Table of Contents
PowerShell AD Management
Import ActiveDirectory Module
To import the AD module for powershell issue this command:
import-module activedirectory
Get User Data
To see the full info for an AD account issue this command:
Get-ADUser <accountname> -properties *
Quest AD Management CMDLETs
Quest (part of Dell by the way) also provides some seriously well created commandlets, which can be downloaded here. Just download the “Quest One ActiveRoles Management Shell for Active Directory 32-bit - Zip” file (version 1.6.0) and install (as an administrator).
After installation you can start the shell and use the commandlets.
Connect to Different Domain
By default the domain you authenticate or are installed on will be used. If you want another domain use the service parameter:
get-qadgroup groupname -service dc.domain.local:389
Examples
These are some examples I used in an AD migration project:
Script example:
# Author: Sjoerd Hooft # Purpose script: This script collects all groups in the new domain that have a groupmember in the old domain $timestamp = Get-Date -format "yyyyMMdd-HH.mm" $csvfile = "F:\qadgroups-$timestamp.csv" $myCol = @() ForEach ($adgroup in (Get-QADgroup -SizeLimit 0)){ $name = $adgroup.Name Write-Host "Now processing $name" ForEach ($member in (Get-QADGroupMember $adgroup -SizeLimit 0 | where {$_.Type -eq "group"} | where {$_.DN -match "olddomain"})){ $groupinfo = "" | Select ParentName,ParentDN,MemberName,MemberDN $groupinfo.ParentName = $adgroup.Name $groupinfo.ParentDN = $adgroup.DN $groupinfo.MemberName = $member.Name $groupinfo.MemberDN =$member.DN $myCol += $groupinfo }} $mycol | export-csv -notypeinformation $csvfile
These onliners collect all groups based on grouptype:
get-qadgroup -SizeLimit 0 -Service 'dc.olddomain:389' | where {$_.ParentcontainerDN -ne "CN=Builtin,DC=olddomain"} | where {$_.ParentcontainerDN -ne "CN=Users,DC=olddomain"}| where {$_.ParentcontainerDN -ne "OU=SMS,DC=olddomain"}| where {$_.groupscope -eq "DomainLocal"} | select Name | sort Name | Export-Csv -notypeinformation "F:\ad-groups-olddomain-domainlocal.csv" get-qadgroup -SizeLimit 0 -Service 'dc.olddomain:389' | where {$_.ParentcontainerDN -ne "CN=Builtin,DC=olddomain"} | where {$_.ParentcontainerDN -ne "CN=Users,DC=olddomain"}| where {$_.ParentcontainerDN -ne "OU=SMS,DC=olddomain"}| where {$_.groupscope -eq "global"} | select Name | sort Name | Export-Csv -notypeinformation "F:\ad-groups-olddomain-global.csv" get-qadgroup -SizeLimit 0 -Service 'dc.olddomain:389' | where {$_.ParentcontainerDN -ne "CN=Builtin,DC=olddomain"} | where {$_.ParentcontainerDN -ne "CN=Users,DC=olddomain"}| where {$_.ParentcontainerDN -ne "OU=SMS,DC=olddomain"}| where {$_.groupscope -eq "universal"} | select Name | sort Name | Export-Csv -notypeinformation "F:\ad-groups-olddomain-universal.csv" get-qadgroup -SizeLimit 0 | where {$_.ParentcontainerDN -ne "CN=Builtin,DC=newdomain"} | where {$_.ParentcontainerDN -ne "CN=Users,DC=newdomain"}| where {$_.ParentcontainerDN -ne "OU=SMS,DC=newdomain"}| where {$_.groupscope -eq "universal"} | select Name | sort Name | Export-Csv -notypeinformation "F:\ad-groups-newdomain-universal.csv"