PowerShell Active Directory Cmdlets in Windows Server 2008 R2

A lot of the scripting I have done with PowerShell has been around manging Active Directory and up till now the majority of that work has been with the Quest AD cmdlets which are brilliant for this job. Of course not everyone is always able to install third-party cmdlets into their environment and for other reasons I have been as keen as anyone to see native cmdlets released for AD.

A month or so ago at a UK Technet event I saw James O’Neill carry out a demo of the AD cmdlets which will ship as part of Windows Server 2008 R2. They looked so good I had to check them out straight away and downloaded the beta of Server 2008 R2. I was so impressed I ended up changing what I was originally intending to present for March’s UK Powershell UserGroup so that I could share with people the good stuff that is coming. If you currently use Powershell to manage AD (or even if you are just using the curent GUI tools) you should definitely start checking these cmdlets out so are you a ready to take advantage of them as soon as possible. The best place to currently find out information about them is the Active Directory Powershell Blog - Pipelining AD One Object at a Time . There is some great info here on what is currently available and the direction it is headed.

I’ll give you a tip to help getting started with the cmdlets since some of the inline help is slightly behind the development of the cmdlets. There is a cmdlet for managing user accounts, Get-ADUser, which returns about 10 properties for a user account by default. (Note Quest regulars this is a fair bit less than what you have been used to). There is a parameter ‘-properties’ which you can use to specify particular attributes for a user account or all of them in one go. The inline help says you should use ‘-properties extended’ or’ -properties all’ to retrieve more than the default set. However, trying this out in the beta causes an error and fails to return anything for the user account.

Since the AD blog previously mentioned has a contact form I thought I would drop them a quick note about this and was pleased to receive a very prompt reponse from one of the developers that they had changed the format to be ‘-properties *’, but hadn’t updated the help in time for the beta release. So you would use something like this:

Get-ADUser username -Properties *

Easy when you know how ;-)

Finally for now, another way you can find out more information about the AD cmdlets is by listening to a recent episode of the PowerScripting podcast which featured PowerShell MVP Brandon Shell who is an expert at scripting around AD, has recently spent some time with the AD team and helped point them in the right direction for what we want to get out of these cmdlets.