SlideShare a Scribd company logo

Automating Active Directory mgmt in PowerShell

Download as PPT, PDF
C
Concentrated Technology

This document provides an overview of automating Active Directory management tasks using Windows PowerShell. It discusses prerequisites like having PowerShell v2 and a domain controller with the Gateway Service. It demonstrates how to import and use the Active Directory module to access AD drives and cmdlets. It also covers best practices, common gotchas, and how to run the cmdlets on older Windows versions using implicit remoting.

Technology
1 of 34
Downloaded 38 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
Automating Active Directory Management in Windows PowerShell Don Jones ConcentratedTech.com Pre-requisites for this presentation: 1) Familiarity with AD administration 2) Basic understanding of how to use Windows PowerShell Level: Intermediate
This slide deck was used in one of our many conference presentations. We hope you enjoy it, and invite you to use it within your own organization however you like. For more information on our company, including information on private classes and upcoming conference appearances, please visit our Web site, www.ConcentratedTech.com . For links to newly-posted decks, follow us on Twitter: @concentrateddon or @concentratdgreg This work is copyright ©Concentrated Technology, LLC
About the Instructor Don Jones Contributing Editor, technetmagazine.com IT author, consultant, and speaker Co-founder of Concentrated Technology Seven-time recipient of Microsoft ’s Most Valuable Professional (MVP) Award Author and Editor-in-Chief for Realtime Publishers Trainer for www.CBTNuggets.com
About this Session Primarily demo – not slides  We ’ll start with some key functional concepts, and move right into the “how-to” Bring your questions – anytime is the time to ask them! Don ’t save ‘em for the end. We ’ll take a quick break halfway through
Start Thinking Since we ’re mostly doing demos, start thinking of AD administrative tasks you’d like to automate I ’ll take your suggestions and construct some demos on the fly
Cool… I ’ll capture everything I type in the shell into a text file, and save all of my scripts There ’s no need for you to copy down anything I do It ’ll all be available for download from my Web site after the show URL is on the last slide, and there are “reminder” cards if you’d like to take one Now let ’s go…
Requirements Windows PowerShell v2 Windows 7 or Windows Server 2008 R2 PowerShell v2 is available back to WinXP You need a Win7 or Win2008R2 machine to run the commands I ’ll be showing – at least one such machine in your environment Compatible Domain Controller Windows Server 2008 R2 Windows Server 2008 (w/Gateway Service) Windows Server 2003 (w/Gateway Service)
Gateway Service The PowerShell AD commands “talk” to a Gateway Service Ships with Win2008R2 Available for Win2008/Win2003 – you do not need a 2008 R2 domain controller http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=008940c6-0296-4597-be3e-1d24c1cf0dda
Managing from Vista/XP? No problem – get PowerShell v2 installed and I ’ll show you how you can use these older versions to run the AD commands This ’ll come at the end PowerShell v2: http://support.microsoft.com/kb/968929 Win2003, Win2008, WinXP, Win2003, Vista Preinstalled w/Win2008R2 and Win7
First: The AD Module This module is installed with AD in Win2008R2, and with the RSAT on Win7 Import-Module ActiveDirectory Adds a PSDrive provider an several dozen new cmdlets Using it a lot? Put the Import-Module command into your PowerShell profile script
Second: The AD: Drive A drive (AD:) is automatically mapped to your logon domain You can map additional drives to other domains Change to the AD: drive and run New-PSDrive to do so You can specify alternate credentials for the drive mapping
What ’s the Drive For? The drive is useful for managing ACLs using Get-ACL and Set-ACL It ’s primary purpose, however, is to “remember” the credentials you used to map the drive in the first place Whenever you are “in” an AD drive, any AD cmdlets you run will automatically use the drive’s credentials Saves you from having to specify a –credential parameter for every command!
