Alternative Power Shell Commands
WINDOWS SYSTEMS AND NETWORK ADMINISTRATION
Alternative PowerShell commands for Active Directory management
Brandon Shell, Contributor
07.06.2010
Rating: --- (out of 5)
Expert advice on Windows-based systems and hardware
Digg This! StumbleUpon Del.icio.us
Previously, we looked at how PowerShell can be used to manage Active
Directory in Windows Server 2008 R2. In this article, we'll cover some
alternatives to the Microsoft cmdlets.
The benefit to these other options is that there are no dependencies
-- well, other than the Active Directory cmdlets themselves. These
cmdlets are provided by Quest Software and my own open source module,
called BSonPosh.
Recent PowerShell columns
Making Windows PowerShell your own
How to customize your Windows PowerShell environment
The terms and commands you absolutely need to know
Quest was really the first on the Active Directory scene, and it has
also been around since the early days of Windows PowerShell (about
four years), so the cmdlets are very mature. They have no dependencies
on anything specific, and while the cmdelts work against all "Active
Directories," they can also target a Quest ActiveRoles Server, which
provides a much higher degree of object management and security.
Outside of that, they behave very much the same as the Microsoft
cmdlets.
The one weakness of these Quest cmdlets is that they don't venture
into the realm of infrastructure management, which is why I wrote the
BSonPosh module to fill the gap. To be clear, my module covers far
more than just Active Directory, but the AD infrastructure management
coverage is pretty good.
While we don't have the time or space to cover the entire set of
cmdlets offered by Quest and BSonPosh, we can take a look at a few of
the more prominent ones in both management categories.
Note: You may notice the Quest cmdlets have a verb prefix of QAD.
This allows
them to play nice with other Active Directory cmdlet providers.
Object management (Quest)
Get-QADUser -- gets a specific user object or does a search for user
objects that match the query
Examples:
# Get the user account for a user with ambiguous name
resolution (ANR)
of BSonPosh
Get-QADUser bsonposh
# Get all the users that have the BSonPosh as manager
Get-QADUser â€"Manager bsonposh
# Get all the users that have the last name "Shell"
using LDAP filter
Get-QADUser -LDAPFilter "(sn=shell)"
For more examples:
Get-help Get-QADUser â€"example
Get-QADComputer -- gets a specific computer object or does a search
for computer objects that match the query
Examples:
# Get all the computers in a given organization unit (OU)
Get-QADComputer -SearchRoot "OU=XenDesktop,DC=Dev,DC=Lab"
# Get all the computers with a given role (i.e. member,
DC, undefined)
Get-QADComputer â€"ComputerRole DC
# Find all Windows 7 machines
Get-QADComputer â€"OSName "Windows 7*"
For more examples:
Get-help Get-QADComputer â€"example
Get-QADGroup -- gets a specific group object or does a search for
group objects that match the query
Examples:
# List all the universal groups
Get-QADGroup -GroupScope 'Universal'
# Get the group members
Get-QADGroup "domain Admins" | select -ExpandProperty
member
# An easier way to get group members
Get-ADGroupMember "Domain Admins"
# Find empty groups
Get-QADGroup â€"empty $true
For more examples:
Get-help Get-QADGroup â€"example
Infrastructure management (BSonPosh)
Get-Forest -- returns the current forest
Examples:
# Get the current forest
Get-Forest
# Get the forest for a specific domain controller (DC)
Get-Forest â€"DomainController CoreDC
For more examples:
Get-help Get-Forest â€"example
Get-Domain -- returns a domain object
Examples:
# Gets the current domain
Get-Domain
# Gets the domain of specified DC
Get-Domain -DomainController CoreDC
For more examples:
Get-help Get-Domain â€"example
Get-DomainController -- returns a domain controller object that
matches the parameters passed
Examples:
# Gets the current domain controller for the user session
Get-DomainController
# Gets domain controllers with specific names (RegEx)
Get-DomainController -Filter "mydc(nyc|dr)\d">
# Returns all DCs in a given domain
Get-DomainController â€"Domain Dev.Lab
For more examples:
Get-help Get-DomainController-example
