Methods for working with Active Directory in Powershell

— If you were directed here from the forums, pay special attention to the notes. I am doing this because so often people post code without telling you what tools you need to run it! —

I often times see people heading over to the forums to get some help with working with AD type stuff and don’t really know where to start or what the options are.

The biggest part over looked (and what I’m covering here) is the methods available for working with the AD from Powershell.

You’ve got three options outlined below with pro’s and con’s

  • Active Directory modulefrom Microsoft (RSAT)
    • Pros
      • Easy to use
      • Available on Windows 7 and 2008 (RSAT feature)
      • Built in/Native
    • Cons
    • Notes:
      • cmdlets are in the standard verb-noun format and are documented on Technet pretty well
  • Quest ActiveRoles Management
    • Pros
      • Easy to use
      • Works on just about anything
    • Cons
      • Requires the module to be installed to use it (bad for scripting)
    • Notes
      • all cmdlets are in the format verb-QAnoun so, if you see a cmdlet with QA you need the quest tools
  • .NET Directory Services
    • Pros
      • Works anywhere
      • No requirements
      • Great for scripts to assure they always work
    • Cons
      • Requires more code
      • Deeper understanding of AD to utilize
    • Notes
      • nice shortcut to DirectoryEntry by casting: $domain = [ADSI] “LDAP://path”
      • $searcher = [ADSISearcher] “LDAP filter query

My personal choice is the .NET method, since I can use it in a script and know for sure it will work, but, it’s a LOT more coding. If you are doing admin type work, you might want to look at either the Quest tools or using the Active Directory module. If you want to know if the AD module is installed and available you can run the following command

    Get-Module –list

You should see the ActiveDirectory module in the list. You can then import it if you’d like to use it

Import-Module ActiveDirectory

If you are unsure if you have ADWS running on your domain attempting to import the module will tell you if it cant find one.

and you can use the link above to get started or simply list out the commands in that module.

Get-Command –Module ActiveDirectory

I’m sure you’ve noticed I haven’t gone in to great detail on how to use these, install or verify requirements. There is a ton of info out there on that, this is mostly to help you figure out which methods are out there, and if someone pasted code, to help you figure out which one the code requires.

Hope this helps, if you’d like to see more details on any of this let me know!


About jrich

I am the Solutions Architect for Apex Learning in Seattle WA. I've been working with computers since I was 13. Started programming when I was 14. Had my first IT job as tech support at an ISP at the age of 15 and became a network admin at the age of 17. Since then I've worked at a variety of small to mid size companies supporting, maintaining and developing all aspects of IT. Mostly working with Windows based networks but have recently been working with Solaris system as well. I created this blog mostly as a place for me to take my own notes, but also share things that I had a hard time finding the info for.

Posted on June 1, 2011, in WMF (Powershell/WinRM) and tagged , , , , , , . Bookmark the permalink. Leave a comment.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: