windows PowerShell installs the following features by default:

  • Windows PowerShell
  • Microsoft .Net Framework 3.5.1

If you plan to use RSAT on Windows 7 to manage an AD DS domain, an AD LDS instance or configuration set, or an Active Directory Database Mounting Tool instance by using the Active Directory Module for Windows PowerShell, you must have at least one Windows Server 2008 R2 domain controller in your domain or at least one instance in an AD LDS configuration set that is running on a Windows Server 2008 R2 server.

If you want to use the Active Directory Module to manage an Active Directory domain, an AD LDS instance or configuration set, or an Active Directory Database Mounting Tool instance, the Windows Server 2008 R2 Active Directory Web Services (ADWS) service must be installed on at least one domain controller in this domain or on one server that hosts your AD LDS instance.

The Active Directory Module for Windows PowerShell can be installed on the following editions of Windows:

  • Windows Server 2008 R2 Standard
  • Windows Server 2008 R2 Enterprise
  • Windows Server 2008 R2 Datacenter
  • Windows 7

List of Active Directory Module for Windows PowerShell cmdlets

The following is a list of cmdlets included with the Active Directory Module for Windows PowerShell, categorized by the type of action the cmdlets perform:

Retrieve Information

  • Get-ADAccountAuthorizationGroup
  • Get-ADAccountResultantPasswordReplicationPolicy
  • Get-ADComputer
  • Get-ADComputerServiceAccount
  • Get-ADDefaultDomainPasswordPolicy
  • Get-ADDomain
  • Get-ADDomainController
  • Get-ADDomainControllerPasswordReplicationPolicy
  • Get-ADDomainControllerPasswordReplicationPolicyUsage
  • Get-ADFineGrainedPasswordPolicy
  • Get-ADFineGrainedPasswordPolicySubject
  • Get-ADForest
  • Get-ADGroup
  • Get-ADGroupMember
  • Get-ADObject
  • Get-ADOptionalFeature
  • Get-ADOrganizationalUnit
  • Get-ADPrincipalGroupMembership
  • Get-ADRootDSE
  • Get-ADServiceAccount
  • Get-ADUser
  • Get-ADUserResultantPasswordPolicy

Create Objects

  • New-ADComputer
  • New-ADFineGrainedPasswordPolicy
  • New-ADGroup
  • New-ADObject
  • New-ADOrganizationalUnit
  • New-ADServiceAccount
  • New-ADUser

Delete Objects

  • Remove-ADComputer
  • Remove-ADComputerServiceAccount
  • Remove-ADDomainControllerPasswordReplicationPolicy
  • Remove-ADFineGrainedPasswordPolicy
  • Remove-ADFineGrainedPasswordPolicySubject
  • Remove-ADGroup
  • Remove-ADGroupMember
  • Remove-ADObject
  • Remove-ADOrganizationalUnit
  • Remove-ADPrincipalGroupMembership
  • Remove-ADServiceAccount
  • Remove-ADUser

Set Properties

  • Set-ADAccountControl
  • Set-ADAccountExpiration
  • Set-ADAccountPassword
  • Set-ADComputer
  • Set-ADDefaultDomainPasswordPolicy
  • Set-ADDomain
  • Set-ADDomainMode
  • Set-ADFineGrainedPasswordPolicy
  • Set-ADForest
  • Set-ADForestMode
  • Set-ADGroup
  • Set-ADObject
  • Set-ADOrganizationalUnit
  • Set-ADServiceAccount
  • Set-ADUser

Add Objects

  • Add-ADComputerServiceAccount
  • Add-ADDomainControllerPasswordReplicationPolicy
  • Add-ADFineGrainedPasswordPolicySubject
  • Add-ADGroupMember
  • Add-ADPrincipalGroupMembership

Disable Objects and Features

  • Disable-ADAccount
  • Disable-ADOptionalFeature

Enable Objects and Features

  • Enable-ADAccount
  • Enable-ADOptionalFeature

Move Objects

  • Move-ADDirectoryServer
  • Move-ADDirectoryServerOperationMasterRole
  • Move-ADObject

Rename Objects

  • Rename-ADObject

Reset Objects

  • Reset-ADServiceAccountPassword

Restore Objects

  • Restore-ADObject

Search

  • Search-ADAccount

Uninstall

  • Uninstall-ADServiceAccount

Unlock

  • Unlock-ADAccount

Clear

  • Clear-ADAccountExpiration

Install

  • Install-ADServiceAccount

Wrapping Up

As you can see, Microsoft has invested in Windows PowerShell for Active Directory command-line management. The Active Directory Module for Windows PowerShell includes a number of useful and powerful cmdlets, which ultimately make it easier to manage Active Directory from the command line. I will be adding additional posts to this blog in the coming weeks to demonstrate the Active Directory Module for Windows PowerShell

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Related:

Copyright © 2009 IDG Communications, Inc.

IT Salary Survey: The results are in