Active Directory (PowerShell)
Getting Started
You need to have RSAT (Remote Server Administration Tools) installed For Windows 7 see - http://www.microsoft.com/en-gb/download/details.aspx?id=7887. This enables your local machine to remotely manage Windows Servers and Services via the usual MMC GUI's (eg AD Users and Computers) and (most importantly) includes PowerShell modules in order to be able to do so as well.
Be aware that PowerShell DFS management is currently poor, its only possible from Windows 8 and 2012 machines, and even then its very limited.
Once installed go to Control Panel | Programs | Turn Windows features on or off and enable the PowerShell module, full path as follows...
- Remote Server Administration Tools | Role Administration Tools | Active Directory Module for Windows PowerShell
In order to be able access the PowerShell Active Directory CmdLets, import the AD module into your PowerShell session...
Import-Module ActiveDirectory
Group Policy
The PowerShell GPO module is installed with
- Windows XP - Group Policy Management Console (GPMC) - http://www.microsoft.com/en-gb/download/details.aspx?id=21895
- Windows 7 - Remote Server Administration Tools (RSAT) - http://www.microsoft.com/en-gb/download/details.aspx?id=7887
- You may need to specifically enable Group Policy Mgmt Tools, full path as follows...
- Remote Server Administration Tools | Feature Administration Tools | Group Policy Management Tools
- You may need to specifically enable Group Policy Mgmt Tools, full path as follows...
In order to be able access the PowerShell GPO CmdLets, import the GPO module into your PowerShell session...
Import-Module GroupPolicy
Users
Get-ADUser examples
$users = Get-ADUser -Filter * -SearchBase "DC=domain,DC=com" # Get all users in domain.com
$user = Get-ADUser -Filter {SamAccountName -eq "username"} # Get user by logon/SAM account name
$user = Get-ADUser -Filter {SamAccountName -eq "username"} -Properties * # Get all properties for user
$user = Get-ADUser -Filter {{Surname -eq "last" -and GivenName -eq "first"}} # Get user by first and last names
$users = Get-ADUser -Filter * -SearchBase "OU=London,OU=Users,DC=EU,DC=domain,DC=com" # Get users in London OU
To create a CSV export of fields from AD...
$users = Get-ADUser -Filter * -SearchBase "DC=DOMAIN,DC=COM" -Properties Enabled, CanonicalName, Country, Created, LastLogonDate, mail
$users | Select-Object Name, Enabled, CanonicalName, Country, Created, LastLogonDate, mail | export-csv -Path users.csv
Errors
- Unable to find a default server with Active Directory Web Services running
- Check that you have an accessible DC with Web Services available
- See http://www.microsoft.com/en-gb/download/details.aspx?id=2852 to install (requires restart!)
Command Examples
Managing Multiple Domains
Unless you've specified otherwise, commands will be handled by the domain identified by ...?
Use -Server and -Credentials options, available for all PowerShell AD commands, to specify the DC and credentials required to service the commands.