The introduction of PowerShell was a major improvement for all administrators who are not afraid of the CLI. However, it also has some drawbacks. For instance, it is not included in the OS and it lacks many features. Microsoft wanted to correct those shortcomings. PowerShell Version 2 is now a part of Windows 7 and Windows Server 2008 RC2 and offers many new Cmdlets. One area that was improved is the management of the Active Directory (AD).

If you want to use these new features, you have to add the Cmdlets first. PowerShell v2 is now modularized. This only works under Windows Server, because you need to install the role “Active Directory Services” and the feature “Remote Server Administration Tools.” You can use the Server Manager for the installation, or if you prefer typing the following commands, you will have the same results:

import-module servermanager
Add-WindowsFeature -Name “RSAT-AD-PowerShell” -IncludeAllSubFeature
import-module ActiveDirectory

Now you have all the tools and are ready to check them out. One novation is that the AD gets mounted like a drive. The command to change to the drive and display its content is the same as with other drives:

cd AD:

Your window should look like this now:


If the AD was not mounted, make sure the relevant port (TCP 9389) is not blocked by a firewall. Besides that, the target AD Server must have installed the role “Active Directory Web Services.” If the requirements are met, you can add the drive with the following command:

New-PSDrive -PSProvider ActiveDirectory -Name AD -Root “” -Server “server.domain.tld” -get-credential

Active-Directory-PowerShell-CMDlets Here is a screenshot with an overview of all available Cmdlets:

The list was created with the following Cmdlet:

(Get-Module ActiveDirectory).ExportedCommands | format-table -Autosize

The help text for, e.g., the Get-ADForest Cmdlet, is displayed with this command:

get-help Get-ADForest

Now you can create and alter objects. I'll just give you a few examples of adding a user, a group and a user to a group. The final example deletes the created user:

New-ADUser -Name “User” -SamAccountName “Username” -GivenName “Miller” -Surname “John” -DisplayName “John Miller” -Path 'ou=Office,DC=domain,DC=tld'

New-ADGroup -Name “GroupToJoin” -SamAccountName groupToJoin -GroupCategory security   -GroupScope Global -DisplayName “GroupToJoin” -Path 'ou=Office,DC=domain,DC=tld' -Description “John wants to join this group”

Add-ADGroupMember “GroupToJoin” “Username”

Remove ADUser -Identity “Username”

The Cmdlets used for managing the Active Directory were not the only feature that got a nice boost with PowerShell v2. The management of HyperV and Exchange via PowerShell was also greatly improved. If you are interested in these topics, let me know and I'll write about them.


Leave a reply

Your email address will not be published.


© 4sysops 2006 - 2022


Please ask IT administration questions in the forums. Any other messages are welcome.


Log in with your credentials


Forgot your details?

Create Account