6 min read
Boost your IT automation efficiency with new ScriptRunner release
We have just released our latest ScriptRunner update, version 7.1, packed with powerful new features aimed at making IT...
ScriptRunner Blog
For those who frequently need to perform tasks in Active Directory, such as creating and managing users and groups or troubleshooting, PowerShell provides a number of cmdlets that make life easier. Also, the administration of domains and the infrastructure in Active Directory can be solved optimally with the PowerShell. It is not about PowerShell replacing the other management tools. The PowerShell complements the administration tools of Active Directory and is an additional help.
On servers the installation can be done by adding the remote administration tools for Active Directory in the Server Manager or the Windows Admin Center (Figure 2). Here you can find the PowerShell module for Active Directory in the Remote Server Administration Tools > Role Administration Tools > AD DS- and AD LDS Tools.
On Windows servers, the Active Directory management tools can also be installed from the PowerShell. This is done by using the Install-WindowsFeature RSAT-AD-PowerShell command.
If the connection does not work, you can check in the command prompt or PowerShell with winrm enumerate winrm/config/listener whether a listener with port 5985 is active and bound to all IP addresses of the server.
Get-ADDomain | Select InfrastructureMaster, RID-Master, PDCEmulator
Schema Master and Domain Name Master are unique per AD forest. This information can be displayed again by using Get-ADForest:
Get-ADForest | Select-Object DomainNamingMaster, SchemaMaster
Operation Master roles can be moved to other domain controllers in the PowerShell. The equivalent cmdlet is
Move-ADDirectoryServerOperationMasterRole
Get-Help Move-ADDirectoryServerOperationMasterRole displays the full syntax and some examples of the cmdlet (this applies generally to all cmdlets in PowerShell).
To run the tests, passwords must be entered at various places. However, the respective cmdlet accepts them only as secure input. An example of the command is:
Test-ADDSDomainControllerInstallation -DomainName -SafeModeAdministratorPassword (Read-Host -Prompt Kennwort -AsSecureString)
Invoke-Command {Install-ADDSDomainController -DomainName -Credential (Get-Credential) -ComputerName
A list of commands to delete objects can be displayed with Get-Command Remove-Ad*. Changes to Active Directory objects are made by using Set- cmdlets. A list is of them is displayed by using Get-Command Set-Ad*.
Get-ADObject ‹DN of object› -Properties ProtectedFromAccidentalDeletion
The deletion protection can be activated with :
Set-ADObject ‹DN of object› -ProtectedFromAccidentalDeletion $true
If you want to deactivate the deletion protection, you can again set the option “$false”. If no objects are to be protected but organizational units, the cmdlets Get-ADOrganizationalUnit and Set-ADOrganizationalUnit are used.
Sep 30, 2024 by Frank Kresse
We have just released our latest ScriptRunner update, version 7.1, packed with powerful new features aimed at making IT...
Aug 16, 2024 by Heiko Brenn
Welcome to Scriptember! We are thrilled to announce the launch of a unique, month-long campaign dedicated to...
Aug 14, 2024 by Jeffery Hicks
I'd like to think that because you are reading this, you are a professional PowerShell user and this article will be a...
Thomas Joos is a freelance IT consultant and has been working in IT since 1992. He has published more than 90 practical reference books and writes for numerous IT publications such as c’t, PC Magazin, PC Welt, IT Administrator, Computerwoche and Heise Security.