Start Using Cmdlets to Manage Active Directory

Article
08/31/2016

Tip: Start Using Cmdlets to Manage Active Directory

Follow Our Daily Tips

• facebook.com/TechNetTips
• twitter.com/TechNetTips
• blogs.technet.com/tnmag
• TechNet Tips library

The Active Directory Module for Windows PowerShell contains 90 cmdlets not found in a standard Windows PowerShell session. Most (but not all) of the cmdlets in the module include the initials AD as part of their names, so you can list them using the following command:
Get-Command *-AD*

The Active Directory cmdlets, which you can use individually or combine using the standard Windows PowerShell piping techniques, provide almost universal administrative access to AD DS and AD LDS resources. For example, to create new AD DS objects, you can use any of the following cmdlets:

New-ADUser
New-ADComputer
New-ADGroup
New-ADOrganizationalUnit
New-ADObject

These parameters not only enable you to create a new object, but you can also specify values for many of the object’s attributes using a single command, like here:
New-ADUser –Name “Mark Lee” -SamAccountName “MarkLee”
-GivenName “Mark” -Surname “Lee” -DisplayName “Mark Lee”
-Path ‘CN=Users,DC=example,DC=local’
-OfficePhone “717-555-1212” -Title “Account Manager”
-EmailAddress “mlee@example.com”
-ChangePasswordAtLogon $true

Consider how many different processes you would have to perform and how many screens you would have to access to create the user object for Mark Lee and set all the attributes defined in this example using the Active Directory Users and Computers console. For custom attributes, and those not specifically covered by a cmdlet’s parameters, you can use the –OtherAttributes parameter, and to create objects not explicitly supported by a cmdlet, you can use New-ADObject, and specify the type of object you want to create.

Another method is to create a comma-separated value (CSV) file that contains a list of the objects you want to create and their attribute values. You can then use the Import-CSV cmdlet to pipe the contents of the CSV file to the New-ADObject cmdlet, and the system will create each object listed in the file in turn.

In addition to cmdlets for creating Active Directory objects, there are also cmdlets for manipulating them. Here are a few useful cmdlets you should get to know:

Set-ADObject Modifies the properties of an Active Directory object
Get-ADObject Gets or performs a search to retrieve one or more Active Directory objects
Move-ADObject Moves an Active Directory object or container from one container to another or from one domain to another
Restore-ADObject Restores a deleted Active Directory object
Rename-ADObject Renames an Active Directory object
Remove-ADObject Removes an Active Directory object

Tip adapted from Introducing Windows Server 2008 R2 by Charlie Russel and Craig Zacker.

Additional resources