I got a hold of the PowerShell cmdlets for AD which Quest started releasing: PowerGUI Community: AD PowerShell CMDLETS
I think that the project is a great idea! It allows to script against AD without learning the schema and ADSI and gives a much nicer command-line environment. I found that although the current set of cmdlets was still somewhat limited I still could use them to work with users and groups, change properties, change group membership, provision new user accounts, etc. – so they already provide some value in doing day-to-day AD management tasks.
Just FYI here are a few blog posts that provide an overview of using the native ADSI capabilities of PowerShell to manage AD:
- AD Infrastructure management with PowerShell
- Benp’s Basic Guide to Managing Active Directory Objects with PowerShell (located via Evan)
- Or .NET like for example in this script by Adam.
To me something like this (taken from Ben’s post) looks more like an application code than like a command line (this code creates a user account):
$username = ‘benp’
#Bind to OU
$adminsOU = New-Object System.DirectoryServices.DirectoryEntry("LDAP://OU=admins,DC=umpadom,DC=com")
#Create the user
$user = $adminsOU.psbase.get_children().add(‘CN=’ + $username,'User')
#Commit Changes
$user.psbase.CommitChanges()
#Set the SAMAccountName
$user.psbase.invokeset(‘sAMAccountName’,$username)
#Commit Changes
$user.psbase.CommitChanges()
So I was eager to give what Quest produced in their beta 1 a try:
I installed the setup and got an “ActiveRoles Management Shell for Active Directory (beta)” shortcut added to my Start menu. This turned out to be a normal PowerShell console with the Quest.ActiveRoles.ADManagement PowerShell snapin already added.
Running “get-command *QAD*” gave me the list of commands available (QAD is the prefix which all the commands are using) so I tried a few of these.
I started with just getting a list of users in my lab:
PS C:\> Get-QADUser
Type LogonName DN
---- --------- --
user Administrator CN=Administrator,CN=Users,DC=e2007,DC=local
user Guest CN=Guest,CN=Users,DC=e2007,DC=local
user SUPPORT_388945a0 CN=SUPPORT_388945a0,CN=Users,DC=e2007,DC=local
user IUSR_E2K7 CN=IUSR_E2K7,CN=Users,DC=e2007,DC=local
user IWAM_E2K7 CN=IWAM_E2K7,CN=Users,DC=e2007,DC=local
user ASPNET CN=ASPNET,CN=Users,DC=e2007,DC=local
user krbtgt CN=krbtgt,CN=Users,DC=e2007,DC=local
user jlennon CN=John Lennon,CN=Users,DC=e2007,DC=local
user pmccartney CN=Paul McCartney,CN=Users,DC=e2007,DC=local
user rstarr CN=Ringo Starr,CN=Users,DC=e2007,DC=local
user gharrison CN=George Harrison,CN=Users,DC=e2007,DC=local
user Mbx1 CN=Mbx1,CN=Users,DC=e2007,DC=local
user Mbx2 CN=Mbx2,CN=Users,DC=e2007,DC=local
user Mbx3 CN=Mbx3,CN=Users,DC=e2007,DC=local
user Mbx4 CN=Mbx4,CN=Users,DC=e2007,DC=local
user helpdesk CN=helpdesk,CN=Users,DC=e2007,DC=local
Getting the list of computers (I only have one in the lab ;)):
PS C:\> Get-QADComputer
Type LogonName DN
---- --------- --
computer E2K7$ CN=E2K7,OU=Domain Controllers,DC=e2007,DC=local
Getting only the guys with a certain property set:
PS C:\> Get-QADUser -Company Beatles
Type LogonName DN
---- --------- --
user jlennon CN=John Lennon,CN=Users,DC=e2007,DC=local
user pmccartney CN=Paul McCartney,CN=Users,DC=e2007,DC=local
user rstarr CN=Ringo Starr,CN=Users,DC=e2007,DC=local
user gharrison CN=George Harrison,CN=Users,DC=e2007,DC=local
Piping them into “Set” to change a property
PS C:\> Get-QADUser -Company Beatles | Set-QADUser -City Liverpool
PS C:\> Get-QADUser -Company Beatles | ft Name, City
Name City
---- ----
John Lennon Liverpool
Paul McCartney Liverpool
Ringo Starr Liverpool
George Harrison Liverpool
Bulk-provisioning with a one-liner using a csv file:
PS C:\> import-csv 'C:\ARPS4AD.csv' | %{new-qadUser -organizationalUnit 'e2007.local/Demo' -name ($_.'First Name' + ' ' + $_.'Last Name') -samAccountName $_.'Logon name' -city $_.city -title $_.'Job title' -department $_.department}
PS C:\> Get-QADUser -OrganizationalUnit e2007.local/demo | ft Name, City, Department, Title
Name City Department Title
---- ---- ---------- -----
Ryuichi Sakamoto Tokyo Marketing Manager
Adrie Fortuyn Amsterdam Sales Senior Executive
Lelani Asad New York Marketing Manager
Shunji Iwai Tokyo Sales Senior Executive
Haruki Murakami Tokyo Accounting Manager
Olivia Barcelonas Nw York Accounting Manager
Alva Sheldon Amsterdam Accounting Manager
Nyoko Takuya Tokyo Sales Deputy Head
Jannetje Dirksdr Amsterdam Sales Senior Executive
Anke Brittany Amsterdam Marketing Manager
Jeroen Herijgers Amsterdam Marketing Senior Executive
Dai San Tokyo Sales Senior Executive
Ronald Boyraz Amsterdam Marketing Manager
Hisa Hiko Tokyo Sales Manager
Belinda Brestner New York Sales Senior Executive
Haruko Chan Tokyo Sales Manager
Hoshi Kimura Tokyo Marketing Senior Executive
Lotta Buhler New York Marketing Senior Executive
Oktay Haasjes Amsterdam Sales Senior Executive
Hoshiko Kanji Tokyo Sales Manager
Jun'ko Katakana Tokyo Accounting Manager
Creating a new group:
PS C:\> New-QADGroup -Name Tokyo -SamAccountName Tokyo -OrganizationalUnit e2007.local/demo -Type Security -Scope Global
Type LogonName DN
---- --------- --
group Tokyo CN=Tokyo,OU=Demo,DC=e2007,DC=local
Adding users based on their location:
PS C:\> Add-QADGroupMember e2007.local/Demo/Tokyo -Member (Get-QADUser -City Tokyo)
I liked the progress the team is making. I was involved in some of the discussions around the project and it s nice to start seeing the outcome!
Now I need to try to get them show up in PowerGUI… I’ll let you knowhow it goes…