• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Using PowerShell for active directory management
 

Using PowerShell for active directory management

on

  • 4,013 views

Slides used at Bangalore IT Pro BarCamp on 18th December 2010

Slides used at Bangalore IT Pro BarCamp on 18th December 2010

Statistics

Views

Total Views
4,013
Views on SlideShare
3,934
Embed Views
79

Actions

Likes
2
Downloads
115
Comments
0

2 Embeds 79

http://www.ravichaganti.com 51
https://pyxis.sega.co.jp 28

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • $users = [ADSI]"LDAP://cn=users,dc=barcamp,dc=in“[ADSI] can get quite verbose as we start doing advanced tasks
  • Get-ADForest BarCamp.inGet-ADForest –Current LoggedOnUserGet-ADForest –Current LocalComputerSet-ADForest can be used to change Authentication Type, UPNSuffixes and SPNSuffixe (Default is negotiate. Basic requires SSL)Set-ADForestMode changes the forest functional mode.Set-ADForestMode -Identity BarCamp.in -ForestMode Windows2008R2ForestPossible values for this parameter are: Windows2000Forest or 0 Windows2003InterimForest or 1 Windows2003Forest or 2 Windows2008Forest or 3 Windows2008R2Forest or 4Get-ADDomain BarCamp.in(Get-AdDomain).DomainModeSet-AdDomainMode –DomainMode Windows2008R2DomainWindows2000Domain or 0Windows2003InterimDomain or 1Windows2003Domain or 2Windows2008Domain or 3Windows2008R2Domain or 4
  • #To Get specific user detailsGet-ADUser –Identity “Ravikanth”#To filter by UserNameGet-ADUser –Filter ‘Name –like ‘Ravi*’”#To filter from a selected OUGet-ADUser -Filter * -SearchBase "CN=Users,DC=BarCamp,DC=in“#To see additional properties than the default setGet-ADUser –Filter ‘Name –like ‘Admin*’” –Properties Description#To see all propertiesGet-AdUser "Ravikanth" -Properties *New-ADUser-Name “Bill Gates" -SamAccountName“BillG" -GivenName“Bill" -Surname “Gates" -DisplayName“Bill Gates" -Path ‘CN=Users,DC=BarCamp,DC=in' -OtherAttributes@{'Title'=“God at Microsoft"} -AccountPassword (Read-Host -AsSecureString"AccountPassword") -Enabled $true#Change user propertiesSet-ADUser Ravikanth -City Bangalore -Replace @{title="PowerShell MVP";Description="Is a part of Domain Users"}Set-ADUser Ravikanth -Clear Description#Remove UserAccountRemove-ADUser "Rchaganti”#Disable AccountDisable-ADAccount -Identity Ravikanth#Enable AccountEnable-ADAccount -Identity Ravikanth#Set account Expiry dateSet-ADAccountExpiration -Identity Ravikanth -DateTime "12/31/2010"#Clear Account ExpiryClear-ADAccountExpiration -Identity Ravikanth#Set Account PasswordSet-ADAccountPassword -Identity Ravikanth ` -Reset -NewPassword (ConvertTo-SecureString -AsPlainText "Warri0r@" -Force)#Unlock AccountUnlock-ADAccount Ravikanth
  • #Get AD GroupGet-ADGroupDomainUsersGet-ADGroup -Filter *#New AD GroupNew-ADGroup -Name "Bitpro" -SamAccountName "Bitpro" -GroupScope Global -Path "DC=BarCamp,DC=in“#Remove-ADGroupRemove-ADGroup -Identity BITPro -Confirm#Get AD Group memberGet-ADGroupMember -Identity Administrators#Add a user to groupAdd-ADGroupMember -Identity DemoUsers -Members Ravikanth#Remove group membersRemove-ADGroupMember -Identity DemoUsers -Members Ravikanth
  • #OUGet-ADOrganizationalUnit -Filter *Get-ADOrganizationalUnit -Filter * -Properties *#Create OUNew-ADOrganizationalUnit -DisplayName "DemoOU" -Name "DEMOOU" -Path "DC=BarCamp,DC=in"
  • #Get-ADServiceAccountGet-ADServiceAccount -Filter *#New AD Service AccountNew-ADServiceAccount -Name DemoService -DisplayName "Demo Service Account" ` -Path "OU=DEMOOU,DC=BarCamp,DC=in" ` -AccountPassword (ConvertTo-SecureString -AsPlainText "Warri0r@" -Force)#remove AD Service AccountRemove-ADServiceAccountDemoService#Install AD Service AccountInstall-ADServiceAccountDemoService#UnInstall AD Service AccountUnInstall-ADServiceAccountDemoService#Reset AD Service AccountPasswordReset-ADServiceAccountPassword -Identity DemoService
  • #Enable Recycle BinEnable-ADOptionalFeature 'Recycle Bin Feature' -Scope ForestOrConfigurationSet -Target 'BarCamp.in'#Restore AD Object from recycle binGet-ADObject -Filter 'samaccountname -eq "rchaganti"' -IncludeDeletedObjectsGet-ADObject -Filter 'samaccountname -eq "rchaganti"' -IncludeDeletedObjects | Restore-ADObject
  • $user=Get-ADObject -Filter "SamAccountName -eq 'RChaganti'"$user | Move-ADObject -TargetPath "CN=Users,DC=BarCamp,DC=in"

