Archive for December, 2007

Happy New Year!

Just wanted to wish you all a very Merry Christmas and an amazingly Happy New Year! 2007 has been absolutely fantastic for us with both AD cmdlets and PowerGUI skyrocketing from first basic betas to featurerichness, great reviews and becoming tools used in real enterprise environments.

Thank you all for your participation in the community and for helping us build this great software! See you in 2008. 😉

(You’ve got the Christmas/New Year wallpaper from our team already, right?)

AD cmdlets support policies

Now that AD cmdlets are gold and the RTM version is available I would like to clarify the support policies you can expect for them.

This is actually very simple and straight-forward:

1. If you are downloading and using AD cmdlets for free, you can use the AD discussion forum at to report issues and get help.

2. Commercial customers of Quest AD management products (ActiveRoles Direct and ActiveRoles Server) get full support including phone, etc.

So you have both options depending on the money you are willing to spend and the level of support you want to get.

Tags: , , , ,

PowerGUI reviewed in TechNet Magazine

Next month TechNet Magazine is featuring PowerGUI in their Toolbox section.

Greg Steen has put together an excellent review of PowerGUI summarizing all the core functionality the tool has and as well as the usage scenarios for it.

Check out the review yourself – the online version is already live!

Tags: ,

PowerGUI Survey – Please respond

question markWe need your help and a couple of minutes of your time. Please go to this survey page and answer 5 simple questions on how you use PowerGUI today and where we should take it in the future.
As you know, our goal with PowerGUI is to keep it free (and as much as possible registration-free as well). However, we need information on how you are using it so we know where to concentrate our development efforts. This survey is one of the ways you can help us with that.

Finally, Quest and Microsoft are looking for joint case-study opportunities around PowerGUI and Windows Server 2008. If you may consider participating in one of those, please indicate it in the survey so we can follow-up and make you one of IT Heroes of tomorrow.

We really tried to keep the survey as short and straight-forward as possible, so we hope you can spare a minute or two on the survey page as a way to support our efforts on maintaining the free PowerGUI tool we all love and use. Thanks! 🙂

Tags: , , , ,

AD Cmdlets RTM

AD cmdlets are finally gold!

We kind of kept sticking to the fashion of perpetual betas for quite some time now (since the first 1.0 beta released late March through the RC 1.0.5 this fall) and we feel that the product is now feature rich and stable enough for us to drop the beta label.

In the coming weeks I’ll blog more about the cmdlets features and the changes compared to the RC build but for now, here’s a quick list:

User account management:


Plus a few common ones:


Group management:


Move, Rename, Remove obviously also apply:


Managing computer accounts:


OUs and other objects:


Fine-Grained Password Policies:


Selecting DC/domain/ADAM instance/ARS proxy or supplying alternate credentials:


Auxiliary cmdlets to make life easier:


It is more or less the same list we had in RC (with one new cmdlet and a few improvements and bugfixes in the others – and finally full PowerShell v2 compatibility ;)), but the EULA change alone (not a beta any more!) is probably worth making the upgrade all by itself!

And did I say that despite the RTM status AD cmdlets still remain free? Any reason for not going to the site right away and getting them? 😉

Tags: , , , , ,

XMas PowerGUI Wallpaper

Christmas PowerGUI WallpaperWe’ve just got a great Christmas present which in the best traditions of the holiday we want to share. 😉

Here’s a Christmas/New Year/Seasonal holiday present from Andrey (the author of the original PowerGUI wallpaper) – holiday edition of the wallpaper with snowflakes, Christmas tree, and the good old PowerGUI train.

Go get it from the PowerGUI downloads page – get yourself some of the holiday mood at your desktop!

Tags: , ,

Removing AD Attributes

All those Set-* cmdlets are great at changing an attribute in AD, but how do you remove an attribute completely?

The answer is really straight-forward – you just set it to $null.

For example, to remove my City attribute I could use something like:

Set-QADUser "Dmitry Sotnikov" -City $null

In the general case of any attribute and any object use this syntax:

Set-QADObject identity –ObjectAttribute @{attributeName=$null}

Where identity is anything that can identify the object: samAccountName, DN, GUID, SID, canonical name; and attributeName is the name of the attribute you want to remove.

I guess this is one of those cases when the solution is so obvious you just forget to blog about it (until you get an IM from someone like xaegr asking ;))

Related topics:

Tags: , , ,

PowerShell named the Best on Platforma 2008

Platforma 2008 (aka TechEd Russia) team has just published the results of attendee surveys and the PowerShell session I did at the event got named the best of the show!

This is very exciting and a great honor for me. Microsoft Russia has done an incredible job putting together a great conference, so being named the best at an event like still feels a bit surreal. 😉

Here’s the Russian Platforma 2008 results announcement, and an automated English translation.

Tags: , , , ,

Setting demo AD environments

Finally I will always have great AD demo environments with no accounts named TestUser01 or alike. 😉 This is the outcome of the setting up test AD environments discussion we had this week. Darren and Rob suggested a couple of tricks on duplicating AD to a test lab, and xaegr provided a great link to US census information data on the most frequently used names, as well as a sample script I am re-using and enhancing below.