Third: The AD Cmdlets Let ’s see the cmdlets added by this module They come with full help, including detailed usage examples RTFM – The help is your friend!!! Let ’s play with a few of these cmdlets to get a feel for how they work Remember, you can always specify –credential, but if you ’re “in” an AD drive, it’ll use those credentials automatically
Pipeline Input Most AD cmdlets accept pipeline input, meaning you don ’t have to specify parameters – you can pipe data in Each parameter can attach to pipeline input “ByValue” or “ByPropertyName” Let ’s look at the differences with a very cool example
ByPropertyName This requires input objects ’ property names to match the parameter names What if they don ’t? Use Select-Object to copy an existing property to a new one having a matching name Let ’s see another tres cool example
Gotchas New-ADUser ’s docs don’t say that –Name is required – it is -samAccountName is not required – but it is. Let ’s see why.
Gotchas By default, most Get-AD* cmdlets only pull over a subset of attributes Use the –property parameter (e.g., -prop *) to pull over more This raises the load on the responding domain controller – use with some caution Let ’s see
Best Practice Always use –filter to minimize what ’s brought back by a Get-AD* cmdlet (that’s why –filter is a required parameter) Don ’t rely on –filter * in a production environment -filter uses standard PowerShell comparison operators Let ’s see
Tip If you don ’t know LDAP naming conventions, this is a good time to learn CN = Canonical Name (user, group, container) OU = organizational unit DC = DNS domain name component Cn=DonJ,ou=Sales,ou=West,dc=company,dc=com Work from the more specific to the least specific (object to top-level domain)
Pipeline Output Many AD cmdlets don ’t normally produce output -passThru forces them to output whatever object they created or whatever object was input This enables powerful command chains – one liners that accomplish the work of a complicated script Let ’s see!
Passwords Cmdlets which accept a password require it as a SecureString Use ConvertTo-SecureString string –force to create a secure string Let ’s see…
Demos, Demos, Demos Let ’s take some of your suggestions for demos We ’ll also make sure we run through at least one quick demo for each major category of cmdlets We ’ve got the time – so you’ll get to see how everything works Remember, this is all going into a transcript and I ’m saving my script files – download URL at the end!
Using an Older OS? Provided you have: A domain controller running the Gateway Service At least one Win7 or Win2008R2 machine You can use the AD commands on XP, Vista, 2003, and 2008 RTM Using a feature called implicit remoting Establish a PSSession remoting connection to the Win7 or Win2008R2 machine “ Import” the AD commands from the remote machine
Implicit Remoting
Step 1 Establish a session to a remote machine that has the cmdlets Tell the remote session to import the AD module
Step 2 Export the AD commands to an Implicit Remoting Module – this is a module that lives on your local disk PowerShell will create this in your Documents folder under WindowsPowerShell/Modules
Step 3 To use the remote commands, make sure the remote machine is running Import the module that ’s on your local computer Notice that you specify a prefix for the remote commands New-ADUser is now New-RemADUser Helps distinguish remote commands
Help? You can ’t get help on remote commands until the remote session is running Get the remote session running by trying to run a remote command Break out of the command if you don ’t really want to run it
Running Commands What ’s on your local computer is a “pointer” to the real cmdlet running on the remote machine The cmdlet execution takes place remotely; you see the results on your computer Great way to run commands that don ’t, or can’t, exist on your local machine – but which do exist on another machine on the network Great reason to get one Win2008R2 DC in the environment
Finished? The remote session will close as soon as your local PowerShell session closes This all requires that PowerShell remoting be set up in advance – that ’s a whole separate session!
Q&A Last chance for Q&A Also a last chance for some additional demos
Thank You! Please feel free to pick up a card if you ’d like copies of my session materials I ’ll be happy to take any last questions while I pack up Please complete and submit an evaluation form for this and every session you attend!
 
