The introduction of PowerShell was a major improvement for all administrators who are not afraid of the CLI. However, it also has some drawbacks. For instance, it is not included in the OS and it lacks many features. Microsoft wanted to correct those shortcomings. PowerShell Version 2 is now a part of Windows 7 and Windows Server 2008 RC2 and offers many new Cmdlets. One area that was improved is the management of the Active Directory (AD).
- Set up a SharePoint 2010 development environment - Mon, Sep 3 2012
- MBAM 2.0 – BitLocker Administration and Monitoring changes in Windows 8 - Thu, Jul 26 2012
- BitLocker in Windows 8 - Thu, Jul 19 2012
If you want to use these new features, you have to add the Cmdlets first. PowerShell v2 is now modularized. This only works under Windows Server, because you need to install the role “Active Directory Services” and the feature “Remote Server Administration Tools.” You can use the Server Manager for the installation, or if you prefer typing the following commands, you will have the same results:
Add-WindowsFeature -Name “RSAT-AD-PowerShell” -IncludeAllSubFeature
Now you have all the tools and are ready to check them out. One novation is that the AD gets mounted like a drive. The command to change to the drive and display its content is the same as with other drives:
Your window should look like this now:
If the AD was not mounted, make sure the relevant port (TCP 9389) is not blocked by a firewall. Besides that, the target AD Server must have installed the role “Active Directory Web Services.” If the requirements are met, you can add the drive with the following command:
New-PSDrive -PSProvider ActiveDirectory -Name AD -Root “” -Server “server.domain.tld” -get-credential
The list was created with the following Cmdlet:
(Get-Module ActiveDirectory).ExportedCommands | format-table -Autosize
The help text for, e.g., the Get-ADForest Cmdlet, is displayed with this command:
Now you can create and alter objects. I'll just give you a few examples of adding a user, a group and a user to a group. The final example deletes the created user:
New-ADUser -Name “User” -SamAccountName “Username” -GivenName “Miller” -Surname “John” -DisplayName “John Miller” -Path 'ou=Office,DC=domain,DC=tld'
New-ADGroup -Name “GroupToJoin” -SamAccountName groupToJoin -GroupCategory security -GroupScope Global -DisplayName “GroupToJoin” -Path 'ou=Office,DC=domain,DC=tld' -Description “John wants to join this group”
Add-ADGroupMember “GroupToJoin” “Username”
Remove ADUser -Identity “Username”
The Cmdlets used for managing the Active Directory were not the only feature that got a nice boost with PowerShell v2. The management of HyperV and Exchange via PowerShell was also greatly improved. If you are interested in these topics, let me know and I'll write about them.