Shulou(Shulou.com)06/01 Report--

Today, I will talk to you about what the PowerShell command for alternative active directory management is. Many people may not understand it very well. In order to make you understand better, the editor has summarized the following content for you. I hope you can get something according to this article.

Previously, we saw how PowerShell can be used to manage active directories in Windows Server 2008 R2. We will provide some alternatives to Microsoft commands.

The advantage of these other options is that they have no dependencies-except, of course, the active Directory command itself. These commands are provided by Quest software and my own open source module called BSonPosh.

51CTO project recommendation: listen to experts talk about Windows active Directory | scripting technology in Windows-Powershell

Quest is indeed the first to enter the field of active Directory, which has been around for about four years since the early days of Windows PowerShell, so these commands are very mature. They do not rely on anything specific, and when commands violate all "active directories", they can still specify a Quest active role server that provides a higher level of target management and security. All that aside, they are very similar to Microsoft commands.

The drawback of these Quest commands is that they don't venture into infrastructure management, which is why I wrote BSonPosh modules to make up for the shortfall. To be clear, the coverage of my module extends far beyond active Directory, but the coverage managed by the active Directory infrastructure is great.

When we don't have the time or space to complete the entire set of commands provided by Quest and BSonPosh, we can take a look at those commands that do well in both kinds of management.

Note: you may notice that the Quest command has the verb prefix of QAD. This allows them to coexist peacefully with other active directory command suppliers.

Management by objectives (Quest)

Get-QADUser-get a specific user target or search for a user target that matches the query, for example:

# get the user name for users whose BSonPosh domain name resolution is not clear, Get-QADUser bsonposh# get the manager user with BSonPosh Get-QADUser-Manager bsonposh# get the user with the surname "Shell" using LDAP filter Get-QADUser-LDAPFilter "(sn=shell)" more enumerate: Get-help Get-QADUser-example

Get-QADComputer-- gets a specific computer target or searches for a computer target that matches a query, such as:

# get all computers of the specified organizational unit Get-QADComputer-SearchRoot "OU=XenDesktop,DC=Dev,DC=Lab" # get all computers with the specified identity (e.g., members, domain controllers, undefined) Get-QADComputer-ComputerRole DC# found all Windows 7 machines Get-QADComputer-OSName "Windows 7*" more examples: Get-help Get-QADComputer-example

Get-QADGroup-- gets a specific group target or searches for the group target of a matching query, for example:

# list all general group Get-QADGroup-GroupScope 'Universal'# to get group members Get-QADGroup "domain Admins" | select-ExpandProperty member# easier way to get group members Get-ADGroupMember "Domain Admins" # find empty group Get-QADGroup-empty $true more examples: Get-help Get-QADGroup-example

Infrastructure Management (BSonPosh)

Get-Forest-- returns the current forest, for example:

# get current forest Get-Forest# obtain forest Get-Forest-DomainController CoreDC for a specific domain controller more examples: Get-help Get-Forest-example

Get-Domain-returns the domain target, such as

# get the current domain Get-Domain# get the domain Get-Domain-DomainController CoreDC of a specific domain controller more examples: Get-help Get-Domain-exampleGet-Forest

Get-DomainController-- returns the domain controller target that matches the transfer parameters, for example:

# get the domain controller Get-DomainController# of the current user session use a specific name (RegEx) to obtain the domain controller Get-DomainController- Filter "mydc (nyc | dr)\ d" > # return all domain controllers Get-DomainController- Domain Dev.Lab in the specified domain more examples: Get-help Get-DomainController-example

Get-FSMO-- returns the operation host of the forest / domain, for example:

# return all flexible single host operations of forest and domain Get-FSMO# return domain flexible single host operation Get-FSMO-Domain# return only forest flexible single host operation Get-FSMO-Forest more examples: Get-help Get-FSMO-example >

Here are all the commands provided by the Quest active Directory module:

Add-QADGroupMember

Add-QADMemberOf

Add-QADPasswordSettingsObjectAppliesTo

Add-QADPermission

Approve-QARSApprovalTask

Connect-QADService

Convert-QADAttributeValue

Deprovision-QADUser

Disable-QADUser

Disconnect-QADService

Enable-QADUser

Get-QADComputer

Get-QADGroup

Get-QADGroupMember

Get-QADMemberOf

Get-QADObject

Get-QADObjectSecurity

Get-QADPasswordSettingsObject

Get-QADPasswordSettingsObjectAppliesTo

Get-QADPermission

Get-QADPSSnapinSettings

Get-QADRootDSE

Get-QADUser

Get-QARSAccessTemplate

Get-QARSAccessTemplateLink

Get-QARSApprovalTask

Get-QARSOperation

Move-QADObject

New-QADGroup

New-QADObject

New-QADPasswordSettingsObject

New-QADUser

New-QARSAccessTemplateLink

Reject-QARSApprovalTask

Remove-QADGroupMember

Remove-QADMemberOf

Remove-QADObject

Remove-QADPasswordSettingsObjectAppliesTo

Remove-QADPermission

Remove-QARSAccessTemplateLink

Rename-QADObject

Restore-QADDeletedObject

Set-QADGroup

Set-QADObject

Set-QADObjectSecurity

Set-QADPSSnapinSettings

Set-QADUser

Set-QARSAccessTemplateLink

Unlock-QADUser

Here is a list of all active directory commands that can be found in the BSonPosh module:

ConvertTo-DistinguishedName

ConvertTo-DNSName

ConvertTo-Name

ConvertTo-NetbiosName

ConvertTo-Sid

ConvertTo-UACFLag

Get-ADACL

Get-DCConnectionObject

Get-Domain

Get-DomainController

Get-Forest

Get-FSMO

Get-Schema

Get-SchemaClass

Get-SchemaOID

Get-SchemaProperty

Get-SiteLink

Get-Site

New-ADACE

Set-ADACL

Through the online help of Quest commands and the source code of BSonPosh, you will find more management for active Directory goals and infrastructure applied to these PowerShell commands.

After reading the above, do you have any further understanding of the PowerShell command that replaces active Directory management? If you want to know more knowledge or related content, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.