2,187
edits
Difference between revisions of "Active Directory (PowerShell)"
Jump to navigation
Jump to search
Next draft
m (STILL DRAFT: Minor update) |
(Next draft) |
||
| Line 41: | Line 41: | ||
</source> | </source> | ||
* '''LastLogonDate''' - Be aware that the last logon date field typically has an accuracy/tolerance of 14 days, AD intentionally doesn't update the field at every logon from the user/device object so as to reduce the amount of data replication between domain controllers | * '''LastLogonDate''' - Be aware that the last logon date field typically has an accuracy/tolerance of 14 days, AD intentionally doesn't update the field at every logon from the user/device object so as to reduce the amount of data replication between domain controllers | ||
=== AD Fields === | |||
Field names don't necessarily match up between the PowerShell module, [[Acronyms#L|LDAP]], and what you see in the Users and Computers MMC GUI, see below for an in-exhaustive list... | |||
{|class="vwikitable" | |||
|+Active Directory user field equivalents | |||
|- | |||
! PowerShell !! ldapDisplayName !! Users and Computers !! Comments | |||
|- | |||
| UserPrincipalName || || Account <nowiki>|</nowiki> User logon name | |||
|- | |||
| Name || name || Account <nowiki>|</nowiki> Pre Win2k login name | |||
|- | |||
| GivenName || givenName || General <nowiki>|</nowiki> First name | |||
|- | |||
| Surname || sn || General <nowiki>|</nowiki> Last name | |||
|- | |||
| DisplayName || displayName || General <nowiki>|</nowiki> Display Name | |||
|- | |||
| Description || description || General <nowiki>|</nowiki> Description | |||
|- | |||
| Path || N/A || N/A || X.500 path of OU/container for object | |||
|- | |||
| SamAccountName || sAMAccountName || || Set to same as name if not specified | |||
|- | |||
| AccountPassword || || || If not set, new user account is disabled | |||
|} | |||
== Groups == | |||
=== AD Fields === | |||
{|class="vwikitable" | |||
|+Active Directory group field equivalents | |||
|- | |||
! PowerShell !! ldapDisplayName !! Users and Computers !! Comments | |||
|- | |||
| Name || name || General (name at top) | |||
|- | |||
| SamAccountName || sAMAccountName || General <nowiki>|</nowiki> Group name (per-Windows 2000) || Set to same as name if not specified | |||
|- | |||
| N/A || info || General <nowiki>|</nowiki> Notes | |||
|- | |||
| Description || description || General <nowiki>|</nowiki> Description | |||
|- | |||
| Path || N/A || N/A || X.500 path of OU/container for object | |||
|} | |||
== Computers == | == Computers == | ||
| Line 48: | Line 92: | ||
</source> | </source> | ||
* '''LastLogonDate''' - Be aware that the last logon date field typically has an accuracy/tolerance of 14 days, AD intentionally doesn't update the field at every logon from the user/device object so as to reduce the amount of data replication between domain controllers | * '''LastLogonDate''' - Be aware that the last logon date field typically has an accuracy/tolerance of 14 days, AD intentionally doesn't update the field at every logon from the user/device object so as to reduce the amount of data replication between domain controllers | ||
== Organisation Unit == | |||
=== <code>New-ADOrganizationalUnit</code> examples === | |||
<source lang="powershell"> | |||
$OU = New-ADOrganizationalUnit -Name "DeptX" -Path "DC=domain,DC=com" -PassThru | |||
</source> | |||
== Errors == | == Errors == | ||
| Line 53: | Line 103: | ||
** Check that you have an accessible DC with Web Services available | ** Check that you have an accessible DC with Web Services available | ||
** See http://www.microsoft.com/en-gb/download/details.aspx?id=2852 to install (requires restart!) | ** See http://www.microsoft.com/en-gb/download/details.aspx?id=2852 to install (requires restart!) | ||
== Managing Multiple Domains == | == Managing Multiple Domains == | ||
Unless you've specified otherwise, commands will be handled by the domain identified by ...? | Unless you've specified otherwise, commands will be handled by the domain identified by ...? | ||
Use <code>-Server</code> and <code>-Credentials</code> options, available for all PowerShell AD commands, to specify the DC and credentials required to service the commands. | Use <code>-Server</code> and <code>-Credentials</code> options, available for all PowerShell AD commands, to specify the DC and credentials required to service the commands, for example... | ||
<source lang="powershell"> | |||
$users = Get-ADUser -Filter * -SearchBase "DC=domain,DC=com" -Server "10.10.1.10" -Credential $cred | |||
</source> | |||
For more info on working with credentials or help on creating a credentails object see [[Credentials_(PowerShell)]]. | |||
[[Category:PowerShell]] | [[Category:PowerShell]] | ||
[[category:Active Directory]] | [[category:Active Directory]] | ||