AD Cmdlets 1.0.2 Released: Support Vista and Longhorn

Andrei posted an announcement on release of v1.0.2 of AD cmdlets.

Vista/Longhorn Support

To me this is the main new feature. Not any particular cmdlet but just the ability to install and run the cmdlets on Windows Vista and Windows Server 2008 (Longhorn). My desktop computer runs Vista and my demo lab is 2008 so I am glad I no longer need to use a dev build not being available publicly.

However, besides that there are multiple other improvements such as:

Remove-QADObject cmdlet

Supports pipelining so you could run something like:

Get-QADGroupMember *Managers | Remove-QADObject -whatif

to get read of all managers in your company.

Seriously though, please execise with caution. Deleting accounts, groups, OUs, etc. can be pretty dangerous. Always use -whatif before really running the command, and when you do run it, carefully read the “Are you sure” note before confirming.

There is also the-DeleteTree parameter for objects within OUs:

Remove-QADObject 'company.com/UsersOU' -DeleteTree

Obviously, there are multiple other parameters (such as -Force) which you can find in documentation, help, or just by using tab-completion.

Output limits

1.0.1 had a couple of get- limitations:

All get- cmdlets returned by default just the first 1000 objects and if you wanted more (e.g. all) you had to use the -SizeLimit parameter with some huge number. In 1.0.2 the default limitation is still there(which is great in large environments) but unlimited mode is implemented. To remove the limitation simply use zero as your size limit.

(Get-QADUser -SizeLimit 0).Count

should return you the number of user accounts in your AD even if you have more than a 1,000 of those.

Get-GroupMember is also now not limited to the AD default retrieve set (was that 1,000 as well?) and always returns full list of members. You don’t have to use any parameters to achieve that:

Get-GroupMember "World-Wide Everyone"

will give you a list of all accounts in the group no matter how big it is.

You can create enabled user accounts

1.0.1 did not support setting UserAccountControl flags during creation so you had to first create an account and then use Set-QADUser to enable it. Now you can do it all with one cmdlet:

New-QADUser -Name 'User1' -OU 'company.com/UsersOU' -UserPassword 'Qwerty123' -ObjectAttributes @{userAccountControl=512}

Smart wildcard mode

Before that you had to manually switch cmdlets to PowerShell-wildcard mode for advanced wildcards. With 1.0.2 cmdlets are smart enough to make the decision for you:

• If wildcards you are using are LDAP compatible they will be put into LDAP query and thus efficiently executed on DC.
• If you are using advanced wildcards PowerShell filtering is used instead.

Everything that was there before

All the functionality they had in 1.0.1 is of course still there as well.

Tags: one-liner, oneliner, AD cmdlets, cmdlets, PowerShell, Active Directory, Examples, Longhorn, AD, Vista