This slide deck was used in one of our many conference presentations. We hope you enjoy it, and invite you to use it within your own organization however you like. For more information on our company, including information on private classes and upcoming conference appearances, please visit our Web site, www.ConcentratedTech.com . For links to newly-posted decks, follow us on Twitter: @concentrateddon or @concentratdgreg This work is copyright ©Concentrated Technology, LLC

More Related Content

PPT
PowerShell Remoting
Concentrated Technology
 
PPT
PS scripting and modularization
Concentrated Technology
 
PPT
Server Core2
Concentrated Technology
 
PPT
From VB Script to PowerShell
Concentrated Technology
 
PPTX
PowerShell crashcourse for Sharepoint admins
Concentrated Technology
 
PPTX
PowerShell crashcourse for sharepoint
Concentrated Technology
 
PPT
PS error handling and debugging
Concentrated Technology
 
PPT
PowerShell 8tips
Concentrated Technology
 
PowerShell Remoting
Concentrated Technology
 
PS scripting and modularization
Concentrated Technology
 
Server Core2
Concentrated Technology
 
From VB Script to PowerShell
Concentrated Technology
 
PowerShell crashcourse for Sharepoint admins
Concentrated Technology
 
PowerShell crashcourse for sharepoint
Concentrated Technology
 
PS error handling and debugging
Concentrated Technology
 
PowerShell 8tips
Concentrated Technology
 

What's hot (20)

PPTX
Virtualization auditing & security deck v1.0
Concentrated Technology
 
PPTX
Vdi in-a-box
Concentrated Technology
 
PPT
Wsus sample scripts
Concentrated Technology
 
PPT
No-script PowerShell v2
Concentrated Technology
 
PPTX
PowerShell custom properties
Concentrated Technology
 
PPT
Virtualization today
Concentrated Technology
 
DOCX
lab manual (pata ni)
shubham509
 
PDF
Implementing CI CD UiPath Using Jenkins Plugin
Satish Prasad
 
PPTX
Deploying w7
Concentrated Technology
 
PDF
IBM Connect 2014 BP204: It's Not Infernal: Dante's Nine Circles of XPages Heaven
Paul Withers
 
PPTX
PowerShell-2
Saravanan G
 
PDF
Rock-solid Magento Development and Deployment Workflows
AOE
 
PDF
Akmal Khaleeq Waheed - Challenge 3
tovmug
 
PPTX
Kautilya: Teensy beyond shell
Nikhil Mittal
 
PDF
Jenkins review buddy
Aske Olsson
 
PPTX
PowerShell 2.0 remoting
Ravikanth Chaganti
 
PDF
Remote Control WordPress
Edmund Turbin
 
PPTX
RACE - Minimal Rights and ACE for Active Directory Dominance
Nikhil Mittal
 
PPTX
Automating Post Exploitation with PowerShell
EnclaveSecurity
 
PDF
Cloud computing - an architect's perspective
HARMAN Services
 
Virtualization auditing & security deck v1.0
Concentrated Technology
 
Vdi in-a-box
Concentrated Technology
 
Wsus sample scripts
Concentrated Technology
 
No-script PowerShell v2
Concentrated Technology
 
PowerShell custom properties
Concentrated Technology
 
Virtualization today
Concentrated Technology
 
lab manual (pata ni)
shubham509
 
Implementing CI CD UiPath Using Jenkins Plugin
Satish Prasad
 
Deploying w7
Concentrated Technology
 
IBM Connect 2014 BP204: It's Not Infernal: Dante's Nine Circles of XPages Heaven
Paul Withers
 
PowerShell-2
Saravanan G
 
Rock-solid Magento Development and Deployment Workflows
AOE
 
Akmal Khaleeq Waheed - Challenge 3
tovmug
 
Kautilya: Teensy beyond shell
Nikhil Mittal
 
Jenkins review buddy
Aske Olsson
 
PowerShell 2.0 remoting
Ravikanth Chaganti
 
Remote Control WordPress
Edmund Turbin
 
RACE - Minimal Rights and ACE for Active Directory Dominance
Nikhil Mittal
 
Automating Post Exploitation with PowerShell
EnclaveSecurity
 
Cloud computing - an architect's perspective
HARMAN Services
 
Ad

Viewers also liked (17)

