Your SlideShare is downloading. ×
Using PowerShell for active directory management
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Using PowerShell for active directory management

3,880
views

Published on

Slides used at Bangalore IT Pro BarCamp on 18th December 2010

Slides used at Bangalore IT Pro BarCamp on 18th December 2010

Published in: Technology

0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
3,880
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
150
Comments
0
Likes
2
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • $users = [ADSI]"LDAP://cn=users,dc=barcamp,dc=in“[ADSI] can get quite verbose as we start doing advanced tasks
  • Get-ADForest BarCamp.inGet-ADForest –Current LoggedOnUserGet-ADForest –Current LocalComputerSet-ADForest can be used to change Authentication Type, UPNSuffixes and SPNSuffixe (Default is negotiate. Basic requires SSL)Set-ADForestMode changes the forest functional mode.Set-ADForestMode -Identity BarCamp.in -ForestMode Windows2008R2ForestPossible values for this parameter are: Windows2000Forest or 0 Windows2003InterimForest or 1 Windows2003Forest or 2 Windows2008Forest or 3 Windows2008R2Forest or 4Get-ADDomain BarCamp.in(Get-AdDomain).DomainModeSet-AdDomainMode –DomainMode Windows2008R2DomainWindows2000Domain or 0Windows2003InterimDomain or 1Windows2003Domain or 2Windows2008Domain or 3Windows2008R2Domain or 4
  • #To Get specific user detailsGet-ADUser –Identity “Ravikanth”#To filter by UserNameGet-ADUser –Filter ‘Name –like ‘Ravi*’”#To filter from a selected OUGet-ADUser -Filter * -SearchBase "CN=Users,DC=BarCamp,DC=in“#To see additional properties than the default setGet-ADUser –Filter ‘Name –like ‘Admin*’” –Properties Description#To see all propertiesGet-AdUser "Ravikanth" -Properties *New-ADUser-Name “Bill Gates" -SamAccountName“BillG" -GivenName“Bill" -Surname “Gates" -DisplayName“Bill Gates" -Path ‘CN=Users,DC=BarCamp,DC=in' -OtherAttributes@{'Title'=“God at Microsoft"} -AccountPassword (Read-Host -AsSecureString"AccountPassword") -Enabled $true#Change user propertiesSet-ADUser Ravikanth -City Bangalore -Replace @{title="PowerShell MVP";Description="Is a part of Domain Users"}Set-ADUser Ravikanth -Clear Description#Remove UserAccountRemove-ADUser "Rchaganti”#Disable AccountDisable-ADAccount -Identity Ravikanth#Enable AccountEnable-ADAccount -Identity Ravikanth#Set account Expiry dateSet-ADAccountExpiration -Identity Ravikanth -DateTime "12/31/2010"#Clear Account ExpiryClear-ADAccountExpiration -Identity Ravikanth#Set Account PasswordSet-ADAccountPassword -Identity Ravikanth ` -Reset -NewPassword (ConvertTo-SecureString -AsPlainText "Warri0r@" -Force)#Unlock AccountUnlock-ADAccount Ravikanth
  • #Get AD GroupGet-ADGroupDomainUsersGet-ADGroup -Filter *#New AD GroupNew-ADGroup -Name "Bitpro" -SamAccountName "Bitpro" -GroupScope Global -Path "DC=BarCamp,DC=in“#Remove-ADGroupRemove-ADGroup -Identity BITPro -Confirm#Get AD Group memberGet-ADGroupMember -Identity Administrators#Add a user to groupAdd-ADGroupMember -Identity DemoUsers -Members Ravikanth#Remove group membersRemove-ADGroupMember -Identity DemoUsers -Members Ravikanth
  • #OUGet-ADOrganizationalUnit -Filter *Get-ADOrganizationalUnit -Filter * -Properties *#Create OUNew-ADOrganizationalUnit -DisplayName "DemoOU" -Name "DEMOOU" -Path "DC=BarCamp,DC=in"
  • #Get-ADServiceAccountGet-ADServiceAccount -Filter *#New AD Service AccountNew-ADServiceAccount -Name DemoService -DisplayName "Demo Service Account" ` -Path "OU=DEMOOU,DC=BarCamp,DC=in" ` -AccountPassword (ConvertTo-SecureString -AsPlainText "Warri0r@" -Force)#remove AD Service AccountRemove-ADServiceAccountDemoService#Install AD Service AccountInstall-ADServiceAccountDemoService#UnInstall AD Service AccountUnInstall-ADServiceAccountDemoService#Reset AD Service AccountPasswordReset-ADServiceAccountPassword -Identity DemoService
  • #Enable Recycle BinEnable-ADOptionalFeature 'Recycle Bin Feature' -Scope ForestOrConfigurationSet -Target 'BarCamp.in'#Restore AD Object from recycle binGet-ADObject -Filter 'samaccountname -eq "rchaganti"' -IncludeDeletedObjectsGet-ADObject -Filter 'samaccountname -eq "rchaganti"' -IncludeDeletedObjects | Restore-ADObject
  • $user=Get-ADObject -Filter "SamAccountName -eq 'RChaganti'"$user | Move-ADObject -TargetPath "CN=Users,DC=BarCamp,DC=in"
  • Transcript

