I got a hold of the PowerShell cmdlets for AD which Quest started releasing: PowerGUI Community: AD PowerShell CMDLETS
I think that the project is a great idea! It allows to script against AD without learning the schema and ADSI and gives a much nicer command-line environment. I found that although the current set of cmdlets was still somewhat limited I still could use them to work with users and groups, change properties, change group membership, provision new user accounts, etc. – so they already provide some value in doing day-to-day AD management tasks.
Just FYI here are a few blog posts that provide an overview of using the native ADSI capabilities of PowerShell to manage AD:
- AD Infrastructure management with PowerShell
- Benp’s Basic Guide to Managing Active Directory Objects with PowerShell (located via Evan)
- Or .NET like for example in this script by Adam.
To me something like this (taken from Ben’s post) looks more like an application code than like a command line (this code creates a user account):
$username = ‘benp’#Bind to OU$adminsOU = New-Object System.DirectoryServices.DirectoryEntry("LDAP://OU=admins,DC=umpadom,DC=com")#Create the user$user = $adminsOU.psbase.get_children().add(‘CN=’ + $username,'User')#Commit Changes$user.psbase.CommitChanges()#Set the SAMAccountName$user.psbase.invokeset(‘sAMAccountName’,$username)#Commit Changes$user.psbase.CommitChanges()
So I was eager to give what Quest produced in their beta 1 a try:
I installed the setup and got an “ActiveRoles Management Shell for Active Directory (beta)” shortcut added to my Start menu. This turned out to be a normal PowerShell console with the Quest.ActiveRoles.ADManagement PowerShell snapin already added.
Running “get-command *QAD*” gave me the list of commands available (QAD is the prefix which all the commands are using) so I tried a few of these.
I started with just getting a list of users in my lab:
PS C:\> Get-QADUserType LogonName DN---- --------- --user Administrator CN=Administrator,CN=Users,DC=e2007,DC=localuser Guest CN=Guest,CN=Users,DC=e2007,DC=localuser SUPPORT_388945a0 CN=SUPPORT_388945a0,CN=Users,DC=e2007,DC=localuser IUSR_E2K7 CN=IUSR_E2K7,CN=Users,DC=e2007,DC=localuser IWAM_E2K7 CN=IWAM_E2K7,CN=Users,DC=e2007,DC=localuser ASPNET CN=ASPNET,CN=Users,DC=e2007,DC=localuser krbtgt CN=krbtgt,CN=Users,DC=e2007,DC=localuser jlennon CN=John Lennon,CN=Users,DC=e2007,DC=localuser pmccartney CN=Paul McCartney,CN=Users,DC=e2007,DC=localuser rstarr CN=Ringo Starr,CN=Users,DC=e2007,DC=localuser gharrison CN=George Harrison,CN=Users,DC=e2007,DC=localuser Mbx1 CN=Mbx1,CN=Users,DC=e2007,DC=localuser Mbx2 CN=Mbx2,CN=Users,DC=e2007,DC=localuser Mbx3 CN=Mbx3,CN=Users,DC=e2007,DC=localuser Mbx4 CN=Mbx4,CN=Users,DC=e2007,DC=localuser helpdesk CN=helpdesk,CN=Users,DC=e2007,DC=local
Getting the list of computers (I only have one in the lab ;)):
PS C:\> Get-QADComputerType LogonName DN---- --------- --computer E2K7$ CN=E2K7,OU=Domain Controllers,DC=e2007,DC=local
Getting only the guys with a certain property set:
PS C:\> Get-QADUser -Company BeatlesType LogonName DN---- --------- --user jlennon CN=John Lennon,CN=Users,DC=e2007,DC=localuser pmccartney CN=Paul McCartney,CN=Users,DC=e2007,DC=localuser rstarr CN=Ringo Starr,CN=Users,DC=e2007,DC=localuser gharrison CN=George Harrison,CN=Users,DC=e2007,DC=local
Piping them into “Set” to change a property
PS C:\> Get-QADUser -Company Beatles | Set-QADUser -City LiverpoolPS C:\> Get-QADUser -Company Beatles | ft Name, CityName City---- ----John Lennon LiverpoolPaul McCartney LiverpoolRingo Starr LiverpoolGeorge Harrison Liverpool
Bulk-provisioning with a one-liner using a csv file:
PS C:\> import-csv 'C:\ARPS4AD.csv' | %{new-qadUser -organizationalUnit 'e2007.local/Demo' -name ($_.'First Name' + ' ' + $_.'Last Name') -samAccountName $_.'Logon name' -city $_.city -title $_.'Job title' -department $_.department}PS C:\> Get-QADUser -OrganizationalUnit e2007.local/demo | ft Name, City, Department, TitleName City Department Title---- ---- ---------- -----Ryuichi Sakamoto Tokyo Marketing ManagerAdrie Fortuyn Amsterdam Sales Senior ExecutiveLelani Asad New York Marketing ManagerShunji Iwai Tokyo Sales Senior ExecutiveHaruki Murakami Tokyo Accounting ManagerOlivia Barcelonas Nw York Accounting ManagerAlva Sheldon Amsterdam Accounting ManagerNyoko Takuya Tokyo Sales Deputy HeadJannetje Dirksdr Amsterdam Sales Senior ExecutiveAnke Brittany Amsterdam Marketing ManagerJeroen Herijgers Amsterdam Marketing Senior ExecutiveDai San Tokyo Sales Senior ExecutiveRonald Boyraz Amsterdam Marketing ManagerHisa Hiko Tokyo Sales ManagerBelinda Brestner New York Sales Senior ExecutiveHaruko Chan Tokyo Sales ManagerHoshi Kimura Tokyo Marketing Senior ExecutiveLotta Buhler New York Marketing Senior ExecutiveOktay Haasjes Amsterdam Sales Senior ExecutiveHoshiko Kanji Tokyo Sales ManagerJun'ko Katakana Tokyo Accounting Manager
Creating a new group:
PS C:\> New-QADGroup -Name Tokyo -SamAccountName Tokyo -OrganizationalUnit e2007.local/demo -Type Security -Scope GlobalType LogonName DN---- --------- --group Tokyo CN=Tokyo,OU=Demo,DC=e2007,DC=local
Adding users based on their location:
PS C:\> Add-QADGroupMember e2007.local/Demo/Tokyo -Member (Get-QADUser -City Tokyo)
I liked the progress the team is making. I was involved in some of the discussions around the project and it s nice to start seeing the outcome!
Now I need to try to get them show up in PowerGUI… I’ll let you knowhow it goes…
Subscribe by email