PPTX
Ive got a powershell secret
Chris Conte
 
PPTX
Combining output from multiple sources
Concentrated Technology
 
KEY
PowerShell and the Future of Windows Automation
Concentrated Technology
 
PPTX
Managing enterprise with PowerShell remoting
Concentrated Technology
 
PPTX
Introduction to powershell
Salaudeen Rajack
 
PPTX
Best free tools for win database admin
Concentrated Technology
 
PPTX
PowerShell crash course
Concentrated Technology
 
PPTX
Best free tools for w d a
Concentrated Technology
 
PPT
Ha & drs gotcha's
Concentrated Technology
 
PPT
Managing SQLserver
Concentrated Technology
 
PDF
Advanced Tools & Scripting with PowerShell 3.0 Jump Start - Certificate
Don Reese
 
PPT
PowerShell v4 Desired State Configuration
Jason Stangroome
 
PPT
Automating ad with powershell
Concentrated Technology
 
PPT
Free tools for win server administration
Concentrated Technology
 
PPT
Ad disasters & how to prevent them
Concentrated Technology
 
PPT
PowerShell Functions
mikepfeiffer
 
PPTX
Basic PowerShell Toolmaking - Spiceworld 2016 session
Rob Dunn
 
Ive got a powershell secret
Chris Conte
 
Combining output from multiple sources
Concentrated Technology
 
PowerShell and the Future of Windows Automation
Concentrated Technology
 
Managing enterprise with PowerShell remoting
Concentrated Technology
 
Introduction to powershell
Salaudeen Rajack
 
Best free tools for win database admin
Concentrated Technology
 
PowerShell crash course
Concentrated Technology
 
Best free tools for w d a
Concentrated Technology
 
Ha & drs gotcha's
Concentrated Technology
 
Managing SQLserver
Concentrated Technology
 
Advanced Tools & Scripting with PowerShell 3.0 Jump Start - Certificate
Don Reese
 
PowerShell v4 Desired State Configuration
Jason Stangroome
 
Automating ad with powershell
Concentrated Technology
 
Free tools for win server administration
Concentrated Technology
 
Ad disasters & how to prevent them
Concentrated Technology
 
PowerShell Functions
mikepfeiffer
 
Basic PowerShell Toolmaking - Spiceworld 2016 session
Rob Dunn
 
Ad

Similar to Automating Active Directory mgmt in PowerShell (20)

PPTX
Automating AD Domain Services Administration
Napoleon NV
 
PPTX
Microsoft Offical Course 20410C_04
gameaxt
 
PDF
I Have the Power(View)
Will Schroeder
 
PPTX
Mark Minasi What’S New In Active Directory For Windows 7 Server 2008 R2
Nathan Winters
 
PDF
How To Connect To Active Directory PowerShell
VCP Muthukrishna
 
PDF
AD Cmdlets
Brian McCann
 
PPTX
PowerShell - Be A Cool Blue Kid
Matthew Johnson
 
PPTX
Installation and Adminstration of AD_MVP Padman
Quek Lilian
 
PPTX
Inventory your network and clients with PowerShell
Concentrated Technology
 
PPSX
Sunil phani's take on windows powershell
Sunil Phani
 
PDF
Power on, Powershell
Roo7break
 
PDF
Who Should Use Powershell? You Should Use Powershell!
Ben Finke
 
PPT
PowerShell crashcourse
Concentrated Technology
 
PPTX
Power Shell for System Admins - By Kaustubh
Kaustubh Kumar
 
PPTX
PowerShell for Cyber Warriors - Bsides Knoxville 2016
Russel Van Tuyl
 
PPTX
Using PowerShell for active directory management
Ravikanth Chaganti
 
PPTX
PowerShell-1
Saravanan G
 
PPTX
Microsoft Exchange Server 2019 Messagerie Electronique
amouwawa
 
PPTX
An Introduction to PowerShell for Security Assessments
EnclaveSecurity
 
PDF
Windows PowerShell Step by Step 3rd Edition Wilson
phelpskwasia36
 
Automating AD Domain Services Administration
Napoleon NV
 
Microsoft Offical Course 20410C_04
gameaxt
 
I Have the Power(View)
Will Schroeder
 
Mark Minasi What’S New In Active Directory For Windows 7 Server 2008 R2
Nathan Winters
 
