automating ad with powershell

Automating AD Administration in Automating AD Administration in Windows PowerShellWindows PowerShellDon JonesDon JonesSenior Partner & Principal TechnologistConcentrated Technology, LLC

This slide deck was used in one of our many conference presentations. We hope you enjoy it, and invite you to use it

within your own organization however you like.

For more information on our company, including information on private classes and upcoming conference appearances, please

visit our Web site, www.ConcentratedTech.com.

For links to newly-posted decks, follow us on Twitter:@concentrateddon or @concentratdgreg

This work is copyright ©Concentrated Technology, LLC

http://www.ConcentratedTech.com/

CAUTION: DEMOS AHEADCAUTION: DEMOS AHEAD

This is a demonstration-intensive session (very few slides)

I will capture a shell transcript and save all of my scripts

You can download these (in a week or so) from ConcentratedTech.com (there’s a “Conference Materials” link in the menu)

3 • Don Jones • ConcentratedTech.com

Two ChoicesTwo Choices

Microsoft’s cmdlets– Introduced in Win2008R2– Usable against 2003+ (w/Gateway add-on)– Runs only on Win7/2008R2– No access to custom/RDS attributes or ADLDS– Extensive pipeline input support

Quest’s cmdlets– Third-party– Usable against 2003+– Runs on XP+– Access to all attributes and ADLDS– Lesser pipeline input support


Loading the Add-InsLoading the Add-Ins

Find Add-In Name– Get-Module -list – Get-PSSnapin -reg

Load Add-In– Import-Module name– Add-PSSnapin name

Check new commands– Gcm –module name– Gcm –pssnapin name

Ask for help– Help command-name


Pipeline Parameter BindingPipeline Parameter Binding

Use Import-CSV to import a CSV file Column headers become property

names If property names match pipeline-

bound parameter names, you can feed the CSV directly to the next cmdlet

Demo – create new users with 2 commands on a single line!

How to look for pipeline parameter binding in cmdlets’ help


You Need This: DN FormatYou Need This: DN Format

Ou=Organizational unit Cn=Canonical Name Dc=Domain

Cn=JohnD,ou=Sales,dc=microsoft,dc=com

Ou=East,Ou=IT,dc=company,dc=pri


Filtering CriteriaFiltering Criteria

-eq (Equals) -like (* wildcard permitted) -ne (Not Equal) -gt / -lt (Greater/Less Than) -ge / -le (Greater/Less Than or Equal)

-Filter is mandatory on MS cmdlets; used with major Get- cmdlets. –Filter * returns all.

Filter Left!


PropertiesProperties

Subset of properties usually returned by default

Pipe to GM to see all Use parameters to specify additional

desired properties (differs between MS and Quest) – be aware of increased load to do so


Common TasksCommon Tasks

Bulk-set an attribute for a bunch of users Get all computers based on password

age Setting an account password Making a new OU Moving a user account to a different OU

Remember: The cmdlet focus is on bulk and repetitive common tasks

Quest cmdlets have greater coverage than MS cmdlets v1


Security + DrivesSecurity + Drives

The MS module maps an AD: drive You can map additional drives to

other domains The credentials used to map the drive

will be used by any cmdlets run while you are “in” that drive

Nice way to avoid having to constantly use the –credential parameter with the cmdlets!

But the drive itself can be a bit tricky to use…


-PassThru-PassThru

Forces a cmdlet that sets or creates an object to also output that same object to the pipeline

Enables longer command sequences


-WhatIf, -Confirm-WhatIf, -Confirm

Implemented by most cmdlets that modify something

(can) Prevent the module from doing whatever it normally does – also prevents it from outputting anything

Typically can only be used with the last cmdlet on the command line (since it prevents output from being created)


Common Options (MS cmdlets)Common Options (MS cmdlets)

-SearchBase -SearchScope


GPOGPO

Let’s also take a look at the GPO module in Win2008R2


Final Notes…Final Notes…

Please be sure to submit a session evaluation form!

Download slides & materials from www.ConcentratedTech.com within one week!

Blog, URLs, and other information is also available at www.ConcentratedTech.com for your reference

More resources on www.ShellHub.com Thank you very much!




http://www.ShellHub.com/

This slide deck was used in one of our many conference presentations. We hope you enjoy it, and invite you to use it

within your own organization however you like.

For more information on our company, including information on private classes and upcoming conference appearances, please

visit our Web site, www.ConcentratedTech.com.

For links to newly-posted decks, follow us on Twitter:@concentrateddon or @concentratdgreg

This work is copyright ©Concentrated Technology, LLC


automating ad with powershell

Technology

win2008r2 don jones

searchscope don jones

menu don jones

pri don jones

ms cmdlets v1 don jones

new ou

choices microsoft s

ms module