Managing Active Directory with Power Shell JOSEPH MOODY

  • Slides: 15
Download presentation
Managing Active Directory with Power. Shell JOSEPH MOODY

Managing Active Directory with Power. Shell JOSEPH MOODY

Starting Tips for Power. Shell Use Power. Shell ISE. Script pane on top +

Starting Tips for Power. Shell Use Power. Shell ISE. Script pane on top + Console on bottom How to Use Help ◦ Get-Help Get-ADComputer -full ◦ Get-Help Get-ADUser –examples ◦ Select cmdlet – press F 1 Some examples will span multiple lines – when typing them, type them as a single line.

Staying Up to Date Update Power. Shell: Current version is 4, 5 to be

Staying Up to Date Update Power. Shell: Current version is 4, 5 to be released in August. ◦ $PSVersiontable will show your current version. ◦ Install latest Windows Management Framework to update Power. Shell. If you are on at least version 3, you are good for today. Update your Help on 1 st use by running update-help. ◦ Create a monthly update task. ◦ Must be ran as an administrator

Methods of Management Two Modules for Active Directory Management ◦ Default Active Directory Module

Methods of Management Two Modules for Active Directory Management ◦ Default Active Directory Module ◦ Quest AD Module: ◦ 2008 R 2 + domain, cmdlets are verb-ADnoun ◦ import-module Active. Directory Quest Module: ◦ requires 3 rd party software, cmdlets are verb-QADnoun ◦ Add-PSSnapin Quest. Active. Roles. ADManagement

Exploring with Power. Shell Get-Command –Module Active. Directory (Get-Command –Module Active. Directory). Count Or

Exploring with Power. Shell Get-Command –Module Active. Directory (Get-Command –Module Active. Directory). Count Or use the Command Add-On ◦ View – Show Command Add-On ◦ Filter module to Active Directory – filter name for search

Exploring Active Directory Nouns Verbs Add Reset Computer Disable Set Group Enable Unlock Group.

Exploring Active Directory Nouns Verbs Add Reset Computer Disable Set Group Enable Unlock Group. Member Get Move New Remove Rename Organizational. Unit User

Getting Information from AD Get-ADComputer GAMCN 01 ◦ Power. Shell assumes GAMCN 01 is

Getting Information from AD Get-ADComputer GAMCN 01 ◦ Power. Shell assumes GAMCN 01 is the value for –identity Get-ADComputer GAMCN 01 -Properties * ◦ We can now filter off of these properties Get-ADComputer -filter 'Name -like "GAMCN*"' Get-ADComputer -filter 'Enabled -eq "false"' ◦ -eq, -ne, -like, -notlike

Selecting, Sorting, and Exporting Three cmdlets to know: ◦ Select-Object: alias is select ◦

Selecting, Sorting, and Exporting Three cmdlets to know: ◦ Select-Object: alias is select ◦ Sort-object: alias is sort ◦ Export-CSV All use Piping (|) or input from variables. Pipe symbol is shift + backslash. Ex: get-process notepad | stop-process

Selecting Properties Get-ADComputer -filter 'Name -like "GAMCN*"' | select-object Name Get-ADComputer -filter 'Name -like

Selecting Properties Get-ADComputer -filter 'Name -like "GAMCN*"' | select-object Name Get-ADComputer -filter 'Name -like "GAMCN*"' | select name, Operating. System ◦ Why is the Operating. System row blank? Get-ADComputer -filter 'Name -like "GAMCN*"' -Properties Operating. System | select name, Operating. System

Sorting Properties Get-ADComputer -filter 'Name -like "GAMCN*"' -Properties Password. Last. Set | select name,

Sorting Properties Get-ADComputer -filter 'Name -like "GAMCN*"' -Properties Password. Last. Set | select name, Password. Last. Set ◦ What column are we sorted by? Get-ADComputer -filter 'Name -like "GAMCN*"' -Properties Password. Last. Set | select name, Password. Last. Set | Sort-object Password. Last. Set

Exporting Data Get-ADComputer -filter 'Name -like "GAMCN*"' -Properties Password. Last. Set | select name,

Exporting Data Get-ADComputer -filter 'Name -like "GAMCN*"' -Properties Password. Last. Set | select name, Password. Last. Set | Sort-object Password. Last. Set | export-csv. Computers. csv ◦ -append ◦ -notypeinformation Troubleshooting Tip: If a script like the one above doesn’t work, test each part independently.

