Active Directory Powershell Overview

  • Article

Although it is pretty easy to get the list of AD cmdlets using Powershell, many of you might be looking for a high level view of cmdlets classified by AD administrative scenarios and tasks. So here it goes…

The current set of AD Powershell cmdlets can be classified into four broad categories:

  1. Account Management
  2. Topology management
  3. Directory object management
  4. Provider cmdlets

In the account management set we have cmdlets that –

  • Create, delete, write and read users, groups, computers, managed service accounts and Organizational units (OUs).
  • Manage account settings such as: expiration date, password etc.
  • Manage group membership, get account token groups.
  • Manage fine grained password policy and default domain password policy.

In the topology management set we have cmdlets that –

  • Discover DCs, manage FSMOs, move DCs across site and get DC info.
  • Manage password replication policy of RODCs.
  • Manage domain and forest, set forest and domain functional level.
  • Manage optional features.

In the directory object management set we have cmdlets that –

  • Create, delete, write and read all types of AD object.
  • Move, rename and restore AD objects.

In the Provider cmdlets set we have cmdlets that enables file-system like browsing capabilities in Active Directory PSDrive.

Click below for a table that shows various cmdlets available in each set. It should also serve as a quick reference card on your office desk :)

Active Directory Powershell Quick Reference Card

Cheers!
Swami

--
Swaminathan Pattabiraman [MSFT]
Developer – Active Directory Powershell Team

Comments

  • Anonymous
    March 04, 2009
    PingBack from http://www.clickandsolve.com/?p=18118
  • Anonymous
    March 04, 2009
    Although it is pretty easy to get the list of AD cmdlets using Powershell, many of you might be looking
  • Anonymous
    March 05, 2009
    Hello again :)Domain Controller Management:'DirectoryServer' and 'DomainController' are equal? Will you choose one of this names in release?Do you really need to specify source DC for moving roles? If not - IMO better to create Set-DS|DC cmdlet, which also can be extended to set more properties, like GC.ADOptionalFeature - what is for? Curent help is almost useless, and:[PS <39> D:Root] Get-ADOptionalFeatureGet-ADOptionalFeature : Parameter set cannot be resolved using the specified named parameters....[PS <40> D:Root] Get-ADOptionalFeature Get-ADOptionalFeature : "Unable to find a default server"...-ADDomainForest - why not use Set-ADDomain -Forest cmdlet for this? You can always ask for confirmation.Same applies to *Expiration. Its work for Set-ADAccount.If you abbriviating AD (which is good thing of course :)), why not abbriviate Domain Controllers to DC? It will make cmdlets look much better. And typing too. (I'm know about tab and aliases, but many people dont, and just retyping this LONG commands from docs/internet. PowerShell already have reputation of language with long commands (thanks Exchange ;)), and you are making it VeryLong)Thanks for responces, I'm really looking forward for a next build :)