CHAPTER 10

Managing Active Directory

When Active Directory was released with Windows Server 2000, it was immediately obvious that the GUI would not be enough for administrators. A series of command-line tools, resource kits, and even a COM scripting interface were released over the years to help people automate their tasks. Activities such as cleaning up stale objects, moving objects that meet specific criteria between containers, bulk importing new users from other feeds, or exporting data for reporting purposes are just a few of the many types of tasks that make great candidates for automation. Although the command-line tools have existed for years, it is no surprise that administrators who deal with Active Directory day to day were some of the earliest adopters of Windows PowerShell.

Windows PowerShell 1.0 was released with a type accelerator for the COM interface known as the Active Directory Scripting Interface (ADSI) in order to provide immediate scripting support for Active Directory within Windows PowerShell. Though ADSI and the underlying .NET classes that manage Active Directory provide a workable solution, it is far from being Windows PowerShell-centric. The interface does not have easy-to-use cmdlet names that follow the ...