Quest PowerShell - QAD Snap-In

Quest PowerShell - QAD Snap-In

A company called Quest, provides extra commands for PowerShell, some people call this Quest PowerShell, however I call them QAD cmdlets.  What ever the name, QAD (Quest Active Directory provides nifty 'shortcuts' for PowerShell.  The idea is to install the activeroles snap-In, which contains Active Directory cmdlets to supplement the native PowerShell commands.

In a nutshell, native PowerShell commands require a great deal of work to enumerate and manipulate Active Directory objects.  Quest PowerShell provides a package of sophisticated cmdlets, consequently, we are spared having to write code which connects to Active Directory.  QAD cmdlets make scripting User, Computer and Group objects as easy as scripting file, services or eventlog objects with native PowerShell cmdlets.

Topics for Quest PowerShell


Pre-requisites, particularly for the QAD snap-In

Before we can get my examples to work you need to meet these pre-requisites.

  1. Download and install PowerShell and .Net Framework. 
    Go to Microsoft's site and choose the flavour to suit your operating system.
  2. Download, then install the QAD Snap-Ins from this site:
  3. Register the snap-In. (Key point)
    add-PSSnapin quest.activeroles.admanagement
  4. Gain access to Active Directory.  Best would be to logon at a domain controller in a test domain.

Install the QAD Snap-In

Think of Quest's free QAD snap-Ins, as extra cmdlets.  Once you add this 'package' you need to issue a PowerShell instruction which makes the cmdlets available to the command line.

Unless you have a working knowledge of PowerShell, installing the snap-In (some call them snapins) will seem strange.  I am assuming that you have downloaded the QAD package and are ready to install its cmdlets.

Instructions to add the Quest PowerShell snap-In

  1. Launch PowerShell.
  2. We have a 'path' problem.  I don't know the drive and folder where you downloaded quest.activeroles.admanagement.
  3. Fortunately, we have the solution.  Edit set-Location to refer to YOUR path for the snap-In.

# Instruction to add Quest PowerShell Snap-In
set-Location c:\
add-PSSnapin  quest.activeroles.admanagement

Get started with QAD commands

If you have used standard PowerShell cmdlets (Verb-Noun), then the QAD examples use exactly the same methods.  The verbs, 'get' or 'set' are identical; all that is new is the nouns.  Each noun begins with QAD followed by a word such as User, Computer or even Object.  We will begin by applying classic PowerShell research tools to the QAD cmdlets, for example Get-Command.  Please note that Quest PowerShell even includes help about the parameters, furthermore, this help is in the same format as that for native cmdlets. [Get-Help and Get-Member]

Example 1 List QAD Commands

Here is a simple method that you can apply to any new PowerShell project. This technique will list all QAD commands.  Get-Command is the key PowerShell cmdlet for our investigation.  I tried appending plain QAD* however, but this did not work.  What I needed was 'Where' statement to filter the results.

 Get-Command | Where {$ -Match "QAD"}

Pre-requisite  Remember that you need Active Directory otherwise the commands won't return any results.  To reduce errors caused by authentication or firewall settings, I execute all these commands on a domain controller.  Most of these QAD examples are just one line.  Short, but so sweet.

Note 1:   From your results of executing the above command, observe the structure of the names.  What you get is QADxyz; where xyz could be an Active Directory User, Computer, or Group.

Note 2:   A quick check; are these QAD objects singular, or plural?  A valuable piece of knowledge is that PowerShell consistently uses only singular nouns, furthermore, Quest honours this convention and each QAD noun is a singular word.

Example 1a Get-QAD*

My purpose in Example 1a is to modify the command to list only Active Directory objects that we can 'get' or check their properties and values.

 Get-Command Get-QAD*

Note 1:  Observe the classic Active Directory objects such as (QAD)User and (QAD)Group.

Note 1:  Remember that QAD follows the PowerShell format of Verb-Noun.

Note 2:  In real life scripting, 'set' is a more exciting command then 'get'.  However, 'set' really would change the properties of active directory objects, so be careful.  This is why we are only listing the command here, and not making any changes to Active Directory

Guy Recommends:  SolarWinds' Free Bulk Import ToolFree Download Solarwinds Bulk Import Tool

Import users from a spreadsheet.  Just provide a list of the users with their fields in the top row, and save as .csv file.  Then launch this FREE utility and match your fields with AD's attributes, click and import the users.

Optionally, you can provide the name of the OU where the new accounts will be born. Download your FREE bulk import tool.

If you need more comprehensive application analysis software,
Download a free trial of SAM (Server & Application Monitor)

Example 2a QAD Examples

Here are QAD examples which feature PowerShell's Get-Help command.  I am pleased to report that QAD commands support my favourite research tool: Get-Help xyz -full.

