A company called Quest, provides extra commands for PowerShell, some people call
this Quest PowerShell, however I call them QAD cmdlets. What ever the
name, QAD (Quest Active Directory provides nifty 'shortcuts' for PowerShell.
The idea is to install the activeroles snap-In, which contains Active Directory cmdlets to supplement the native PowerShell
commands.
In a nutshell, native PowerShell commands require a great deal of work to
enumerate and manipulate Active Directory objects. Quest PowerShell provides
a package of sophisticated cmdlets, consequently, we are spared having to write
code which connects to Active Directory. QAD cmdlets make
scripting User, Computer and Group objects as easy as scripting file, services
or eventlog objects with native PowerShell cmdlets.
Think of Quest's free QAD snap-Ins, as extra cmdlets. Once you add this
'package' you need to issue a PowerShell
instruction which makes the cmdlets available to the command line.
Unless you have a working knowledge of PowerShell, installing the snap-In
(some call them snapins) will seem strange. I am assuming that you have downloaded the
QAD
package and are ready to install its cmdlets.
Instructions to add the Quest PowerShell snap-In
Launch PowerShell.
We have a 'path' problem. I don't know the drive and folder where
you downloaded quest.activeroles.admanagement.
Fortunately, we have the solution. Edit set-Location to refer to
YOUR path for the snap-In.
If you have used standard PowerShell cmdlets (verb-Noun), then the QAD
examples
use exactly the same methods. The verbs, 'get' or 'set' are identical; all
that is new is the nouns. Each noun begins with QAD followed by a
word such as User, Computer or even Object.
We will begin by applying classic PowerShell research tools to the QAD
cmdlets, for example Get-Command. Please note that Quest PowerShell even
includes help about the parameters, furthermore, this help is in the same format as that for native
cmdlets. [Get-Help and Get-Member]
Here is a simple method that you can apply to any new
PowerShell project. This technique will list all QAD commands. Get-Command is the
key PowerShell cmdlet for our investigation. I tried appending plain QAD* however,
but this did not work. What I needed was 'Where' statement to filter the
results.
Get-Command | Where {$_.name -Match "QAD"}
Pre-requisite Remember that you need Active Directory
otherwise the commands won't return any results. To
reduce errors caused by authentication or firewall settings, I execute all these
commands on a domain controller. Most of these QAD examples are just one
line. Short, but so sweet.
Note 1: From your results of executing the
above command, observe
the structure of the names. What you get is QADxyz; where xyz could be an Active
Directory User, Computer, or
Group.
Note 2: A quick check; are these QAD objects singular, or plural? A
valuable piece of knowledge is that PowerShell consistently uses only singular
nouns, furthermore, Quest honours this convention and each QAD noun is a singular
word.
Example 1a Get-QAD*
My purpose in Example 1a is to modify the command to list only Active
Directory objects that we can 'get' or check their properties and values.
Get-Command Get-QAD*
Note 1: Observe the classic Active Directory
objects such as (QAD)User and (QAD)Group.
Note 1: Remember that QAD follows the PowerShell
format of verb-Noun.
Note 2: In real life scripting, 'set' is a more exciting
command then 'get'. However, 'set' really would change the properties
of active directory objects, so be careful. This is why we are only
listing the command here, and not making any changes to Active Directory
Guy Recommends: SolarWinds' Free Bulk Import Tool
Import users from a spreadsheet. Just provide a list of the
users with their fields in the top row, and save as .csv file.
Then launch this FREE utility and match your fields with AD's
attributes, click and import the users.
Here are QAD examples which feature PowerShell's Get-Help command.
I am pleased to report that QAD commands support my favourite research tool: Get-Help xyz -full.
Get-Help Get-QADUser -full
Example 2b QADUser in action
At last, here is a command which interacts with Active Directory, in this QAD
example we are going to list users beginning with the letter 'g'.
Get-QADUser g*
Challenge 1: You could try a*, because there
should be a user called Administrator.
Challenge 1: Substitute QADComputer for QADUser
Challenge 2: Experiment with QADObject, for
example try:
Get-QADObject -type 'organizationalUnit'
As with many of my scripts, there are two learning threads in this example, a real-life
objective (Listing user properties) and also learning PowerShell
techniques
(Piping and word-wrap).
Pre-requisite
Find and amend the variable $OU. Edit the value to reflect Your
Domain and Your OU.
# PowerShell script to list User
Properties # Author: Guy Thomas # Version 1.1 July 2008 tested on PowerShell v 1.0
Note 1: The unusual backtick symbol (`) means, wrap the
command to the next line.
Note 2: The pipe symbol (|) is PowerShell's
signature tune; it means push the output of the first clause (Get-QADUser) into this
next command (Format-Table).
Challenges: If I were you I would take a timeout to add
values to your user's property sheet, e.g. LastName, Description, also
manager and location.
The second part of my challenge is to put into practice what we learned with Get-Help QADUser,
namely to add different fields from my example 2b, for example, Company or Office.
Here is simple but effective technique to learn the LDAP names which
you may then include in your script.
The key point is to change a value of a field in Active Directory Users
and Computers and then see if you can find the very same string in ADSI Edit. If so, then you have learned the equivalence between the GUI menu, and the
LDAP property. For example, go to the Last name of your test user, enter 'Thomas', now search through ADSI Edit until you find 'Thomas'. The conclusion is that, Last name: corresponds to 'sn'.
There is an alternative, and that is to get a list of LDAP properties, which you keep by your side when scripting.
Guy Recommends: A Free Trial of the Network Performance Monitor
(NPM)
SolarWinds'
Network Performance Monitor
will help you discover what's happening on your network. This
utility will also guide you through troubleshooting; the dashboard will
indicate whether the root cause is a broken link, faulty equipment or
resource overload.
Perhaps the NPM's best feature is the way it suggests solutions to network
problems. Its second best feature is the ability to monitor the health of
individual VMware virtual machines. If you are interested in
troubleshooting, and creating network maps, then I recommend that you try
Solarwinds NPM now.
QAD examples will help you discover a whole new world of Active Directory
objects. My mission has been to get you started. Once you have
installed the snap-In, it is up to you to plan,
then create scripts to manage your Users and Computers. If you
get stuck, remember PowerShell's Get-Help; then append the QAD verb-Noun with
the -full switch.
A company called Quest, kindly provide extra commands for PowerShell. To
install these cmdlets, download a package from the Quest website, and then use
PowerShell to add this 'snap-In' to make the commands available for your
scripting.
You can script Active Directory objects such as computers or groups by using
PowerShell's native cmdlets. However the QAD snap-In makes the task a joy
rather than a chore. Perhaps I have a short memory, but listing users with
native PowerShell seems even more difficult than VBScript.
If you like this page then please share it with your friends
Please email me if you have a better example script. Also please report any factual mistakes, grammatical errors or broken links, I will be happy to correct the fault.
Windows Management Instrumentation (WMI) is
most useful for PowerShell scripting.
SolarWinds
have produced this
Free WMI Monitor to take the guess work out of which
WMI counters to use for applications like Microsoft Active Directory,
SQL or Exchange Server.
