Active Directory Administration with Windows PowerShell

Active Directory Administration with Windows PowerShell

Windows PowerShell™ is a command-line shell and scripting language that can help information technology (IT) professionals control system administration more easily and achieve greater productivity.
The Active Directory module for Windows PowerShell in Windows Server® 2008 R2 is a Windows PowerShell module (named ActiveDirectory) that consolidates a group of cmdlets. You can use these cmdlets to manage your Active Directory® domains, Active Directory Lightweight Directory Services (AD LDS) configuration sets, and Active Directory Database Mounting Tool instances in a single, self-contained package.
In Windows Server 2000, Windows Server 2003, and Windows Server 2008, administrators used a variety of command-line tools and Microsoft Management Console (MMC) snap-ins to connect to their Active Directory domains and AD LDS configuration sets to monitor and manage them. The Active Directory module in Windows Server 2008 R2 now provides a centralized experience for administering your directory service.

Installation

You can install the Active Directory module by using any of the following methods:

• By default, on a Windows Server 2008 R2 server when you install the AD DS or AD LDS server roles
  
• By default, when you make a Windows Server 2008 R2 server a domain controller by running Dcpromo.exe
  
• As part of the Remote Server Administration Tools (RSAT) feature on a Windows Server 2008 R2 server
  
• As part of the RSAT feature on a Windows 7 computer
  
  

  Important
  If you want to use the Active Directory module in Windows 7 to remotely manage an Active Directory domain, an AD LDS instance or configuration set, or an Active Directory Database Mounting Tool instance, you must have at least one Windows Server 2008 R2 domain controller in your domain or at least one instance in an AD LDS configuration set that is running on a Windows Server 2008 R2 server.

• The Active Directory module is installed with the following features by default:
  
  
  • Windows PowerShell
    
  • The Microsoft .NET Framework 3.5.1
    
  For the Active Directory module to function correctly, Windows PowerShell and the .NET Framework 3.5.1 must be installed on your Windows Server 2008 R2 or Windows 7 computer.
  
• If you want to use the Active Directory module to manage an Active Directory domain, an AD LDS instance or configuration set, or an Active Directory Database Mounting Tool instance, the Windows Server 2008 R2 Active Directory Web Services (ADWS) service must be installed on at least one domain controller in this domain or on one server that hosts your AD LDS instance. For more information about ADWS, see AD DS: Active Directory Web Services (http://go.microsoft.com/fwlink/?LinkID=141393).
  

When the Active Directory module is installed, to start it click Start, point to Administrative Tools, and then click Active Directory PowerShell. You can also load the Active Directory module manually by running the Import-Module ActiveDirectory command at the Windows PowerShell prompt.

Which editions include the Active Directory module?

The Active Directory module is available in the following editions of Windows Server 2008 R2 and Windows 7:

• Windows Server 2008 R2 Standard
  
• Windows Server 2008 R2 Enterprise
  
• Windows Server 2008 R2 Datacenter
  
• Windows 7
  

The Active Directory module is not available in the following editions of Windows Server 2008 R2:

• Windows Server 2008 R2 for Itanium-Based Systems
  
• Windows Web Server 2008 R2
  

Getting started

This section explains how to start the Active Directory module. You do not have to be a local administrator to use the Active Directory module or to add the module explicitly from a base Windows PowerShell instance.

To start the Active Directory module

• Click Start, point to Administrative Tools, and then click Active Directory Module for Windows PowerShell.
  This command opens Windows PowerShell with the Active Directory module preloaded.
  

Credentials

Membership in Domain Admins, or equivalent, is the minimum required to complete the tasks in this guide.
Membership in Schema Admins, or equivalent, is the minimum required to complete schema operations tasks.
Membership in Enterprise Admins, or equivalent, is the minimum required to complete topology-related tasks.

Scripts

There are several tasks that require you to run a sample script. Sample scripts provide fictitious names, domains, servers, organizational units (OU)s, and other items for the purpose of providing concrete examples of the Active Directory module cmdlets. If you use one of these sample scripts in your environment, change these names to fit your organizational structure. For more information about running Windows PowerShell scripts, see Running Windows PowerShell Scripts (click here).

Links

The following links take you directly to the section of this guide that contains the group of tasks that you are trying to complete. For example, the Users link takes you to the section that contains all the tasks for managing users in AD DS or AD LDS.

• Computer Management
•  User Management
•  Group Management
• Managed Service Accounts
  
• Organizational Units
  
• Password Policies
  
• Optional Features
  
• Search\Modify Objects
  
• Forest and Domain Management
  
• Domain Controller and Operations Master Management