automating ad with powershell
DESCRIPTION
TRANSCRIPT
Automating AD Administration in Automating AD Administration in Windows PowerShellWindows PowerShellDon JonesDon JonesSenior Partner & Principal TechnologistConcentrated Technology, LLC
This slide deck was used in one of our many conference presentations. We hope you enjoy it, and invite you to use it
within your own organization however you like.
For more information on our company, including information on private classes and upcoming conference appearances, please
visit our Web site, www.ConcentratedTech.com.
For links to newly-posted decks, follow us on Twitter:@concentrateddon or @concentratdgreg
This work is copyright ©Concentrated Technology, LLC
CAUTION: DEMOS AHEADCAUTION: DEMOS AHEAD
This is a demonstration-intensive session (very few slides)
I will capture a shell transcript and save all of my scripts
You can download these (in a week or so) from ConcentratedTech.com (there’s a “Conference Materials” link in the menu)
3 • Don Jones • ConcentratedTech.com
Two ChoicesTwo Choices
Microsoft’s cmdlets– Introduced in Win2008R2– Usable against 2003+ (w/Gateway add-on)– Runs only on Win7/2008R2– No access to custom/RDS attributes or ADLDS– Extensive pipeline input support
Quest’s cmdlets– Third-party– Usable against 2003+– Runs on XP+– Access to all attributes and ADLDS– Lesser pipeline input support
4 • Don Jones • ConcentratedTech.com
Loading the Add-InsLoading the Add-Ins
Find Add-In Name– Get-Module -list – Get-PSSnapin -reg
Load Add-In– Import-Module name– Add-PSSnapin name
Check new commands– Gcm –module name– Gcm –pssnapin name
Ask for help– Help command-name
5 • Don Jones • ConcentratedTech.com
Pipeline Parameter BindingPipeline Parameter Binding
Use Import-CSV to import a CSV file Column headers become property
names If property names match pipeline-
bound parameter names, you can feed the CSV directly to the next cmdlet
Demo – create new users with 2 commands on a single line!
How to look for pipeline parameter binding in cmdlets’ help
6 • Don Jones • ConcentratedTech.com
You Need This: DN FormatYou Need This: DN Format
Ou=Organizational unit Cn=Canonical Name Dc=Domain
Cn=JohnD,ou=Sales,dc=microsoft,dc=com
Ou=East,Ou=IT,dc=company,dc=pri
7 • Don Jones • ConcentratedTech.com
Filtering CriteriaFiltering Criteria
-eq (Equals) -like (* wildcard permitted) -ne (Not Equal) -gt / -lt (Greater/Less Than) -ge / -le (Greater/Less Than or Equal)
-Filter is mandatory on MS cmdlets; used with major Get- cmdlets. –Filter * returns all.
Filter Left!
8 • Don Jones • ConcentratedTech.com
PropertiesProperties
Subset of properties usually returned by default
Pipe to GM to see all Use parameters to specify additional
desired properties (differs between MS and Quest) – be aware of increased load to do so
9 • Don Jones • ConcentratedTech.com
Common TasksCommon Tasks
Bulk-set an attribute for a bunch of users Get all computers based on password
age Setting an account password Making a new OU Moving a user account to a different OU
Remember: The cmdlet focus is on bulk and repetitive common tasks
Quest cmdlets have greater coverage than MS cmdlets v1
10 • Don Jones • ConcentratedTech.com
Security + DrivesSecurity + Drives
The MS module maps an AD: drive You can map additional drives to
other domains The credentials used to map the drive
will be used by any cmdlets run while you are “in” that drive
Nice way to avoid having to constantly use the –credential parameter with the cmdlets!
But the drive itself can be a bit tricky to use…
11 • Don Jones • ConcentratedTech.com
-PassThru-PassThru
Forces a cmdlet that sets or creates an object to also output that same object to the pipeline
Enables longer command sequences
12 • Don Jones • ConcentratedTech.com
-WhatIf, -Confirm-WhatIf, -Confirm
Implemented by most cmdlets that modify something
(can) Prevent the module from doing whatever it normally does – also prevents it from outputting anything
Typically can only be used with the last cmdlet on the command line (since it prevents output from being created)
13 • Don Jones • ConcentratedTech.com
Common Options (MS cmdlets)Common Options (MS cmdlets)
-SearchBase -SearchScope
14 • Don Jones • ConcentratedTech.com
GPOGPO
Let’s also take a look at the GPO module in Win2008R2
15 • Don Jones • ConcentratedTech.com
Final Notes…Final Notes…
Please be sure to submit a session evaluation form!
Download slides & materials from www.ConcentratedTech.com within one week!
Blog, URLs, and other information is also available at www.ConcentratedTech.com for your reference
More resources on www.ShellHub.com Thank you very much!
16 • Don Jones • ConcentratedTech.com
This slide deck was used in one of our many conference presentations. We hope you enjoy it, and invite you to use it
within your own organization however you like.
For more information on our company, including information on private classes and upcoming conference appearances, please
visit our Web site, www.ConcentratedTech.com.
For links to newly-posted decks, follow us on Twitter:@concentrateddon or @concentratdgreg
This work is copyright ©Concentrated Technology, LLC