Cliffs Notes: administrating Active Directory with PowerShell

1. Install ActiveDirectory modules by running PowerShell as Administrator and executing the commands below:

PS C:\Windows\system32> Import-Module ServerManager
PS C:\Windows\system32> Add-WindowsFeature RSAT-AD-PowerShell

Success Restart Needed Exit Code Feature Result
------- -------------- --------- --------------
True    No             Success   {Active Directory module for Windows Power...

2. Link for newly added Active Directory cmdlets after installation, pretty useful;

3. There are two types of Active Directory groups: distribution and security. The former is for email distribution and the later is what most people had in mind: groups used for security and access management. So if you are not sure, use security group;

4. LDAP search string and DN (Distinguished Name) follow the convention of putting contained item in the front. Scope increases from left to right, in other words. For example, “CN=eastRegion,OU=Benefits,OU=HR,DC=research,DC=hardware,DC=acme,DC=com” can be a security/permission group called eastRegion that belongs to OU (OrganizationUnit) Benefits, which belongs to OU HR, under domain of research.hardware.acme.com. DC stands for Domain Component, by the way.

5. This site has info on filtering of Active Directory. Very useful. Below is an example of getting all security groups. You may need to run Import-Module ActiveDirectory first:
$a = Get-ADGroup -SearchBase “OU=Benefits,OU=HR,DC=research,DC=hardware,DC=acme,DC=com” -filter ‘groupcategory -eq “security”‘

6. Oh, dsa.msc, if you have installed, is a useful GUI tool. Good for verification and quick glances.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.