Finding Active Directory administration cmdlets
The Get-Command cmdlet, which is new in Windows PowerShell 3.0,
can be helpful when you need to find cmdlets to perform some
administration task on Active Directory. For example, typing Get-Command New-AD* lists all cmdlets used for
creating new Active Directory objects. The output from running this
command looks like this:
CommandType Name ModuleName
----------- ---- ----------
Cmdlet New-ADCentralAccessPolicy ActiveDirectory
Cmdlet New-ADCentralAccessRule ActiveDirectory
Cmdlet New-ADClaimTransformPolicy ActiveDirectory
Cmdlet New-ADClaimType ActiveDirectory
Cmdlet New-ADComputer ActiveDirectory
Cmdlet New-ADDCCloneConfigFile ActiveDirectory
Cmdlet New-ADFineGrainedPasswordPolicy ActiveDirectory
Cmdlet New-ADGroup ActiveDirectory
Cmdlet New-ADObject ActiveDirectory
Cmdlet New-ADOrganizationalUnit ActiveDirectory
Cmdlet New-ADReplicationSite ActiveDirectory
Cmdlet New-ADReplicationSiteLink ActiveDirectory
Cmdlet New-ADReplicationSiteLinkBridge ActiveDirectory
Cmdlet New-ADReplicationSubnet ActiveDirectory
Cmdlet New-ADResourceProperty ActiveDirectory
Cmdlet New-ADResourcePropertyList ActiveDirectory
Cmdlet New-ADServiceAccount ActiveDirectory
Cmdlet New-ADUser ActiveDirectory
The function of each command is self-explanatory given the names
of these commands. To see the syntax and usage examples for each
command, use the Get-Help cmdlet.
As a second example of finding Active Directory administration
cmdlets, typing Get-Command *ADAccount*
displays all cmdlets used for managing Active Directory accounts. The
output of this command is as follows:
CommandType Name ModuleName
----------- ---- ----------
Cmdlet Clear-ADAccountExpiration ActiveDirectory
Cmdlet Disable-ADAccount ActiveDirectory
Cmdlet Enable-ADAccount ActiveDirectory
Cmdlet Get-ADAccountAuthorizationGroup ActiveDirectory
Cmdlet Get-ADAccountResultantPasswordReplicationPolicy ActiveDirectory
Cmdlet Search-ADAccount ActiveDirectory
Cmdlet Set-ADAccountControl ActiveDirectory
Cmdlet Set-ADAccountExpiration ActiveDirectory
Cmdlet Set-ADAccountPassword ActiveDirectory
Cmdlet Unlock-ADAccount ActiveDirectory
Again, the names of these cmdlets provide clear insight into the
actions they can perform, such as enabling, disabling, and unlocking
accounts; setting passwords for accounts; setting and clearing the
expiration date for an account; and so on.
Finally, the Get-Help cmdlet can be useful both for finding
cmdlets and learning what you can do with them. For example, typing
Get-Help *ADUser* displays some of the
cmdlets used for managing Active Directory user accounts and describes
what they do. The output of this command is as follows:
Name Category Module Synopsis
---- -------- ------ --------
Get-ADUser Cmdlet ActiveDirectory Gets one or more Active
Directory users.
Get-ADUserResultantPasswordPolicy Cmdlet ActiveDirectory Gets the resultant
password policy for a user
.
New-ADUser Cmdlet ActiveDirectory Creates a new Active
Directory user.
Remove-ADUser Cmdlet ActiveDirectory Removes an Active
Directory user.
Set-ADUser Cmdlet ActiveDirectory Modifies an Active
Directory user.
From the previous examples, you can see that typing Get-Help *ADAccount* will provide information
about more cmdlets used for managing Active Directory user
accounts.
Note
REAL WORLD Learning how to use
Windows PowerShell to manage Active Directory
In total, there are 135 different cmdlets in the Active
Directory module for Windows PowerShell in Windows Server 2012. The
only way you can learn how to become effective in using these
cmdlets is by using them to perform different kinds of
administration tasks in a safe test environment.
