Active Directory Administration with Windows PowerShell (original) (raw)

Share via

Applies To: Windows Server 2008 R2

Windows PowerShell™ is a command-line shell and scripting language that can help information technology (IT) professionals control system administration more easily and achieve greater productivity.

The Active Directory module for Windows PowerShell for Windows PowerShell consolidates a group of cmdlets. You can use these cmdlets to manage your Active Directory® domains, Active Directory Lightweight Directory Services (AD LDS) configuration sets, and Active Directory Database Mounting Tool instances in a single, self-contained package.

In Windows Server 2000, Windows Server 2003, and Windows Server 2008, administrators used a variety of command-line tools and Microsoft Management Console (MMC) snap-ins to connect to their Active Directory domains and AD LDS configuration sets to monitor and manage them. The Active Directory module for Windows PowerShell now provides a centralized experience for administering your directory service.

Note

The content in this guide was originally written for Windows Server 2008 R2 and still applies to Windows Server 2012. For more information on Active Directory PowerShell features that are new to Windows Server 2012, please refer to the following topics:

• Active Directory Replication and Topology Management Using Windows PowerShell
• Installing AD DS Using Windows PowerShell
• Removing AD DS Using Windows PowerShell
• In the Dynamic Access Control deployment documentation, look for any sections that are labeled Windows PowerShell equivalent commands
• In the Active Directory Domain Services (AD DS) Virtualization documentation, see the steps for deploying a virtualized domain controller.

Installation

You can install the Active Directory module by using any of the following methods:

• By default, on a Windows Server 2008 R2 or Windows Server 2012 server when you install the AD DS or AD LDS server roles
• By default, when you make a Windows Server 2008 R2 or Windows Server 2012 server a domain controller by running Dcpromo.exe

Note

In Windows Server 2012, Dcpromo.exe is deprecated and installation of AD DS is done through Server Manager or using Windows PowerShell commands. For more information, Install Active Directory Domain Services.

• As part of the Remote Server Administration Tools (RSAT) feature on a Windows Server 2008 R2 or Windows Server 2012 server
• As part of the RSAT feature on a Windows 7 or Windows 8 Release Preview computer

Important

If you want to use the Active Directory module in Windows 7 or Windows 8 Release Preview to remotely manage an Active Directory domain, an AD LDS instance or configuration set, or an Active Directory Database Mounting Tool instance, you must have at least one Windows Server 2008 R2 domain controller in your domain or at least one instance in an AD LDS configuration set that is running on a Windows Server 2008 R2 server.

• The Active Directory module is installed with the following features by default:
  • Windows PowerShell
  • The Microsoft .NET Framework 3.5.1 or 4.5
    For the Active Directory module to function correctly, Windows PowerShell and the .NET Framework 3.5.1 or 4.5 must be installed.
• If you want to use the Active Directory module to manage an Active Directory domain, an AD LDS instance or configuration set, or an Active Directory Database Mounting Tool instance, the Active Directory Web Services (ADWS) service must be installed on at least one domain controller in this domain or on one server that hosts your AD LDS instance. For more information about ADWS, see What's New in AD DS: Active Directory Web Services.

In Windows Server 2008 R2, when the Active Directory module is installed, to start it click Start, point to Administrative Tools, and then click Active Directory Module for Windows PowerShell. You can also load the Active Directory module manually by running the Import-Module ActiveDirectory command at the Windows PowerShell prompt. In Windows Server 2012, the Active Directory module for Windows PowerShell can be accessed using Start screen tile, and module autoloading enables you to use Active Directory PowerShell commands without having to first import the module into your Windows PowerShell session.

Which editions include the Active Directory module?

The Active Directory module is available in the following editions of Windows and Windows Server:

• Windows Server 2012 Foundation
• Standard
• Datacenter
• Windows Server 2008 R2 Standard
• Windows Server 2008 R2 Enterprise
• Windows Server 2008 R2 Datacenter
• Windows 7
• Windows 8 Release Preview

The Active Directory module is not available in the following editions of Windows and Windows Server:

• Windows Server 2008 R2 for Itanium-Based Systems
• Windows Web Server 2008 R2

Getting started

This section explains how to start the Active Directory module. You do not have to be a local administrator to use the Active Directory module or to add the module explicitly from a base Windows PowerShell instance.

To start the Active Directory module

• Click Start, point to Administrative Tools, and then click Active Directory Module for Windows PowerShell.
  This command opens Windows PowerShell with the Active Directory module preloaded.

Note

In Windows Server 2012, the Active Directory module for Windows PowerShell can be accessed using Start screen tile, and module autoloading enables you to use Active Directory PowerShell commands without having to first import the module into your Windows PowerShell session.

Credentials

Membership in Domain Admins, or equivalent, is the minimum required to complete the tasks in this guide.

Membership in Schema Admins, or equivalent, is the minimum required to complete schema operations tasks.

Membership in Enterprise Admins, or equivalent, is the minimum required to complete topology-related tasks.

Scripts

There are several tasks that require you to run a sample script. Sample scripts provide fictitious names, domains, servers, organizational units (OU)s, and other items for the purpose of providing concrete examples of the Active Directory module cmdlets. If you use one of these sample scripts in your environment, change these names to fit your organizational structure. For more information about running Windows PowerShell scripts, see Running Windows PowerShell Scripts (https://go.microsoft.com/fwlink/?LinkID=119588).

Links

The following links take you directly to the section of this guide that contains the group of tasks that you are trying to complete. For example, the Users link takes you to the section that contains all the tasks for managing users in AD DS or AD LDS.

• Account Management
• Group Management
• Managed Service Accounts
• Organizational Units
• Password Policies
• Optional Features
• Search\Modify Objects
• Forest and Domain Management
• Domain Controller and Operations Master Management

Note

For more information on Active Directory PowerShell features that are new to Windows Server 2012, please refer to the following topics:

• Active Directory Replication and Topology Management Using Windows PowerShell
• Installing AD DS Using Windows PowerShell
• Removing AD DS Using Windows PowerShell
• In the Dynamic Access Control deployment documentation, look for any sections that are labeled Windows PowerShell equivalent commands
• In the Active Directory Domain Services (AD DS) Virtualization documentation, see the steps for deploying a virtualized domain controller.

Additional information

For more information about the Active Directory module, see AD DS: Active Directory PowerShell (https://go.microsoft.com/fwlink/?LinkId=134679).

For more information about Windows PowerShell, see Windows PowerShell (https://go.microsoft.com/fwlink/?LinkID=102372).