How To Connect To Active Directory PowerShell
VCP Muthukrishna
 
AD Cmdlets
Brian McCann
 
PowerShell - Be A Cool Blue Kid
Matthew Johnson
 
Installation and Adminstration of AD_MVP Padman
Quek Lilian
 
Inventory your network and clients with PowerShell
Concentrated Technology
 
Sunil phani's take on windows powershell
Sunil Phani
 
Power on, Powershell
Roo7break
 
Who Should Use Powershell? You Should Use Powershell!
Ben Finke
 
PowerShell crashcourse
Concentrated Technology
 
Power Shell for System Admins - By Kaustubh
Kaustubh Kumar
 
PowerShell for Cyber Warriors - Bsides Knoxville 2016
Russel Van Tuyl
 
Using PowerShell for active directory management
Ravikanth Chaganti
 
PowerShell-1
Saravanan G
 
Microsoft Exchange Server 2019 Messagerie Electronique
amouwawa
 
An Introduction to PowerShell for Security Assessments
EnclaveSecurity
 
Windows PowerShell Step by Step 3rd Edition Wilson
phelpskwasia36
 

More from Concentrated Technology (11)

PPTX
Wsus best practices
Concentrated Technology
 
PPT
Top ESXi command line v2.0
Concentrated Technology
 
PPT
Supporting SQLserver
Concentrated Technology
 
PPT
Securely connecting to apps over the internet using rds
Concentrated Technology
 
PPT
Rapidly deploying software
Concentrated Technology
 
PPT
Prepping software for w7 deployment
Concentrated Technology
 
PPTX
PowerShell and WMI
Concentrated Technology
 
PPTX
Managing SQLserver for the reluctant DBA
Concentrated Technology
 
PPTX
Implementing dr w. hyper v clustering
Concentrated Technology
 
PPT
Iis implementation
Concentrated Technology
 
PPT
Hyper v r2 deep dive
Concentrated Technology
 
Wsus best practices
Concentrated Technology
 
Top ESXi command line v2.0
Concentrated Technology
 
Supporting SQLserver
Concentrated Technology
 
Securely connecting to apps over the internet using rds
Concentrated Technology
 
Rapidly deploying software
Concentrated Technology
 
Prepping software for w7 deployment
Concentrated Technology
 
PowerShell and WMI
Concentrated Technology
 
Managing SQLserver for the reluctant DBA
Concentrated Technology
 
Implementing dr w. hyper v clustering
Concentrated Technology
 
Iis implementation
Concentrated Technology
 
Hyper v r2 deep dive
Concentrated Technology
 

Recently uploaded (20)

DOCX
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
PDF
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
PDF
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
PDF
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
PDF
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PDF
KodekX | Application Modernization Development
KodekX
 
PDF
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PPTX
sap open course for s4hana steps from ECC to s4
sreeni2106invites
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PPTX
Spectroscopy.pptx food analysis technology
nawahassan45
 
PDF
Encapsulation theory and applications.pdf
gurumoop
 
PDF
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
PDF
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
KodekX | Application Modernization Development
KodekX
 
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
sap open course for s4hana steps from ECC to s4
sreeni2106invites
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
Spectroscopy.pptx food analysis technology
nawahassan45
 