 Get-Help Get-QADUser -full

Example 2b QADUser in action

At last, here is a command which interacts with Active Directory, in this QAD example we are going to list users beginning with the letter 'g'.

 Get-QADUser g*

Challenge 1:  You could try a*, because there should be a user called Administrator.

Challenge 1: Substitute QADComputer for QADUser

Challenge 2:  Experiment with QADObject, for example try:
Get-QADObject -type 'organizationalUnit'

Example 2c How to List a User's Property

As with many of my scripts, there are two learning threads in this example, a real-life objective (Listing user properties) and also learning PowerShell techniques (Piping and word-wrap).


Find and amend the variable $OU.  Edit the value to reflect Your Domain and Your OU.

# PowerShell script to list User Properties
# Author: Guy Thomas
# Version 1.1 July 2008 tested on PowerShell v 1.0

$OU = "YourDomName/YourOu"
Get-QADUser -SearchRoot $OU `
| Format-Table FirstName, LastName, description -auto

Note 1:  The unusual backtick symbol (`) means, wrap the command to the next line.

Note 2:  The pipe symbol (|) is PowerShell's signature tune; it means push the output of the first clause (Get-QADUser) into this next command (Format-Table).

Challenges: If I were you I would take a timeout to add values to your user's property sheet, e.g. LastName, Description, also manager and location.

The second part of my challenge is to put into practice what we learned with Get-Help QADUser, namely to add different fields from my example 2b, for example, Company or Office.

Guy's LDAP Learning Technique

Here is simple but effective technique to learn the LDAP names which you may then include in your script. 

The key point is to change a value of a field in Active Directory Users and Computers and then see if you can find the very same string in ADSI Edit.  If so, then you have learned the equivalence between the GUI menu, and the LDAP property.  For example, go to the Last name of your test user, enter 'Thomas', now search through ADSI Edit until you find 'Thomas'.  The conclusion is that, Last name: corresponds to 'sn'.

PowerShell Active DirectoryPowerShell ADSI Edit LDAP

There is an alternative, and that is to get a list of LDAP properties, which you keep by your side when scripting.

Guy Recommends:  A Free Trial of the Network Performance Monitor (NPM)Review of Orion NPM v11.5 v11.5

SolarWinds' Network Performance Monitor will help you discover what's happening on your network.  This utility will also guide you through troubleshooting; the dashboard will indicate whether the root cause is a broken link, faulty equipment or resource overload.

What I like best is the way NPM suggests solutions to network problems.  Its also has the ability to monitor the health of individual VMware virtual machines.  If you are interested in troubleshooting, and creating network maps, then I recommend that you try NPM now.

Download a free trial of Solarwinds' Network Performance Monitor

Conclusion of Quest PowerShell

QAD examples will help you discover a whole new world of Active Directory objects.  My mission has been to get you started.  Once you have installed the snap-In, it is up to you to plan, then create scripts to manage your Users and Computers.  If you get stuck, remember PowerShell's Get-Help; then append the QAD Verb-Noun with the -full switch. 

See QAD User tasks ยป

Summary of PowerShell and QAD Cmdlets

A company called Quest, kindly provide extra commands for PowerShell.  To install these cmdlets, download a package from the Quest website, and then use PowerShell to add this 'snap-In' to make the commands available for your scripting.

You can script Active Directory objects such as computers or groups by using PowerShell's native cmdlets.  However the QAD snap-In makes the task a joy rather than a chore.  Perhaps I have a short memory, but listing users with native PowerShell seems even more difficult than VBScript.

If you like this page then please share it with your friends


See more PowerShell QAD Scripts

PowerShell Home   • Quest QAD   • QADUser   • QADGroup   • QADComputer

Export-CSV   • Import CSV   • QAD Password   • Add-PSSnapin   • Free Import User CSVDE Tool

Get-AdUser -filter   • Windows PowerShell   • Windows PowerShell .Net

Please email me if you have a better example script. Also please report any factual mistakes, grammatical errors or broken links, I will be happy to correct the fault.



Custom Search

Site Home

Guy Recommends: WMI Monitor for PowershellSolarwinds WMI Monitor

Windows Management Instrumentation (WMI) is most useful for PowerShell scripting.

SolarWinds have produced this Free WMI Monitor to take the guess work out of which WMI counters to use for applications like Microsoft Active Directory, SQL or Exchange Server.

Download your free copy of WMI Monitor

Author: Guy Thomas Copyright © 1999-2015 Computer Performance LTD All rights reserved.

Please report a broken link, or an error to: