Active Directory Module for Windows PowerShell – Quick start guide

ADPowershell is available starting Windows Server 2008 R2. To play with AD Powershell cmdlets, you must have at least one Windows Server 2008 R2 domain controller (DC) in your domain.
Installing AD Powershell module:
On a Windows Server 2008 R2 box, open an elevated Powershell console window (powershell.exe) and run the following commands:
PS C:\> import-module servermanager
PS C:\> Add-WindowsFeature -Name "RSAT-AD-PowerShell" -IncludeAllSubFeature NOTE: AD Powershell module is installed by default on a DC.
Loading AD Powershell module:
Open a Powershell console window and type
PS C:\> import-module activedirectory Active Directory PSDrive:
If the machine is joined to a domain then a default drive named AD: is created. You can CD into this drive and use all the regular file system commands to navigate the directory. The paths are in X500 format.
PS C:\> cd AD:
PS AD:\>
PS AD:\> dir
…
PS AD:\> cd "DC=fabrikam,DC=com"
PS AD:\DC=fabrikam,DC=com> md "OU=myNewOU"
…
PS AD:\DC=fabrikam,DC=com> del "OU=myNewOU" If you want to create a new drive connected to another domain/forest or use the more readable canonical path format, type:
PS C:\> New-PSDrive -PSProvider ActiveDirectory -Server "contoso.fabrikam.com" -Credential "Contoso\Administrator" -Root ""  -Name Contoso -FormatType Canonical…
PS C:\> cd Contoso:
PS Contoso:\> dir | ft CanonicalName
…
PS Contoso:\> cd "contoso.fabrikam.com/"
Getting cmdlet list, help and examples:
Powershell uses verb-noun name-pair format to name cmdlets. For example:
New-ADGroup
Get-ADDomain To get a list of AD cmdlets type
PS AD:\> get-help *-AD*
PS AD:\> get-help New-AD*        ## would list all the cmdlets that create new AD objects To get more info on a specific cmdlet or read examples, type
PS AD:\> get-help set-aduser -detailed
PS AD:\> get-help get-aduser -examples Tips: You can use the tab completion feature of Powershell to complete cmdlet names or parameter names. For example after entering the Verb- part of a cmdlet name you can hit key to cycle through all of the nouns available for that verb.
Common tasks:
Here are some examples of commonly performed tasks using AD cmdlets:
PS C:\> New-ADUser –Name "John Smith" –SamAccountName JohnS –DisplayName "John Smith" –Title "Account Manager" –Enabled $true –ChangePasswordAtLogon $true -AccountPassword (ConvertTo-SecureString "p@ssw0rd" -AsPlainText -force) -PassThru
PS C:\> New-ADGroup -Name "Account Managers" -SamAccountName AcctMgrs -GroupScope Global -GroupCategory Security -Description "Account Managers Group" –PassThru
PS C:\> New-ADOrganizationalUnit -Name AccountsDepartment -ProtectedFromAccidentalDeletion $true  -PassThru
PS C:\> Get-ADUser -Filter { name –like "john*" } ## Gets all the users whose name starts with John
PS C:\> Add-ADGroupMember -Identity AcctMgrs -Members JohnS
PS C:\> Get-ADGroupMember -Identity AcctMgrs
PS C:\> Get-ADPrincipalGroupMembership -Identity JohnS  ## Gets all the groups in which the specified account is a direct member.
PS C:\> Get-ADAccountAuthorizationGroup -Identity JohnS  ## Gets the token groups of an account
PS C:\> Unlock-ADAccount -Identity JohnS
PS C:\> Get-ADForest -Current LocalComputer
PS C:\> Get-ADDomain -Current LoggedOnUser
PS C:\> Get-ADDomainController -Filter { name -like "*" }  ## Gets all the DCs in the current domain
What next?
In the next post we will give an overview of Active Directory Powershell and talk about various cmdlets we provide in this release.
Enjoy!
Swami
--
Swaminathan Pattabiraman [MSFT]
Developer – Active Directory Powershell Team

Nguồn: http://blogs.msdn.com/b/adpowershell/