Encapsulation theory and applications.pdf
gurumoop
 
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 

Automating Active Directory mgmt in PowerShell

  • 1. Automating Active Directory Management in Windows PowerShell Don Jones ConcentratedTech.com Pre-requisites for this presentation: 1) Familiarity with AD administration 2) Basic understanding of how to use Windows PowerShell Level: Intermediate
  • 2. This slide deck was used in one of our many conference presentations. We hope you enjoy it, and invite you to use it within your own organization however you like. For more information on our company, including information on private classes and upcoming conference appearances, please visit our Web site, www.ConcentratedTech.com . For links to newly-posted decks, follow us on Twitter: @concentrateddon or @concentratdgreg This work is copyright ©Concentrated Technology, LLC
  • 3. About the Instructor Don Jones Contributing Editor, technetmagazine.com IT author, consultant, and speaker Co-founder of Concentrated Technology Seven-time recipient of Microsoft ’s Most Valuable Professional (MVP) Award Author and Editor-in-Chief for Realtime Publishers Trainer for www.CBTNuggets.com
  • 4. About this Session Primarily demo – not slides  We ’ll start with some key functional concepts, and move right into the “how-to” Bring your questions – anytime is the time to ask them! Don ’t save ‘em for the end. We ’ll take a quick break halfway through
  • 5. Start Thinking Since we ’re mostly doing demos, start thinking of AD administrative tasks you’d like to automate I ’ll take your suggestions and construct some demos on the fly
  • 6. Cool… I ’ll capture everything I type in the shell into a text file, and save all of my scripts There ’s no need for you to copy down anything I do It ’ll all be available for download from my Web site after the show URL is on the last slide, and there are “reminder” cards if you’d like to take one Now let ’s go…
  • 7. Requirements Windows PowerShell v2 Windows 7 or Windows Server 2008 R2 PowerShell v2 is available back to WinXP You need a Win7 or Win2008R2 machine to run the commands I ’ll be showing – at least one such machine in your environment Compatible Domain Controller Windows Server 2008 R2 Windows Server 2008 (w/Gateway Service) Windows Server 2003 (w/Gateway Service)
  • 8. Gateway Service The PowerShell AD commands “talk” to a Gateway Service Ships with Win2008R2 Available for Win2008/Win2003 – you do not need a 2008 R2 domain controller http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=008940c6-0296-4597-be3e-1d24c1cf0dda
  • 9. Managing from Vista/XP? No problem – get PowerShell v2 installed and I ’ll show you how you can use these older versions to run the AD commands This ’ll come at the end PowerShell v2: http://support.microsoft.com/kb/968929 Win2003, Win2008, WinXP, Win2003, Vista Preinstalled w/Win2008R2 and Win7
  • 10. First: The AD Module This module is installed with AD in Win2008R2, and with the RSAT on Win7 Import-Module ActiveDirectory Adds a PSDrive provider an several dozen new cmdlets Using it a lot? Put the Import-Module command into your PowerShell profile script
  • 11. Second: The AD: Drive A drive (AD:) is automatically mapped to your logon domain You can map additional drives to other domains Change to the AD: drive and run New-PSDrive to do so You can specify alternate credentials for the drive mapping
  • 12. What ’s the Drive For? The drive is useful for managing ACLs using Get-ACL and Set-ACL It ’s primary purpose, however, is to “remember” the credentials you used to map the drive in the first place Whenever you are “in” an AD drive, any AD cmdlets you run will automatically use the drive’s credentials Saves you from having to specify a –credential parameter for every command!
  • 13. Third: The AD Cmdlets Let ’s see the cmdlets added by this module They come with full help, including detailed usage examples RTFM – The help is your friend!!! Let ’s play with a few of these cmdlets to get a feel for how they work Remember, you can always specify –credential, but if you ’re “in” an AD drive, it’ll use those credentials automatically
  • 14. Pipeline Input Most AD cmdlets accept pipeline input, meaning you don ’t have to specify parameters – you can pipe data in Each parameter can attach to pipeline input “ByValue” or “ByPropertyName” Let ’s look at the differences with a very cool example
  • 15. ByPropertyName This requires input objects ’ property names to match the parameter names What if they don ’t? Use Select-Object to copy an existing property to a new one having a matching name Let ’s see another tres cool example