I basically took what xaegr suggested, added other properties to user accounts (first name, last name, city, department), and added code creating global security groups for each department and adding users into the groups. Here goes the code:

# Script to provision demo AD labs
# (c) Dmitry Sotnikov, xaegr
# Requires AD cmdlets

# Add AD cmdlets (should be downloaded from 
# and installed on the local workstation
# the script assumes the workstation is a part of the domain

Add-PSSnapin  Quest.ActiveRoles.ADManagement -ErrorAction SilentlyContinue

# set folder in which the data files are located
# this folder should contain files from
# as well as cities.txt and departments.txt with the
# lists of cities and departments for the lab
cd c:\demofiles

# set OU for demo accounts
$OU = "ps64.local/test"
# number of accounts to generate
$num = 100

# read name files
$last = Get-Content dist.all.last | select -First 1000
$firstm = Get-Content dist.male.first | select -First 100
$firstf = Get-Content dist.female.first | select -first 100

# extract the names
$last = $last | where {$_ -match "^(\S+)"}|foreach-object {$matches[1]}
$firstf = $firstf | where {$_ -match "^(\S+)"}|foreach-object {$matches[1]}
$firstm = $firstm | where {$_ -match "^(\S+)"}|foreach-object {$matches[1]}

# read department and city info
$cities = Get-Content Cities.txt
$depts = Get-Content Departments.txt

# set up random number generator
$rnd = New-Object System.Random

function New-RandomADUser {
    # pick a male or a female first name
    if($ -eq 1) {
        $fn = $firstm[$$firstm.length)]
    } else {
        $fn = $firstf[$$firstf.length)]
    # random last name

    # Set proper caps
    $ln = $ln[0] + $ln.substring(1, $ln.length - 1).ToLower()
    $fn = $fn[0] + $fn.substring(1, $fn.length - 1).ToLower()

    # random city and department
    $city = $cities[$$cities.length)]
    $dept = $depts[$$depts.length)]

    # Create and enable a user
    if ( ( Get-QADUser -SamAccountName ($fn.substring(0,1) + $ln) ) -eq $null ) {
        New-QADUser -Name "$fn $ln" -SamAccountName ($fn.substring(0,1) + $ln) `
                    -ParentContainer $OU -City $city -Department $dept `
                    -UserPassword "P@ssw0rd" -FirstName $fn -LastName $ln `
                    -DisplayName "$fn $ln" -Description "$city $dept" -Office $city `
                    | Enable-QADUser

# Create 100 users
1..$num | ForEach-Object { New-RandomADUser }

# Create groups for each department
Get-QADUser -SearchRoot $OU | Group Department | ForEach-Object {
    New-QADGroup -Name $_.Name -SamAccountName $_.Name -ParentContainer $OU

# Add users to the groups based on their departments
Get-QADUser -SearchRoot $OU | Add-QADGroupMember -Identity { $_.Department }

The files for names can be found on the census page, the files for cities and departments I was using are attached (note that to increase probability of a certain department or city you just need to duplicate it a few times in the file) as well as the script code:

Let me know if there’s anything else you need for your demo environments!

Tags: , , , ,

How do you set up test AD environments?

I am often asked how PowerShell can be used to set up test or lab Active Directory environments – and frankly could not come up with a single comprehensive answer – different people need different things in their labs.

Here’s what I do personally:

If I need to create a bunch of test accounts I just do something like:

1..20 | foreach-object { New-QADUser -Name "TestUser$_" -SamAccountName "TestUser$_" -ParentContainer mydomain.local/demo}

This creates accounts with no password set and disabled. If my demo needs enabled accounts I can just use the -UserPassword switch to set the password and Enable-QADUser to enable the accounts.

I often just use PowerGUI to randomly select a few users and set their City and/or Department. I guess I could do that with a pretty easy script randomly setting the values.

And then I can create groups and populating them by selected criteria, e.g.:

Get-QADUser -Department Sales | Add-QADGroupMember DL.Sales

There’s also a part of me telling that a better way would be to just create a CSV file instead and import the data:

Import-CSV c:\users.csv | ForEach-Object { New-QADUser -Name $_.Name -SamAccountName $_.Name -Department $_.Department -ParentContainer mydoman.local/demo }

Alternatively, one could user Get-QADUser (Get-QADObject, etc.) to retrieve data from a real domain, and re-create the data in a test environment. This obviously is a bad idea for external public demos but sounds like a good way to do test environments.

What are you doing for your test and demo environments? Any help/advice needed in doing what you want to do?

Tags: , , ,

My Recent Tweets


The posts on this blog are provided “as is” with no warranties and confer no rights. The opinions expressed on this site are mine and mine alone, and do not necessarily represent those of my employer - WSO2 or anyone else for that matter. All trademarks acknowledged.

© 2007-2014 Dmitry Sotnikov

December 2007

%d bloggers like this: