Mastering Active Directory Management with PowerShell

Learn essential tips and techniques for managing Active Directory using PowerShell, including starting tips, staying up-to-date with PowerShell versions, methods of management, exploring Active Directory commands, getting information from AD, and selecting, sorting, and exporting data efficiently.

• Active Directory
• PowerShell
• Management
• Commands
• Automation

joven Follow

Uploaded on Sep 17, 2024 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

Presentation Transcript

1. Managing Active Directory with PowerShell JOSEPH MOODY

2. Starting Tips for PowerShell Use PowerShell ISE. Script pane on top + Console on bottom How to Use Help Get-Help Get-ADComputer -full Get-Help Get-ADUser examples Select cmdlet press F1 Some examples will span multiple lines when typing them, type them as a single line.

3. Staying Up to Date Update PowerShell: Current version is 4, 5 to be released in August. $PSVersiontable will show you your current version. Install latest Windows Management Framework to update PowerShell. If you are on at least version 3, you are good for today. Update your Help on 1stuse by running update-help. Create a monthly update task. Must be ran as an administrator

4. Methods of Management Two Modules for Active Directory Management Default Active Directory Module Quest AD Module AD Module: 2008 R2 + domain, cmdlets are verb-ADnoun import-module ActiveDirectory Quest Module: requires 3rdparty software, cmdlets are verb-QADnoun Add-PSSnapin Quest.ActiveRoles.ADManagement

5. Exploring with PowerShell Get-Command Module ActiveDirectory (Get-Command Module ActiveDirectory).Count Or use the Command Add-On View Show Command Add-On Filter module to Active Directory filter name for search

6. Exploring Active Directory Verbs Nouns Computer Add Reset Group Disable Set GroupMember Enable Unlock OrganizationalUnit Get User Move New Remove Rename

7. Getting Information from AD Get-ADComputer GAMCN01 PowerShell assumes GAMCN01 is the value for identity Get-ADComputer GAMCN01 -Properties * We can now filter off of these properties Get-ADComputer -filter 'Name -like "GAMCN*"' Get-ADComputer -filter 'Enabled -eq "false"' -eq, -ne, -like, -notlike

8. Selecting, Sorting, and Exporting Three cmdlets to know: Select-Object: alias is select Sort-object: alias is sort Export-CSV All use Piping (|) or input from variables. Pipe symbol is shift + backslash. Ex: get-process notepad | stop-process

9. Selecting Properties Get-ADComputer -filter 'Name -like "GAMCN*"' | select-object Name Get-ADComputer -filter 'Name -like "GAMCN*"' | select name,OperatingSystem Why is the OperatingSystem row blank? Get-ADComputer -filter 'Name -like "GAMCN*"' -Properties OperatingSystem | select name,OperatingSystem

10. Sorting Properties Get-ADComputer -filter 'Name -like "GAMCN*"' -Properties PasswordLastSet | select name,PasswordLastSet What column are we sorted by? Get-ADComputer -filter 'Name -like "GAMCN*"' -Properties PasswordLastSet | select name,PasswordLastSet | Sort-object PasswordLastSet

11. Exporting Data Get-ADComputer -filter 'Name -like "GAMCN*"' -Properties PasswordLastSet | select name,PasswordLastSet | Sort-object PasswordLastSet | export-csv .\Computers.csv -append -notypeinformation Troubleshooting Tip: If a script like the one above doesn t work, test each part independently.

12. Creating New Objects Find out what your computer name is write down your station number (ex: N01) New-ADComputer requires four parameters: Name SAMAccountName Path (OU Location) Enabled Status New-ADComputer -Name Test-N01" -SamAccountName Test-N01" -Path "OU=PowerShell,OU=UnAssigned,OU=Domain Sites,DC=GCBE,DC=local" -Enabled $True Variables to Know: $True, $False, $Null

13. Modifying with Set Objects can be modified by piping results from a get command to a set command Syntax example: Get-ADComputer | Set-ADComputer Use the command add-on to view the Set parameters Get-ADComputer -Identity Test-N01 | Set-ADComputer -Location "Brunswick,GA" Now use Get-ADComputer and verify the location is set. Whatif parameter is your friend! Use it when making mass changes to test. Get-ADComputer -Filter 'Name -like "Test-N*"' | Set-ADComputer -Location "Brunswick,GA whatif

14. Disable and Tag - Lab Use the Get command to Find Your Test Computer. Disable Your Test Computer s AD Account Set the Computer s Description to the Current Date Hint: (Get-Date) In a live environment, you would move these disabled computers into a dedicated OU.

15. Examples Most of these examples use the Quest AD cmdlets. This module can be downloaded or you can substitute the normal AD cmdlets. 1. Cleaning Up Stale AD Accounts 2. Creating New Users 3. Renaming Computers 4. Updating Groups