Adam Bell, is doing a very cool series about AD and PowerShell on his blog : Lead, Follow, or Move
and has some very interesting topics about Active Directory Infrastructure management, a recommended read !
It shows very well how to work with the ADSI wrapper (a.o. the create method in the OU example )
But for the Infrastructure tasks, as I also showed with some examples on my old blog here : /\/\o\/\/ PowerShelled: AD Infastructure exploring with MSH
the .NET Framework 2.0 has an extra NameSpace System.DirectoryServices.ActiveDirectory that helps with this kind of work.
I will first give the link and title if the Blogentry Adam Bell did using the DirectoryEntry and then the version using the System.DirectoryServices.ActiveDirectory namespace :
Retrieving Active Directory FSMO roles with PowerShell
$dom = [System.DirectoryServices.ActiveDirectory.Domain]::getcurrentdomain()
$dom | Format-List *
PoSH>$dom = [System.DirectoryServices.ActiveDirectory.Domain]::getcurrentdomain() PoSH>$dom | Format-List * Forest : mow.local DomainControllers : {mowdc001.mow.local} Children : {} DomainMode : Windows2000MixedDomain Parent : PdcRoleOwner : mowdc001.mow.local RidRoleOwner : mowdc001.mow.local InfrastructureRoleOwner : mowdc001.mow.local Name : mow.local
Transferring Active Directory FSMO roles with PowerShell
$dc = $dom.FindDomainController()
$dc.TransferRoleOwnership('PdcRole')
$dc.TransferRoleOwnership('InfrastructureRole')
PoSH>$dom PoSH>$dc = $dom.FindDomainController() PoSH>$dc Forest : mow.local CurrentTime : 2/9/2007 10:34:43 PM HighestCommittedUsn : 90155 OSVersion : Windows Server 2003 Roles : {SchemaRole, NamingRole, PdcRole, RidRole...} Domain : mow.local IPAddress : 192.168.0.1 SiteName : Default-First-Site SyncFromAllServersCallback : InboundConnections : {} OutboundConnections : {} Name : mowdc001.mow.local Partitions : {DC=mow,DC=local, CN=Configuration,DC=mow,DC=local, CN=Schema,CN=Configuration,DC=mow,DC=l ocal, DC=DomainDnsZones,DC=mow,DC=local...} PoSH>$dc.Roles SchemaRole NamingRole PdcRole RidRole InfrastructureRole PoSH>$dc.TransferRoleOwnership MemberType : Method OverloadDefinitions : {System.Void TransferRoleOwnership(ActiveDirectoryRole role)} TypeNameOfValue : System.Management.Automation.PSMethod Value : System.Void TransferRoleOwnership(ActiveDirectoryRole role) Name : TransferRoleOwnership IsInstance : True PoSH>$dc.TransferRoleOwnership('PdcRole') Exception calling "TransferRoleOwnership" with "1" argument(s): "The server is unwilling to process the request. (Excep tion from HRESULT: 0x80072035)" At line:1 char:26 + $dc.TransferRoleOwnership( <<<< 'PdcRole') PoSH>
You can get to different DomainControllers from the Domain Object (to get a DC direct see post on Old blog /\/\o\/\/ PowerShelled: AD Infastructure exploring with MSH ) or from the collection or by selecting a role.
PoSH>$dom.DomainControllers.GetType()
IsPublic IsSerial Name BaseType
-------- -------- ---- --------
True False DomainControllerCollection System.Collections.ReadOnlyCollectionBase
PoSH>$dom.PdcRoleOwner.GetType()
IsPublic IsSerial Name BaseType
-------- -------- ---- --------
True False DomainController System.DirectoryServices.ActiveDirectory.DirectoryServer
PoSH>$pdc = $dom.PdcRoleOwner
PoSH>get-buffer | out-file Domain3.html
Raising Active Directory Domain and Forest functionality to Windows 2003 with PowerShell
$dom = [System.DirectoryServices.ActiveDirectory.Domain]::getcurrentdomain()
$dom.RaiseDomainFunctionality('Windows2000NativeDomain')
$dom.RaiseDomainFunctionality('Windows2003Domain')
PoSH>$dom = [System.DirectoryServices.ActiveDirectory.Domain]::getcurrentdomain() PoSH>$dom | Format-List * Forest : mow.local DomainControllers : {mowdc001.mow.local} Children : {} DomainMode : Windows2000MixedDomain Parent : PdcRoleOwner : mowdc001.mow.local RidRoleOwner : mowdc001.mow.local InfrastructureRoleOwner : mowdc001.mow.local Name : mow.local PoSH>$dom | Get-Member -MemberType Method TypeName: System.DirectoryServices.ActiveDirectory.Domain Name MemberType Definition ---- ---------- ---------- CreateLocalSideOfTrustRelationship Method System.Void CreateLocalSideOfTrustRelationship(String targetDomainNa... CreateTrustRelationship Method System.Void CreateTrustRelationship(Domain