Review a MVA course (Using PowerShell for Active Directory) Module 1 and 2

I missed one great MVA course which is Using PowerShell for Active Directory because I was joining TechEd Europe at that time. Recently, I started to watch this MVA course. This course was hosted by Jason Helmick, Concentrated Technology Senior Technologist, and Ashley McGlone, Microsoft Senior Premier Field Engineer. I tried to make some notes for revision.

Module 1

Using Remote Server Administration Tools (RSAT) to manage Active Directory, the main disadvantage is we can't install the latest version RSAT on previous OS version. For an example, we can install RSAT for Windows 8.1 on a Windows 7 workstation. Using PowerShell, we can use "New-PSSession" and "Import-PSSession" to import PowerShell module from any version of Operating Systems to the current computer. Then, we can use the latest cmdlets to manage Active Directory.

The second thing, we can Active Directory Administrative Center to check the PowerShell History of Active Directory. It's easy for us to get some hints to write our own scripts.

The last thing, we can use PowerShell to browse the Active Directory like cd ad: partition.

Reference:
How To Use The 2012 Active Directory PowerShell Cmdlets From Windows 7

Module 2
Jason and Ashley talked about creating, updating and deleting users and groups in Active Directory by PowerShell. 

By default, Get-ADUser dones't get all properties from user accounts. We need to add "-Property *" to get all properties from user accounts. Then, make "New-ADUser" to a variable. It's easy for us to modify properties of user accounts because we don't need to enter the full distinguished name. 

After that, the user account was created by "New-ADUser" but it isn't enabled if you don't assign a password for the user account. To enter a password for the user account, we need to create a variable to store the password from "Read-Host" cmdlet with a parameter, "-AsSecureString" or enter the following cmdlet "New-AdUser <User Name> -Enabled $True -AccountPassword $(ConvertTo-SecureString <password> -AsPlainText -Force)" to create a user account.

Later, they talked to use "Import-CSV" with pipeline and then modify the title name of CSV by performing "Select-Object @{Name=<Property name>;expression={$_.<title name from CSV}}". This is common method in PowerShell to change the output name. To learn more, please watch Getting Started with PowerShell 3.0 Jump Start. Use "Out-GridView" to verify the data before creating user accounts.

To talk about New-ADGroup, Ashley gave a tip to store (Get-ADDomain).distinguishedname to a variable. It's really useful for us to create a new AD group because we don't need to enter full distinguished name. We just enter the variable.

We can add a non-common Active Directory attribute like carLicense for AD user accounts by entering -OtherAttributes @{carLicense='attribute'>  on New-ADUser or performing Set-ADUser -Add @{carLicense='attribute'> to add a new attribute for user accounts.

Then, we can use "Set-ADComputer <Computer Name> -ServicePrincipalNames @{Add='HTTP/FQDN NAME}" to add a new service principal name. In previous version of Active Directory domain, we can use Setspn to to this.

Finally, they talked about remove member of a group and delete AD Users. For cross domains scenario, you may need to use Set-ADObject to delete a group member with cross domains of a universal group. To delete AD User, we can use "Get-ADUsers -Filter Remove-ADUser" to delete Ad users.

Remark: All PowerShell scripts were written by Ashley McGlone. You can download the scripts from the following web site.

Microsoft Virtual Academy: Using PowerShell for Active Directory 

For more information:
Using PowerShell for Active Directory

Goatee PFE

Related posts:
Review a MVA course (Using PowerShell for Active Directory) Module 3

Review a MVA course (Using PowerShell for Active Directory) Module 4

This posting is provided “AS IS” with no warranties, and confers no rights!