Creating New Objects Find out what your computer name is – write down your

Creating New Objects Find out what your computer name is – write down your station number (ex: N 01) New-ADComputer requires four parameters: ◦ ◦ Name SAMAccount. Name Path (OU Location) Enabled Status New-ADComputer -Name “Test-N 01" -Sam. Account. Name “Test-N 01" -Path "OU=Power. Shell, OU=Un. Assigned, OU=Domain Sites, DC=GCBE, DC=local" -Enabled $True Variables to Know: $True, $False, $Null

Modifying with Set Objects can be modified by piping results from a get command

Modifying with Set Objects can be modified by piping results from a get command to a set command ◦ Syntax example: Get-ADComputer | Set-ADComputer ◦ Use the command add-on to view the Set parameters Get-ADComputer -Identity Test-N 01 | Set-ADComputer -Location "Brunswick, GA" Now use Get-ADComputer and verify the location is set. Whatif parameter is your friend! Use it when making mass changes to test. Get-ADComputer -Filter 'Name -like "Test-N*"' | Set-ADComputer -Location "Brunswick, GA“ – whatif

Disable and Tag - Lab Use the Get command to Find Your Test Computer.

Disable and Tag - Lab Use the Get command to Find Your Test Computer. Disable Your Test Computer’s AD Account Set the Computer’s Description to the Current Date ◦ Hint: (Get-Date) In a live environment, you would move these disabled computers into a dedicated OU.

Examples Most of these examples use the Quest AD cmdlets. This module can be

Examples Most of these examples use the Quest AD cmdlets. This module can be downloaded or you can substitute the normal AD cmdlets. 1. Cleaning Up Stale AD Accounts 2. Creating New Users 3. Renaming Computers 4. Updating Groups

LOGO 13 Active Directory Active Directory Active DirectoryLOGO 13 Active Directory Active Directory Active Directory
OSP 324 Active Directory Active Directory Active DirectoryOSP 324 Active Directory Active Directory Active Directory
SIM 323 Active Directory Active Directory Active DirectorySIM 323 Active Directory Active Directory Active Directory
n n Active Directory Directory Directory Directory Windowsn n Active Directory Directory Directory Directory Windows
Active Directory Active Directory Directory service for WindowsActive Directory Active Directory Directory service for Windows
Power Shell 3 0 Joseph Moody Deploy HappinessPower Shell 3 0 Joseph Moody Deploy Happiness
Power Shell for Managing Active Directory Ravikanth CPower Shell for Managing Active Directory Ravikanth C
Power Shell for Managing Active Directory Ravikanth CPower Shell for Managing Active Directory Ravikanth C
Welcome u Active Directory Site u Active DirectoryWelcome u Active Directory Site u Active Directory
Usuga Active Directory 8 Usuga Active Directory skupiaUsuga Active Directory 8 Usuga Active Directory skupia
Windows Azure Active Directory Active Directory Domain ServicesWindows Azure Active Directory Active Directory Domain Services
ACTIVE DIRECTORY Active Directory a kaynaklarn verimli birACTIVE DIRECTORY Active Directory a kaynaklarn verimli bir
Active Directory Domain Services ADDS Active Directory DomainActive Directory Domain Services ADDS Active Directory Domain
ACTIVE DIRECTORY Active Directory a kaynaklarn verimli birACTIVE DIRECTORY Active Directory a kaynaklarn verimli bir