Forest and Domain Management
You can use the Active Directory module for Windows PowerShell to manage your forests and domains in Active Directory Domain Services (AD DS). The topics in this section explain how to use the Active Directory module to accomplish many of the common tasks that are associated with forest and domain management:
- Finding the Domains in a Forest
This topic explains how to use the Active Directory module for Windows PowerShell to find the NetBIOS name of a domain in Active Directory Domain Services (AD DS).
Example
The following example demonstrates how find the NetBIOS name of the Fabrikam.com domain:
Get-ADDomain –Identity Fabrikam.com
Additional information
For a full explanation of the parameters that you can pass to Get-ADDomain, at the Active Directory module command prompt, type Get-Help Get-ADDomain –detailed, and then press ENTER.
- Raising the Domain Functional Level to Windows 2000 Native
This topic explains how to use the Active Directory module for Windows PowerShell to raise the domain functional level to Windows 2000 native.
Example
The following example demonstrates how to raise the domain functional level of the Fabrikam.com domain to Windows 2000 native:
Set-ADDomainMode -Identity FABRIKAM -DomainMode Windows2000
Additional information
You can use the following parameters when you set many of the common values that are associated with raising the domain functional level in Active Directory Domain Services (AD DS):
- -Windows2000
- -Windows2003InterimDomain
- -Windows2003Domain
- -Windows2008Domain
- -Windows2008R2Domain
- -Windows2000
- Finding the NetBIOS Name of a Domain
This topic explains how to use the Active Directory module for Windows PowerShell to find the NetBIOS name of a domain in Active Directory Domain Services (AD DS).
Example
The following example demonstrates how find the NetBIOS name of the Fabrikam.com domain:
Get-ADDomain –Identity Fabrikam.com
Additional information
For a full explanation of the parameters that you can pass to Get-ADDomain, at the Active Directory module command prompt, type Get-Help Get-ADDomain –detailed, and then press ENTER.
- Raising the Functional Level to a Windows Server 2003 Domain
This topic explains how to use the Active Directory module for Windows PowerShell to raise the domain functional level to Windows Server 2003 and Windows Server 2003 interim.
Example 1
The following example demonstrates how to raise the domain functional level of the Fabrikam.com domain to Windows Server 2003:
Set-ADDomainMode -Identity fabrikam.com -DomainMode Windows2003Domain
Example 2
The following example demonstrates how to raise the domain functional level of the Fabrikam.com domain to Windows Server 2003 interim:
Set-ADDomainMode -Identity fabrikam.com -DomainMode Windows2003InterimDomain
Additional information
You can use the following parameters when you set many of the common values that are associated with raising the domain functional level in Active Directory Domain Services (AD DS):
- -Windows2000
- -Windows2003InterimDomain
- -Windows2003Domain
- -Windows2008Domain
- -Windows2008R2Domain
- -Windows2000
- Viewing the Trusts for a Domain
This topic explains how to use the Active Directory module for Windows PowerShell to view the trusts for a domain in Active Directory Domain Services (AD DS).
Example
The following example demonstrates how to view the trusts for the domain to which you are logged on:
Get-ADObject -Filter {objectClass -eq "trustedDomain"} -Properties TrustPartner,TrustDirection,trustType | FT Name,TrustPartner,TrustDirection,TrustType
Additional information
For a full explanation of the parameters that you can pass to Get-ADObject, at the Active Directory module command prompt, type Get-Help Get-ADObject –detailed, and then press ENTER.
- Raising the Functional Level to a Windows Server 2003 Forest
This topic explains how to use the Active Directory module for Windows PowerShell to raise the forest functional level to Windows Server 2008.
Example
The following example demonstrates how to raise the forest functional level of a Windows Server 2003 forest to Windows Server 2008:
Set-ADForestMode -Identity fabrikam.com -ForestMode Windows2008Forest
or
Set-ADForestMode -Identity fabrikam.com -ForestMode Windows2008R2Forest
Additional information
You can use the following parameters when you set many of the common values that are associated with raising the forest functional level in Active Directory Domain Services (AD DS):
- -Windows2003InterimForest
- -Windows2003Forest
- -Windows2008Forest
- -Windows2008R2Forest
- -Windows2003InterimForest
- Modifying the Tombstone Lifetime for a Domain
This topic explains how to use the Active Directory module for Windows PowerShell to modify the tombstone lifetime for a domain in Active Directory Domain Services (AD DS).
Example
The following example demonstrates how to modify the tombstone lifetime for the Fabrikam.com domain:
Set-ADObject -Identity "CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=Fabrikam,DC=COM" -Partition "CN=Configuration,DC=Fabrikam,DC=COM" -Replace @{tombstoneLifetime='210'}
Set-ADObject -Identity "CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=Fabrikam,DC=COM" -Partition "CN=Configuration,DC=Fabrikam,DC=COM" -Replace @{tombstoneLifetime='210'}
Additional information
You can use the following parameters when you set many of the common values of Active Directory objects:
- -Description
- -DisplayName
- -ProtectedFromAccidentalDeletion
No comments:
Post a Comment