Get-FSMO -- returns the operation masters for forest/domain
Examples:
# Returns all the Flexible Single Master Operations
(FSMO) for the forest
and domain
Get-FSMO
# Returns just the domain FSMO
Get-FSMO â€"Domain
# Returns the forest FSMO
Get-FSMO â€"Forest
For more examples:
Get-help Get-FSMO â€"example>
Here is a list of all the cmdlets provided with the Quest Active
Directory module:
Add-QADGroupMember
Add-QADMemberOf
Add-QADPasswordSettingsObjectAppliesTo
Add-QADPermission
Approve-QARSApprovalTask
Connect-QADService
Convert-QADAttributeValue
Deprovision-QADUser
Disable-QADUser
Disconnect-QADService
Enable-QADUser
Get-QADComputer
Get-QADGroup
Get-QADGroupMember
Get-QADMemberOf
Get-QADObject
Get-QADObjectSecurity
Get-QADPasswordSettingsObject
Get-QADPasswordSettingsObjectAppliesTo
Get-QADPermission
Get-QADPSSnapinSettings
Get-QADRootDSE
Get-QADUser
Get-QARSAccessTemplate
Get-QARSAccessTemplateLink
Get-QARSApprovalTask
Get-QARSOperation
Move-QADObject
New-QADGroup
New-QADObject
New-QADPasswordSettingsObject
New-QADUser
New-QARSAccessTemplateLink
Reject-QARSApprovalTask
Remove-QADGroupMember
Remove-QADMemberOf
Remove-QADObject
Remove-QADPasswordSettingsObjectAppliesTo
Remove-QADPermission
Remove-QARSAccessTemplateLink
Rename-QADObject
Restore-QADDeletedObject
Set-QADGroup
Set-QADObject
Set-QADObjectSecurity
Set-QADPSSnapinSettings
Set-QADUser
Set-QARSAccessTemplateLink
Unlock-QADUser
And finally, here are all of the Active Directory cmdlets that can be
found in the BSonPosh module:
ConvertTo-DistinguishedName
ConvertTo-DNSName
ConvertTo-Name
ConvertTo-NetbiosName
ConvertTo-Sid
ConvertTo-UACFLag
Get-ADACL
Get-DCConnectionObject
Get-Domain
Get-DomainController
Get-Forest
Get-FSMO
Get-Schema
Get-SchemaClass
Get-SchemaOID
Get-SchemaProperty
Get-SiteLink
Get-Site
New-ADACE
Set-ADACL
You can find more on using these PowerShell cmdlets for Active
Directory object and infrastructure management via the online help for
Quest cmdlets and the source code for BSonPosh.
Miss a column? Check out our Scripting School archive.
ABOUT THE AUTHOR
Brandon Shell has been in the IT industry since 1994. He started out
as a PC tech and general fix-it guy for numerous companies. In 2007,
he joined the PowerShell MVP ranks, and Shell has spent the past
several years building his PowerShell knowledge and helping others
build theirs.
Alternative PowerShell commands for Active Directory management
Brandon Shell, Contributor
07.06.2010
Rating: --- (out of 5)
Expert advice on Windows-based systems and hardware
Digg This! StumbleUpon Del.icio.us
Previously, we looked at how PowerShell can be used to manage Active
Directory in Windows Server 2008 R2. In this article, we'll cover some
alternatives to the Microsoft cmdlets.
The benefit to these other options is that there are no dependencies
-- well, other than the Active Directory cmdlets themselves. These
cmdlets are provided by Quest Software and my own open source module,
called BSonPosh.
Recent PowerShell columns
Making Windows PowerShell your own
How to customize your Windows PowerShell environment
The terms and commands you absolutely need to know
Quest was really the first on the Active Directory scene, and it has
also been around since the early days of Windows PowerShell (about
four years), so the cmdlets are very mature. They have no dependencies
on anything specific, and while the cmdelts work against all "Active
Directories," they can also target a Quest ActiveRoles Server, which
provides a much higher degree of object management and security.
Outside of that, they behave very much the same as the Microsoft
cmdlets.
The one weakness of these Quest cmdlets is that they don't venture
into the realm of infrastructure management, which is why I wrote the
BSonPosh module to fill the gap. To be clear, my module covers far
more than just Active Directory, but the AD infrastructure management
coverage is pretty good.
While we don't have the time or space to cover the entire set of
cmdlets offered by Quest and BSonPosh, we can take a look at a few of
the more prominent ones in both management categories.
Note: You may notice the Quest cmdlets have a verb prefix of QAD.
This allows
them to play nice with other Active Directory cmdlet providers.
