Quest PowerShell – QAD Snap-In
A company called Quest, provides extra commands for PowerShell, some people call this Quest PowerShell, however I call them QAD cmdlets. What ever the name, QAD (Quest Active Directory provides nifty ‘shortcuts’ for PowerShell. The idea is to install the activeroles snap-In, which contains Active Directory cmdlets to supplement the native PowerShell commands.
In a nutshell, native PowerShell commands require a great deal of work to enumerate and manipulate Active Directory objects. Quest PowerShell provides a package of sophisticated cmdlets, consequently, we are spared having to write code which connects to Active Directory. QAD cmdlets make scripting User, Computer and Group objects as easy as scripting file, services or eventlog objects with native PowerShell cmdlets.
Topics for Quest PowerShell
- Pre-requisites for Quest PowerShell
- Install the QAD Snap-In
- Get started with QAD commands
- Example 1 List QAD Commands
- Example 2a QAD Examples
- Example 2c How to List a User’s Property
- Guy’s LDAP Learning Technique
- Summary of PowerShell and QAD Cmdlets
♣
Pre-requisites, particularly for the QAD snap-In
Before we can get my examples to work you need to meet these pre-requisites.
- Download and install PowerShell and .Net Framework.
Go to Microsoft’s site and choose the flavour to suit your operating system. - Download, then install the QAD Snap-Ins from this site:
http://www.quest.com/activeroles-server/arms.aspx - Register the snap-In. (Key point)
add-PSSnapin quest.activeroles.admanagement - Gain access to Active Directory. Best would be to logon at a domain controller in a test domain.
Install the QAD Snap-In
Think of Quest’s free QAD snap-Ins, as extra cmdlets. Once you add this ‘package’ you need to issue a PowerShell instruction which makes the cmdlets available to the command line.
Unless you have a working knowledge of PowerShell, installing the snap-In (some call them snapins) will seem strange. I am assuming that you have downloaded the QAD package and are ready to install its cmdlets.
Instructions to add the Quest PowerShell snap-In
- Launch PowerShell.
- We have a ‘path’ problem. I don’t know the drive and folder where you downloaded quest.activeroles.admanagement.
- Fortunately, we have the solution. Edit set-Location to refer to YOUR path for the snap-In.
# Instruction to add Quest PowerShell Snap-In
set-Location c:\
add-PSSnapin quest.activeroles.admanagement
Get started with QAD commands
If you have used standard PowerShell cmdlets (Verb-Noun), then the QAD examples use exactly the same methods. The verbs, ‘get’ or ‘set’ are identical; all that is new is the nouns. Each noun begins with QAD followed by a word such as User, Computer or even Object. We will begin by applying classic PowerShell research tools to the QAD cmdlets, for example Get-Command. Please note that Quest PowerShell even includes help about the parameters, furthermore, this help is in the same format as that for native cmdlets. [Get-Help and Get-Member]
Example 1 List QAD Commands
Here is a simple method that you can apply to any new PowerShell project. This technique will list all QAD commands. Get-Command is the key PowerShell cmdlet for our investigation. I tried appending plain QAD* however, but this did not work. What I needed was ‘Where’ statement to filter the results.
Pre-requisite Remember that you need Active Directory otherwise the commands won’t return any results. To reduce errors caused by authentication or firewall settings, I execute all these commands on a domain controller. Most of these QAD examples are just one line. Short, but so sweet.
Note 1: From your results of executing the above command, observe the structure of the names. What you get is QADxyz; where xyz could be an Active Directory User, Computer, or Group.
Note 2: A quick check; are these QAD objects singular, or plural? A valuable piece of knowledge is that PowerShell consistently uses only singular nouns, furthermore, Quest honours this convention and each QAD noun is a singular word.
Example 1a Get-QAD*
My purpose in Example 1a is to modify the command to list only Active Directory objects that we can ‘get’ or check their properties and values.
Note 1: Observe the classic Active Directory objects such as (QAD)User and (QAD)Group.
Note 1: Remember that QAD follows the PowerShell format of Verb-Noun.
Note 2: In real life scripting, ‘set’ is a more exciting command then ‘get’. However, ‘set’ really would change the properties of active directory objects, so be careful. This is why we are only listing the command here, and not making any changes to Active Directory
Guy Recommends: SolarWinds’ Free Bulk Import Tool
Import users from a spreadsheet. Just provide a list of the users with their fields in the top row, and save as .csv file. Then launch this FREE utility and match your fields with AD’s attributes, click and import the users.