  • 16. Gotchas New-ADUser ’s docs don’t say that –Name is required – it is -samAccountName is not required – but it is. Let ’s see why.
  • 17. Gotchas By default, most Get-AD* cmdlets only pull over a subset of attributes Use the –property parameter (e.g., -prop *) to pull over more This raises the load on the responding domain controller – use with some caution Let ’s see
  • 18. Best Practice Always use –filter to minimize what ’s brought back by a Get-AD* cmdlet (that’s why –filter is a required parameter) Don ’t rely on –filter * in a production environment -filter uses standard PowerShell comparison operators Let ’s see
  • 19. Tip If you don ’t know LDAP naming conventions, this is a good time to learn CN = Canonical Name (user, group, container) OU = organizational unit DC = DNS domain name component Cn=DonJ,ou=Sales,ou=West,dc=company,dc=com Work from the more specific to the least specific (object to top-level domain)
  • 20. Pipeline Output Many AD cmdlets don ’t normally produce output -passThru forces them to output whatever object they created or whatever object was input This enables powerful command chains – one liners that accomplish the work of a complicated script Let ’s see!
  • 21. Passwords Cmdlets which accept a password require it as a SecureString Use ConvertTo-SecureString string –force to create a secure string Let ’s see…
  • 22. Demos, Demos, Demos Let ’s take some of your suggestions for demos We ’ll also make sure we run through at least one quick demo for each major category of cmdlets We ’ve got the time – so you’ll get to see how everything works Remember, this is all going into a transcript and I ’m saving my script files – download URL at the end!
  • 23. Using an Older OS? Provided you have: A domain controller running the Gateway Service At least one Win7 or Win2008R2 machine You can use the AD commands on XP, Vista, 2003, and 2008 RTM Using a feature called implicit remoting Establish a PSSession remoting connection to the Win7 or Win2008R2 machine “ Import” the AD commands from the remote machine
  • 25. Step 1 Establish a session to a remote machine that has the cmdlets Tell the remote session to import the AD module
  • 26. Step 2 Export the AD commands to an Implicit Remoting Module – this is a module that lives on your local disk PowerShell will create this in your Documents folder under WindowsPowerShell/Modules
  • 27. Step 3 To use the remote commands, make sure the remote machine is running Import the module that ’s on your local computer Notice that you specify a prefix for the remote commands New-ADUser is now New-RemADUser Helps distinguish remote commands
  • 28. Help? You can ’t get help on remote commands until the remote session is running Get the remote session running by trying to run a remote command Break out of the command if you don ’t really want to run it
  • 29. Running Commands What ’s on your local computer is a “pointer” to the real cmdlet running on the remote machine The cmdlet execution takes place remotely; you see the results on your computer Great way to run commands that don ’t, or can’t, exist on your local machine – but which do exist on another machine on the network Great reason to get one Win2008R2 DC in the environment
  • 30. Finished? The remote session will close as soon as your local PowerShell session closes This all requires that PowerShell remoting be set up in advance – that ’s a whole separate session!
  • 31. Q&A Last chance for Q&A Also a last chance for some additional demos
  • 32. Thank You! Please feel free to pick up a card if you ’d like copies of my session materials I ’ll be happy to take any last questions while I pack up Please complete and submit an evaluation form for this and every session you attend!
  • 33.  
  • 34. This slide deck was used in one of our many conference presentations. We hope you enjoy it, and invite you to use it within your own organization however you like. For more information on our company, including information on private classes and upcoming conference appearances, please visit our Web site, www.ConcentratedTech.com . For links to newly-posted decks, follow us on Twitter: @concentrateddon or @concentratdgreg This work is copyright ©Concentrated Technology, LLC

Editor's Notes

  • #2: MGB 2003 © 2003 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.
  • #33: MGB 2003 © 2003 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.