Object management (Quest)
Get-QADUser -- gets a specific user object or does a search for user
objects that match the query
Examples:
# Get the user account for a user with ambiguous name
resolution (ANR)
of BSonPosh
Get-QADUser bsonposh
# Get all the users that have the BSonPosh as manager
Get-QADUser â€"Manager bsonposh
# Get all the users that have the last name "Shell"
using LDAP filter
Get-QADUser -LDAPFilter "(sn=shell)"
For more examples:
Get-help Get-QADUser â€"example
Get-QADComputer -- gets a specific computer object or does a search
for computer objects that match the query
Examples:
# Get all the computers in a given organization unit (OU)
Get-QADComputer -SearchRoot "OU=XenDesktop,DC=Dev,DC=Lab"
# Get all the computers with a given role (i.e. member,
DC, undefined)
Get-QADComputer â€"ComputerRole DC
# Find all Windows 7 machines
Get-QADComputer â€"OSName "Windows 7*"
For more examples:
Get-help Get-QADComputer â€"example
Get-QADGroup -- gets a specific group object or does a search for
group objects that match the query
Examples:
# List all the universal groups
Get-QADGroup -GroupScope 'Universal'
# Get the group members
Get-QADGroup "domain Admins" | select -ExpandProperty
member
# An easier way to get group members
Get-ADGroupMember "Domain Admins"
# Find empty groups
Get-QADGroup â€"empty $true
For more examples:
Get-help Get-QADGroup â€"example
Infrastructure management (BSonPosh)
Get-Forest -- returns the current forest
Examples:
# Get the current forest
Get-Forest
# Get the forest for a specific domain controller (DC)
Get-Forest â€"DomainController CoreDC
For more examples:
Get-help Get-Forest â€"example
Get-Domain -- returns a domain object
Examples:
# Gets the current domain
Get-Domain
# Gets the domain of specified DC
Get-Domain -DomainController CoreDC
For more examples:
Get-help Get-Domain â€"example
Get-DomainController -- returns a domain controller object that
matches the parameters passed
Examples:
# Gets the current domain controller for the user session
Get-DomainController
# Gets domain controllers with specific names (RegEx)
Get-DomainController -Filter "mydc(nyc|dr)\d">
# Returns all DCs in a given domain
Get-DomainController â€"Domain Dev.Lab
For more examples:
Get-help Get-DomainController-example
Get-FSMO -- returns the operation masters for forest/domain
Examples:
# Returns all the Flexible Single Master Operations
(FSMO) for the forest
and domain
Get-FSMO
# Returns just the domain FSMO
Get-FSMO â€"Domain
# Returns the forest FSMO
Get-FSMO â€"Forest
For more examples:
Get-help Get-FSMO â€"example>
Here is a list of all the cmdlets provided with the Quest Active
Directory module:
Add-QADGroupMember
Add-QADMemberOf
Add-QADPasswordSettingsObjectAppliesTo
Add-QADPermission
Approve-QARSApprovalTask
Connect-QADService
Convert-QADAttributeValue
Deprovision-QADUser
Disable-QADUser
Disconnect-QADService
Enable-QADUser
Get-QADComputer
Get-QADGroup
Get-QADGroupMember
Get-QADMemberOf
Get-QADObject
Get-QADObjectSecurity
Get-QADPasswordSettingsObject
Get-QADPasswordSettingsObjectAppliesTo
Get-QADPermission
Get-QADPSSnapinSettings
Get-QADRootDSE
Get-QADUser
Get-QARSAccessTemplate
Get-QARSAccessTemplateLink
Get-QARSApprovalTask
Get-QARSOperation
Move-QADObject
New-QADGroup
New-QADObject
New-QADPasswordSettingsObject
New-QADUser
New-QARSAccessTemplateLink
Reject-QARSApprovalTask
Remove-QADGroupMember
Remove-QADMemberOf
Remove-QADObject
Remove-QADPasswordSettingsObjectAppliesTo
Remove-QADPermission
Remove-QARSAccessTemplateLink
Rename-QADObject
Restore-QADDeletedObject
Set-QADGroup
Set-QADObject
Set-QADObjectSecurity
Set-QADPSSnapinSettings
Set-QADUser
Set-QARSAccessTemplateLink
Unlock-QADUser
And finally, here are all of the Active Directory cmdlets that can be
found in the BSonPosh module:
ConvertTo-DistinguishedName
ConvertTo-DNSName
ConvertTo-Name
ConvertTo-NetbiosName
ConvertTo-Sid
ConvertTo-UACFLag
Get-ADACL
Get-DCConnectionObject
Get-Domain
Get-DomainController
Get-Forest
Get-FSMO
Get-Schema
Get-SchemaClass
Get-SchemaOID
Get-SchemaProperty
Get-SiteLink
Get-Site
New-ADACE
Set-ADACL
You can find more on using these PowerShell cmdlets for Active
Directory object and infrastructure management via the online help for
Quest cmdlets and the source code for BSonPosh.
Miss a column? Check out our Scripting School archive.
ABOUT THE AUTHOR
Brandon Shell has been in the IT industry since 1994. He started out
as a PC tech and general fix-it guy for numerous companies. In 2007,
he joined the PowerShell MVP ranks, and Shell has spent the past
several years building his PowerShell knowledge and helping others
build theirs.
Working with SAP's newest solutions for on-demand, on-premise, and on-device, SAP's lines-of-business (LoBs) leverage the IT applications and IT technology infrastructure that helps them to quickly adapt to market requirements and drive market opportunities. Our SAP Global IT team –composed of application developers, support experts, business users, and global IT professionals – understands best how SAP solutions can help SAP employees achieve their goals while reducing the organization's operating costs and optimizing its daily performance.
Reply to this
Happy blogging and keep writing.
Reply to this
Great and very informative post you have shared with us i like this blog post.Keep it up. Nice blog. Thanks for share this great site list which is very informational for me .I like it.
Reply to this
Hi, I agree with every statement that you have made in the post and I really appreciate your effort in gathering up the information. Thanks for it.
Reply to this
This is such a great resource that you are providing and you give it away for free. I love seeing websites that understand the value of providing a quality information. Thanks for sharing.
Reply to this