Optionally, you can provide the name of the OU where the new accounts will be born. Download your FREE bulk import tool.
If you need more comprehensive application analysis software,
Download a free trial of SAM (Server & Application Monitor)
Example 2a QAD Examples
Here are QAD examples which feature PowerShell’s Get-Help command. I am pleased to report that QAD commands support my favourite research tool: Get-Help xyz -full.
Example 2b QADUser in action
At last, here is a command which interacts with Active Directory, in this QAD example we are going to list users beginning with the letter ‘g’.
Challenge 1: You could try a*, because there should be a user called Administrator.
Challenge 1: Substitute QADComputer for QADUser
Challenge 2: Experiment with QADObject, for example try:
Get-QADObject -type ‘organizationalUnit’
Example 2c How to List a User’s Property
As with many of my scripts, there are two learning threads in this example, a real-life objective (Listing user properties) and also learning PowerShell techniques (Piping and word-wrap).
Pre-requisite
Find and amend the variable $OU. Edit the value to reflect Your Domain and Your OU.
# PowerShell script to list User Properties
# Author: Guy Thomas
# Version 1.1 July 2008 tested on PowerShell v 1.0
$OU = "YourDomName/YourOu"
Get-QADUser -SearchRoot $OU `
| Format-Table FirstName, LastName, description -auto
Note 1: The unusual backtick symbol (`) means, wrap the command to the next line.
Note 2: The pipe symbol (|) is PowerShell’s signature tune; it means push the output of the first clause (Get-QADUser) into this next command (Format-Table).
Challenges: If I were you I would take a timeout to add values to your user’s property sheet, e.g. LastName, Description, also manager and location.
The second part of my challenge is to put into practice what we learned with Get-Help QADUser, namely to add different fields from my example 2b, for example, Company or Office.
Guy’s LDAP Learning Technique
Here is simple but effective technique to learn the LDAP names which you may then include in your script.
The key point is to change a value of a field in Active Directory Users and Computers and then see if you can find the very same string in ADSI Edit. If so, then you have learned the equivalence between the GUI menu, and the LDAP property. For example, go to the Last name of your test user, enter ‘Thomas’, now search through ADSI Edit until you find ‘Thomas’. The conclusion is that, Last name: corresponds to ‘sn’.
There is an alternative, and that is to get a list of LDAP properties, which you keep by your side when scripting.
Guy Recommends: A Free Trial of the Network Performance Monitor (NPM)
v11.5
SolarWinds’ Network Performance Monitor will help you discover what’s happening on your network. This utility will also guide you through troubleshooting; the dashboard will indicate whether the root cause is a broken link, faulty equipment or resource overload.
What I like best is the way NPM suggests solutions to network problems. Its also has the ability to monitor the health of individual VMware virtual machines. If you are interested in troubleshooting, and creating network maps, then I recommend that you try NPM now.
Download a free trial of Solarwinds’ Network Performance Monitor
Conclusion of Quest PowerShell
QAD examples will help you discover a whole new world of Active Directory objects. My mission has been to get you started. Once you have installed the snap-In, it is up to you to plan, then create scripts to manage your Users and Computers. If you get stuck, remember PowerShell’s Get-Help; then append the QAD Verb-Noun with the -full switch.
Summary of PowerShell and QAD Cmdlets
A company called Quest, kindly provide extra commands for PowerShell. To install these cmdlets, download a package from the Quest website, and then use PowerShell to add this ‘snap-In’ to make the commands available for your scripting.
You can script Active Directory objects such as computers or groups by usingPowerShell’s native cmdlets. However the QAD snap-In makes the task a joy rather than a chore. Perhaps I have a short memory, but listing users with native PowerShell seems even more difficult than VBScript.
If you like this page then please share it with your friends
See more PowerShell QAD Scripts
• PowerShell Home • Quest QAD • QADUser • QADGroup • QADComputer
• Export-CSV • Import CSV • QAD Password • Add-PSSnapin • Free Import User CSVDE Tool
• Get-AdUser -filter • Windows PowerShell • Windows PowerShell .Net
Please email me if you have a better example script. Also please report any factual mistakes, grammatical errors or broken links, I will be happy to correct the fault.