Using PowerShell for active directory management Using PowerShell for active directory management Presentation Transcript

  • PowerShell for Managing Active Directory
    Ravikanth C
  • About me
    Lead Engineer at Dell
    Windows PowerShell MVP
    Developer on several PowerShell projects on Codeplex
    Author of
    Free eBook: Layman’s guide to PowerShell 2.0 remoting
    Co-author on Quest’s SharePoint 2010 & PowerShell cheat sheet
    Blog at http://www.ravichaganti.com/blog
    Founder & editor of PowerShellFromIndia
    More details on this soon 
  • Giving away..
    Two copies (eBook) of
    Managing Active Directory with Windows PowerShell: TFM
    Thanks to Sapien Press
    One copy (eBook) of
    Windows PowerShell Cookbook
    Thanks to O'Reilly Media
  • PowerShell for Active Directory
    [ADSI] adapter
    In-box
    Windows Server 2008 R2 includes a PowerShell module
    In-box
    Quest Software ActiveRoles Management Shell
    Free download
    Softerra Adaxes 2010.2
    Commercial product
    Idera Scripts for Active Directory
    Free; uses [ADSI]
  • PowerShell for Active Directory
    Microsoft cmdlets
    Quest cmdlets
    PowerShell 2.0 only
    Require AD Management Gateway for managing pre-Windows 2008 R2 DC
    Cannot manage local LDS on Windows 7
    Cannot manage terminal services attributes
    Version Independent
    Support Windows 2003, 2008, and 2008 R2 DC management
    Can manage Windows 7 local LDS
    Can manage terminal services attributes
  • Microsoft cmdlets for Active Directory
    In-box from Windows Server 2008 R2 onwards
    Get enabled by
    Installing AD DS or LDS server roles or
    Running DCPromo.exe or
    Installing RSAT on Windows Server 2008 R2 or Windows 7
    To access AD cmdlets
    Start->Administrative Tools->Active Directory Module for Windows PowerShell or
    Import-Module ActiveDirectory
    To list AD cmdlets
    Get-Command -noun AD* or
    Get-Command –Module ActiveDirectory
  • Managing down level servers
    • Requires AD Management Gateway Services
    • AD PowerShell cmdlets & ADAC use AD web servicesto administer directory
    • Available for Windows2003 R2 with SP22003 SP220082008 SP2
  • Microsoft cmdlets for Active Directory
    Cmdlets can be grouped under
    Forests & Domains
    User & Computer accounts
    Groups
    Password Policies
    OU tasks
    Service Accounts
    Schema Tasks
  • Forest & Domains
    Get-ADForest
    Set-ADForest
    Set-ADForestMode
    Get-ADDomain
    Set-ADDomainMode
  • User Accounts
    Get-ADUser
    New-ADUser
    Set-ADUser
    Remove-ADUser
    Disable-ADAccount
    Enable-ADAccount
    Set-ADAccountExpiration
    Clear-ADAccountExpiration
    Set-ADAccountPassword
    Unlock-ADAccount
  • Groups
    Get-ADGroup
    New-ADGroup
    Set-ADGroup
    Remove-ADGroup
    Get-ADGroupMember
    Add-ADGroupMember
    Remove-ADGroupMember
  • OU tasks
    Get-ADOrganizationalUnit
    New- ADOrganizationalUnit
  • Service Accounts
    Get-ADServiceAccount
    New-ADServiceAccount
    Set-ADServiceAccount
    Install-ADServiceAccount
    Uninstall-ADServiceAccount
    Reset-ADServiceAccountPassword
  • AD Recycle Bin
    Enable AD Optional Feature: “Recycle Bin Feature”
    This is an irreversible action
    Restore-ADObject to restore deleted objects
  • Moving an AD Object
    Use Get-ADObject to get an instance
    Pipe it to Move-ADObject and specify new location as a value to -TargetPath
  • Learning Resources – PowerShell for AD
    Cmdlet reference
    Book: Managing Active Directory with PowerShell: TFM
    AD cmdlets quick reference guide
    Adaxes Cmdlets
    Quest Cmdlets
    Idera PowerShell Scripts
    ADMGS for down level servers
  • Learning resources - PowerShell
    Getting started guide
    PowerShell Learning center
    The scripting Guys blog
    PowerScripting Podcast
    PowerShell.com free online eBook
  • Q & A
    Thanks