Active Directory module PowerShell cmdlets : Part 1

Windows PowerShell - Learn It Now Before It's an Emergency:

Earlier, Windows PowerShell was available as a separate add-on to Windows. Starting with Windows 7, Microsoft started to ship Products with PowerShell installed by default. Most or all of Microsoft's products will eventually use PowerShell as an administration tool. This demonstrates PowerShell’s importance in a windows administrator’s life in the 21st Century Era. That’s why Microsoft Scripting Guy Ed Wilson said ‘Learn It Now Before It's an Emergency’

My intention is not to go deeply into the nuance of PowerShell. I am going to get you started working on PowerShell right away. With such a simple introduction, I hope you'll be interested enough to dig deeper into the world of PowerShell on your own.

So we can start with The Active Directory (AD) module..

The Active Directory (AD) module is available by default with Windows 2008 R2 server (With the AD DS or AD LDS server roles.) . It can be installed as part of the Remote Server Administration Tools feature on a Windows 7 computer.

After installation you can access the PowerShell module using Active Directory Module for Windows PowerShell Console. To open the console Click on  Start, then Go to >All Programs > Administrative Tools > Active Directory Module for Windows PowerShell

Or open a PowerShell console and load the Active Directory module with cmdlet Import-Module ActiveDirectory
If you are getting following error, that means the ActiveDirectory module is not installed on the computer or the module files are not available at the PowerShell module path.

PS C:\> Import-Module Activedirectory
                      Import-Module : The specified module 'Activedirectory' was not loaded because no valid module file was found in any module directory.
                      At line:1 char:14
                      + Import-Module <<<<  Activedirectory
                          + CategoryInfo          : ResourceUnavailable: (Activedirectory:String) [Import-Module], FileNotFoundException
                          + FullyQualifiedErrorId : Modules_ModuleNotFound,Microsoft.PowerShell.Commands.ImportModuleCommand

Select all Open in new window

To ensure that you have the Active Directory module available for import, you can run the Get-Module –ListAvailable command in Windows PowerShell console.

Finding the AD cmdlets:

You can use the Get-Command cmdlet to retrieve all AD cmdlets.

Getting Help for AD cmdlets:

You can use Get-Help <cmdlet name> -Full or
Help <cmdlet name> -Full to get the complete help of the command.  

Get-Help <cmdlet name> -Online will take you to the online help at Microsoft TechNet Library which will have a updated version of help.

Get-Help <cmdlet name> -Examples will return the examples of the cmdlet.

Common Active Directory cmdlets:

Following are the few cmdlets which we use frequently for the administration of Active directory objects.

How To Use Common Active Directory cmdlets:

For demo, I am using Get-ADuser to query Active Directory for all user objects..

Get-ADuser -Filter * will return all user objects in your AD.
By default the command will return the ten properties of the user object displayed in above screenshot. If you need to return additional properties you need to use -properties parameter.

For Example, Get-ADuser -Filter * -Properties Manager will return Manager Property in addition to the ten default properties.

You may add multiple properties with -Properties parameter, for example.

Get-ADuser -Filter * -Properties Manager,DisplayName,Company

Select all Open in new window

To return the objects with all properties:

Get-ADuser -Filter * -Properties *

Select all Open in new window

To return all users from a specific Organizational Unit (OU):

Get-ADuser -Filter * -SearchBase "OU=Users,OU=HQ,DC=Max,DC=com"

Select all Open in new window

To save the result to a csv file, you can use the Export-Csv command.

Get-ADuser -Filter * -Properties Manager,DisplayName,Company -SearchBase "OU=Users,OU=HQ,DC=Max,DC=com" | Export-csv C:\report.csv

Select all Open in new window

To select specific properties while exporting, you can use Select-Object command. Following command only export the properties 'Manager,DisplayName,Company' of all user objects to a csv file.

Get-ADuser -Filter * -Properties Manager,DisplayName,Company -SearchBase "OU=Users,OU=HQ,DC=Max,DC=com" | Select-Object Manager,DisplayName,Company  | Export-csv C:\report.csv

Select all Open in new window

You can use the –Filter parameter to filter the objects. The following command will return the user objects which Company set as ‘Expert Exchange’

Get-ADUser -Filter {Company -eq "Expert Exchange"}

Select all Open in new window

To read more about –Filter use following command.

Get-Help about_ActiveDirectory_Filter -Full

Select all Open in new window

Another option to filter the result is to use Where-Object command. Following command will return the user objects which Company set as ‘Expert Exchange’

Get-ADUser –Filter * |  Where-Object {$_.Company -eq "Expert Exchange"}

Select all Open in new window

Following command will display all user account which does not have the Company attribute value set.

Get-ADUser –Filter * |  Where-Object {$_.Company -eq $null}

Select all Open in new window

The cmdlets also support Ldap filter via the -LdapFilter parameter..

You can refer following articles for more information
Active Directory Powershell – Advanced Filter
Active Directory Powershell – Advanced Filter (Part – II)

That's all for now. See you in next article..
I appreciate the time you took to read my article, please leave your valuable feedback. Thanks in advance!..

Reference :
Get-Help : http://technet.microsoft.com/en-us/library/ee176848.aspx
Get-Module : http://technet.microsoft.com/en-us/library/hh849700.aspx
AD Cmdlets : http://technet.microsoft.com/en-us/library/ee617195.aspx
Get-ADUser : http://technet.microsoft.com/en-us/library/ee617241.aspx
Export-Csv : http://technet.microsoft.com/en-us/library/ee176825.aspx
Where-Object : http://technet.microsoft.com/en-us/library/ee177028.aspx

If you would like to read the other part/s in this article series please go to:
Active Directory module PowerShell cmdlets : Part 2