Welcome to MSDN Blogs Sign in | Join | Help

Managing Active Directory with Windows PowerShell

MOW is now posting the details of his Managing Active Directory with Windows PowerShell demo that he performed at my TechEd talk.  This is worthwhile for everyone to review.  For the people at the talk, we covered a huge amount of data in a very short time so it would be worth while to walk through the details.  For everyone else, the point we were making was that while the optimal world is one where every team on the planet has written Cmdlets giving you the best scripting experience, this world will not be delivered in V1.0.  That doesn't mean that you are stuck.  I showed how this was not a problem because Windows PowerShell embraces and extends the existing scripting worlds.  It can do TEXT based scripting, it can do COM based scripting (these along give you the vast bulk of the capabilities of today's scripting worlds but its better because you can leverage our utility and formating cmdlets).  I then made the point that in addition to these, Windows PowerShell also gives you the ability to script against .NET itself giving you access to a very nice, very large, and rapidly growing set of functions.

In V1.0, we don't have Cmdlets for managing Active Directory (AD).  MOW showed how you can leverage Windows PowerShell's ability to script .NET directly to manage AD while still taking advantage of our rich utilities and formating.  Check out Part 1 of the details at:

http://mow001.blogspot.com/2006/06/powershel-and-active-directory-part-1.html

Jeffrey Snover
Windows PowerShell Architect

PSMDTAG:FAQ: How do I manage Active Directory?
PSMDTAG:FAQ: How do I manage AD?
PSMDTAG:PHILOSOPHY: Take advantage of what is available (in this case DOTNET).

Published Saturday, June 24, 2006 5:19 PM by PowerShellTeam
Filed under: ,

Comment Notification

If you would like to receive an email when updates are made to this post, please register here

Subscribe to this post's comments using RSS

Comments

# re: Managing Active Directory with Windows PowerShell

There are already some Powershell scripts submitted to the TechNet Community-Submitted  Script Centre.

see

http://www.microsoft.com/technet/scriptcenter/csc/scripts/ad/sites/index.mspx
Wednesday, June 28, 2006 2:22 PM by RichardS

# re: Managing Active Directory with Windows PowerShell

Part 3 is missing the section on how to set a password for a user.  Does anyone have any idea how this is done?  I tried using SetPassword to no avail.  Please advise.  Example shown below:

$AD = new-object System.DirectoryServices.DirectoryEntry
$u = $AD.get_Children().Find("CN=Users")
$AD = $u.get_Children().add("CN=dietcoke",'User')
$AD.CommitChanges()
$NewUser = $u.get_Children().Find("CN=dietcoke")
$NewUser.InvokeSet("AccountDisabled",$false)
$NewUser.InvokeSet("SetPassword",...)
Wednesday, July 12, 2006 11:37 PM by anthonysva

# re: Managing Active Directory with Windows PowerShell

$NewUser.Invoke("changepassword", "", "testpasswort")

If u just created this new account then the default password is empty, 2nd param!

3rd param is new passwort!
Wednesday, July 26, 2006 5:30 AM by SyncRo

# re: Managing Active Directory with Windows PowerShell

if u do not know the old password then use
$NewUser.Invoke("setpassword", "newpassword")
Wednesday, July 26, 2006 8:15 AM by SyncRo

# re: Managing Active Directory with Windows PowerShell

Thanks for your input!
Wednesday, July 26, 2006 1:05 PM by Anthony

# Managing UNIX LDAP with PowerShell

I want to sync some stuff from a  Unix LDAP to AD, but I can't get the authentication to work with System.DirectoryServices.DirectoryEntry. My UNIX LDAP accepts Anonymous, but apparently in .Net 2 the default ist Secure. Any idea how to change the default to anonymous or to use LDAP user credentials?

Thanks for your help.

Ronnie

Thursday, December 28, 2006 1:01 PM by Ronnie

# re: Managing Active Directory with Windows PowerShell

If my users are in local users and groups, not active directory, how can this be done?  How does one create a user account and set the password in powershell onto local host?

My workstation is on a small LAN without an AD server.

Tuesday, January 23, 2007 10:42 PM by ganderson

# re: Managing Active Directory with Windows PowerShell

Trying the MOW code, but my AD provider doesn't offer any methods for the DirectoryEntry object.  When I do a "get-members", I only see properties, and any call to Get_children fails.

I am running Vista and the freshly downloaded powershell for Vista.  

Any ideas?

Thursday, February 22, 2007 11:31 AM by James

# re: Managing Active Directory with Windows PowerShell

@ James, there were some changes in AD support since then see :

http://mow001.blogspot.com/2006/09/powershell-rc2-and-active-directory.html

Greetings /\/\o\/\/

Tuesday, February 27, 2007 4:45 PM by /\/\o\/\/

# re: Managing Active Directory with Windows PowerShell

I'm wondering if it's possible to generate a list of users in AD who haven't used their account in the last six months excluding anyone who's received a new account in that time.  Currently, we have to manually filter those people out and often miss some.

Thursday, June 21, 2007 11:53 AM by Tim

# re: Managing Active Directory with Windows PowerShell

You should use OLDCMP for finding stale user/computer accounts. (JoeWare.net).  I'm managing 40000+ accounts, and during reviews, we haven't missed any.  You can get cute with VBScript and LDAP filter to find stale accounts that have never been used over x number of days, but it can be done.

Friday, October 26, 2007 12:00 PM by Tony

# re: Managing Active Directory with Windows PowerShell

I have a list of computer objects that need their description modified to another list of items.  How would I write a script to find the computer object and then write its description?

Thanks,

Mike

Friday, June 27, 2008 2:33 PM by Mike

Leave a Comment

(required) 
required 
(required) 
 
Page view tracker