CHAPTER 10

Managing Active Directory

IN THIS CHAPTER

Installing Remote Server Administration Tools and cmdlets

Finding objects in Active Directory

Managing users and groups

Manipulating objects and organizational units

Scripting password policies

Using the ActiveRoles Management Shell

When Active Directory was released with Windows Server 2000, it was immediately obvious that the GUI would not be enough for administrators. A series of command-line tools, resource kits, and even a COM scripting interface were released over the years to help people automate their tasks. Activities such as cleaning up stale objects, moving objects that meet specific criteria between containers, bulk importing new users from other feeds, or exporting data for reporting purposes are just a few of the many types of tasks that make great candidates for automation. Although the command-line tools have existed for years, it is no surprise that administrators who deal with Active Directory day to day were some of the earliest adopters of Windows PowerShell.

Windows PowerShell 1.0 was released with a type accelerator for the COM interface known as the Active Directory Scripting Interface (ADSI) in order to provide immediate scripting support for Active Directory within Windows PowerShell. Though ADSI and the underlying .NET classes that manage Active Directory provide a workable solution, it is far from being Windows PowerShell-centric. The interface does not have easy-to-use cmdlet names that follow the ...

Get Windows PowerShell® 2.0 Bible now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.