Ezine 160 – PowerShell and QAD Cmdlets
A few readers wrote in saying that my PowerShell articles were gibberish. All I can say in reply is that this week the ezine will seem like advanced gibberish unless you: a) Install PowerShell, b) Get these famous QAD add-ons.
Topics for PowerShell and QAD
- This Week’s Secret – Cheating
- QAD Snap-ins
- This Week’s Mission – Get started with QAD commands
- Update of Quest PowerShell
- PowerShell New-AdUser
- Summary of PowerShell and QAD Cmdlets
♣
This Week’s Secret – Cheating
A fresh look at QAD (Quest Active Directory) cmdlets caused me to think – ‘cheat’. This thought was followed by two more ‘eureka’ moments. Firstly, the whole of PowerShell is a cheat; secondly the thought there is nothing wrong with cheating – all script writers copy and paste other people’s code examples.
On a more reflective note, QAD cmdlets cheat in the sense that we no longer have to craft mechanisms which connect to active directory and then enumerate the objects. There again, do I mind QAD cutting down my work load? The answer is a resounding, ‘No’, because QADs means I can concentrate on the more interesting aspects of scripting Active Directory tasks.
Guy Recommends: SolarWinds’ Free Bulk Import Tool
Import users from a spreadsheet. Just provide a list of the users with their fields in the top row, and save as .csv file. Then launch this FREE utility and match your fields with AD’s attributes, click and import the users.
Optionally, you can provide the name of the OU where the new accounts will be born. Download your FREE bulk import tool.
If you need more comprehensive software, download a free trial of SAM (Server & Application Monitor)
Three Pre-requisites
My speciality is getting people started. Thus I emphasise again, you need three pre-requisites for these QAD cmdlets to work, and for my examples to produce results.
- Download and install PowerShell.
Go to Microsoft’s site and choose the flavour to suit your operating system. - Download, then install the QAD Snap-ins from this site:
http://www.quest.com/activeroles-server/arms.aspx - Access to Active Directory.
QAD Snap-ins
The reason for downloading these free QAD snap-ins, with their cmdlets, is while PowerShell itself has lots of built-in cmdlets, not many specialise in Active Directory. QAD filled this void by crafting Active Directory cmdlets and ‘packaged’ them into a Snap-in. Our first job is to install that QAD snap-in.
Unless you have a passing familiarity with PowerShell, installing the snap-in (some call them snapins) is tricky. Assuming that you have downloaded the package from QAD, here below is the PowerShell command. What I don’t know – but you do, is where on your machine you downloaded the QAD file. My point you need to edit c:\ in the command below.
# Instruction to add a QAD Snap-in
set-Location c:\
add-PSSnapin quest.activeroles.admanagement
This Week’s Mission – Get started with QAD commands
QAD techniques are identical to those of standard PowerShell cmdlets. A good way to start is by applying classic PowerShell research tools to the QAD cmdlets, for example get-command. It’s also reassuring that QAD have included help about the parameters, moreover this help is in the same format as that for native PowerShell cmdlets.
Example 1a get-QAD
Here is a simple technique that you can use when ever you start a new project. Our objective is to list the QAD commands. Get-Command is the key PowerShell cmdlet for our investigation. I tried appending plain QAD* however, but this did not work, I needed to help PowerShell by adding a verb, for example get-QAD*
Pre-requisite You need Active Directory. To reduce authentication / firewall / impersonating errors, I ran all these commands on a domain controller.
Note 1: From the results of example 1, observe the structure of the names QADxyz; where xyz could be an Active Directory User, Computer, or Group.
Note 2: Are these QAD objects singular, or plural? A valuable piece of knowledge is that PowerShell consistently uses only singular nouns, furthermore, Quest honours this convention and each QAD is a singular word.
Example 1b Set
‘Set’ is a more exciting and potentially more dangerous verb than ‘get’, this command would actually change the properties of active directory objects, so be careful.
Note 1: As I hinted earlier, for safety reasons we are merely listing the available ‘set’ QAD cmdlets rather than putting them to work.
Note 2: Remember the PowerShell rule of verb-Noun.
Example 2a Research QADUser
Continuing this research theme, let us discover more about the QAD command. Here is a classic opportunity for another great PowerShell command get-help with a switch called -full.
Example 2b QADUser in action
Our objective is to list merely those Active Directory users beginning with the letter ‘a’.
Challenge 1: Substitute QADGroup for QADUser
Challenge 2: I liked the flexibility of QADObject, for example try:
get-QADObject -type ‘organizationalUnit’
Conclusion
QADxyz cmdlets will open up a whole new world of scripting Active Directory with PowerShell. I see my role to get you started, now it is up to you to plan, then create scripts to manage your Users, Groups and Computers. Should you get stuck, make your first troubleshooting action: get-help verb-Noun -full. If the script still does not work, then post question in a PowerShell forum such as: Microsoft.Public.Windows.PowerShell.
Guy Recommends: Tools4ever’s UMRA
Tired of writing scripts? The User Management Resource Administrator solution by Tools4ever offers an alternative to time-consuming manual processes.
It features 100% auto provisioning, Helpdesk Delegation, Connectors to more than 130 systems/applications, Workflow Management, Self Service and many other benefits. Click on the link for more information onUMRA.
Summary of PowerShell and QAD Cmdlets
PowerShell’s native methods of scripting Active Directory objects are tortuous. Perhaps I have a short memory, but listing users with native PowerShell seems even more difficult than VBScript. Fortunately, we can take advantage of the extra cmdlets that QAD kindly provide at no charge. The only tricky part is obtaining and loading the QAD snap-in. Once you have completed that step, commands such as get-QADUser seem part and parcel of PowerShell.
If you like this page then please share it with your friends
See more PowerShell QAD Scripts
• PowerShell Home • Quest QAD • QADUser • QADGroup • QADComputer
• Export-CSV • Import CSV • QAD Password • Add-PSSnapin • Free Import User CSVDE Tool
• Get-AdUser -filter • Windows PowerShell • Windows PowerShell .Net
Please email me if you have a better example script. Also please report any factual mistakes, grammatical errors or broken links, I will be happy to correct the fault.
