Active Directory Powershell Overview
Although it is pretty easy to get the list of AD cmdlets using Powershell, many of you might be looking for a high level view of cmdlets classified by AD administrative scenarios and tasks. So here it goes…
The current set of AD Powershell cmdlets can be classified into four broad categories:
- Account Management
- Topology management
- Directory object management
- Provider cmdlets
In the account management set we have cmdlets that –
- Create, delete, write and read users, groups, computers, managed service accounts and Organizational units (OUs).
- Manage account settings such as: expiration date, password etc.
- Manage group membership, get account token groups.
- Manage fine grained password policy and default domain password policy.
In the topology management set we have cmdlets that –
- Discover DCs, manage FSMOs, move DCs across site and get DC info.
- Manage password replication policy of RODCs.
- Manage domain and forest, set forest and domain functional level.
- Manage optional features.
In the directory object management set we have cmdlets that –
- Create, delete, write and read all types of AD object.
- Move, rename and restore AD objects.
In the Provider cmdlets set we have cmdlets that enables file-system like browsing capabilities in Active Directory PSDrive.
Click below for a table that shows various cmdlets available in each set. It should also serve as a quick reference card on your office desk :)
Swaminathan Pattabiraman [MSFT]
Developer – Active Directory Powershell Team