    • 1. PowerShell for Managing Active Directory
      Ravikanth C
    • 2. About me
      Lead Engineer at Dell
      Windows PowerShell MVP
      Developer on several PowerShell projects on Codeplex
      Author of
      Free eBook: Layman’s guide to PowerShell 2.0 remoting
      Co-author on Quest’s SharePoint 2010 & PowerShell cheat sheet
      Blog at http://www.ravichaganti.com/blog
      Founder & editor of PowerShellFromIndia
      More details on this soon 
    • 3. Giving away..
      Two copies (eBook) of
      Managing Active Directory with Windows PowerShell: TFM
      Thanks to Sapien Press
      One copy (eBook) of
      Windows PowerShell Cookbook
      Thanks to O'Reilly Media
    • 4. PowerShell for Active Directory
      [ADSI] adapter
      In-box
      Windows Server 2008 R2 includes a PowerShell module
      In-box
      Quest Software ActiveRoles Management Shell
      Free download
      Softerra Adaxes 2010.2
      Commercial product
      Idera Scripts for Active Directory
      Free; uses [ADSI]
    • 5. PowerShell for Active Directory
      Microsoft cmdlets
      Quest cmdlets
      PowerShell 2.0 only
      Require AD Management Gateway for managing pre-Windows 2008 R2 DC
      Cannot manage local LDS on Windows 7
      Cannot manage terminal services attributes
      Version Independent
      Support Windows 2003, 2008, and 2008 R2 DC management
      Can manage Windows 7 local LDS
      Can manage terminal services attributes
    • 6. Microsoft cmdlets for Active Directory
      In-box from Windows Server 2008 R2 onwards
      Get enabled by
      Installing AD DS or LDS server roles or
      Running DCPromo.exe or
      Installing RSAT on Windows Server 2008 R2 or Windows 7
      To access AD cmdlets
      Start->Administrative Tools->Active Directory Module for Windows PowerShell or
      Import-Module ActiveDirectory
      To list AD cmdlets
      Get-Command -noun AD* or
      Get-Command –Module ActiveDirectory
    • 7. Managing down level servers
      • Requires AD Management Gateway Services
      • 8. AD PowerShell cmdlets & ADAC use AD web servicesto administer directory
      • 9. Available for Windows2003 R2 with SP22003 SP220082008 SP2
    • Microsoft cmdlets for Active Directory
      Cmdlets can be grouped under
      Forests & Domains
      User & Computer accounts
      Groups
      Password Policies
      OU tasks
      Service Accounts
      Schema Tasks
    • 10. Forest & Domains
      Get-ADForest
      Set-ADForest
      Set-ADForestMode
      Get-ADDomain
      Set-ADDomainMode
    • 11. User Accounts
      Get-ADUser
      New-ADUser
      Set-ADUser
      Remove-ADUser
      Disable-ADAccount
      Enable-ADAccount
      Set-ADAccountExpiration
      Clear-ADAccountExpiration
      Set-ADAccountPassword
      Unlock-ADAccount
    • 12. Groups
      Get-ADGroup
      New-ADGroup
      Set-ADGroup
      Remove-ADGroup
      Get-ADGroupMember
      Add-ADGroupMember
      Remove-ADGroupMember
    • 13. OU tasks
      Get-ADOrganizationalUnit
      New- ADOrganizationalUnit
    • 14. Service Accounts
      Get-ADServiceAccount
      New-ADServiceAccount
      Set-ADServiceAccount
      Install-ADServiceAccount
      Uninstall-ADServiceAccount
      Reset-ADServiceAccountPassword
    • 15. AD Recycle Bin
      Enable AD Optional Feature: “Recycle Bin Feature”
      This is an irreversible action
      Restore-ADObject to restore deleted objects
    • 16. Moving an AD Object
      Use Get-ADObject to get an instance
      Pipe it to Move-ADObject and specify new location as a value to -TargetPath
    • 17. Learning Resources – PowerShell for AD
      Cmdlet reference
      Book: Managing Active Directory with PowerShell: TFM
      AD cmdlets quick reference guide
      Adaxes Cmdlets
      Quest Cmdlets
      Idera PowerShell Scripts
      ADMGS for down level servers
    • 18. Learning resources - PowerShell
      Getting started guide
      PowerShell Learning center
      The scripting Guys blog
      PowerScripting Podcast
      PowerShell.com free online eBook
    • 19. Q & A
      Thanks

    ×