targetDomain, TrustDirect... DeleteLocalSideOfTrustRelationship Method System.Void DeleteLocalSideOfTrustRelationship(String targetDomainName) DeleteTrustRelationship Method System.Void DeleteTrustRelationship(Domain targetDomain) Dispose Method System.Void Dispose() Equals Method System.Boolean Equals(Object obj) FindAllDiscoverableDomainControllers Method System.DirectoryServices.ActiveDirectory.DomainControllerCollection ... FindAllDomainControllers Method System.DirectoryServices.ActiveDirectory.DomainControllerCollection ... FindDomainController Method System.DirectoryServices.ActiveDirectory.DomainController FindDomain... GetAllTrustRelationships Method System.DirectoryServices.ActiveDirectory.TrustRelationshipInformatio... GetDirectoryEntry Method System.DirectoryServices.DirectoryEntry GetDirectoryEntry() GetHashCode Method System.Int32 GetHashCode() GetSelectiveAuthenticationStatus Method System.Boolean GetSelectiveAuthenticationStatus(String targetDomainN... GetSidFilteringStatus Method System.Boolean GetSidFilteringStatus(String targetDomainName) GetTrustRelationship Method System.DirectoryServices.ActiveDirectory.TrustRelationshipInformatio... GetType Method System.Type GetType() get_Children Method System.DirectoryServices.ActiveDirectory.DomainCollection get_Childr... get_DomainControllers Method System.DirectoryServices.ActiveDirectory.DomainControllerCollection ... get_DomainMode Method System.DirectoryServices.ActiveDirectory.DomainMode get_DomainMode() get_Forest Method System.DirectoryServices.ActiveDirectory.Forest get_Forest() get_InfrastructureRoleOwner Method System.DirectoryServices.ActiveDirectory.DomainController get_Infras... get_Name Method System.String get_Name() get_Parent Method System.DirectoryServices.ActiveDirectory.Domain get_Parent() get_PdcRoleOwner Method System.DirectoryServices.ActiveDirectory.DomainController get_PdcRol... get_RidRoleOwner Method System.DirectoryServices.ActiveDirectory.DomainController get_RidRol... RaiseDomainFunctionality Method System.Void RaiseDomainFunctionality(DomainMode domainMode) RepairTrustRelationship Method System.Void RepairTrustRelationship(Domain targetDomain) SetSelectiveAuthenticationStatus Method System.Void SetSelectiveAuthenticationStatus(String targetDomainName... SetSidFilteringStatus Method System.Void SetSidFilteringStatus(String targetDomainName, Boolean e... ToString Method System.String ToString() UpdateLocalSideOfTrustRelationship Method System.Void UpdateLocalSideOfTrustRelationship(String targetDomainNa... UpdateTrustRelationship Method System.Void UpdateTrustRelationship(Domain targetDomain, TrustDirect... VerifyOutboundTrustRelationship Method System.Void VerifyOutboundTrustRelationship(String targetDomainName) VerifyTrustRelationship Method System.Void VerifyTrustRelationship(Domain targetDomain, TrustDirect... PoSH>$dom.RaiseDomainFunctionality MemberType : Method OverloadDefinitions : {System.Void RaiseDomainFunctionality(DomainMode domainMode)} TypeNameOfValue : System.Management.Automation.PSMethod Value : System.Void RaiseDomainFunctionality(DomainMode domainMode) Name : RaiseDomainFunctionality IsInstance : True PoSH>[enum]::GetNames([System.DirectoryServices.ActiveDirectory.DomainMode]) Windows2000MixedDomain Windows2000NativeDomain Windows2003InterimDomain Windows2003Domain PoSH>$dom.RaiseDomainFunctionality('Windows2003Domain') Exception calling "RaiseDomainFunctionality" with "1" argument(s): "The server is unwilling to process the request. (Ex ception from HRESULT: 0x80072035)" At line:1 char:30 + $dom.RaiseDomainFunctionality( <<<< 'Windows2003Domain') PoSH>$dom.RaiseDomainFunctionality('Windows2000NativeDomain') PoSH>$dom.RaiseDomainFunctionality('Windows2003Domain') PoSH>$dom Forest : mow.local DomainControllers : {mowdc001.mow.local} Children : {} DomainMode : Windows2003Domain Parent : PdcRoleOwner : mowdc001.mow.local RidRoleOwner : mowdc001.mow.local InfrastructureRoleOwner : mowdc001.mow.local Name : mow.local PoSH>
Enabling and disabling a Global Catalog server with PowerShell
$for = [System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest()
$gc = $for.FindGlobalCatalog()
$gc.DisableGlobalCatalog()
$gc.EnableGlobalCatalog()
PoSH>$for = [System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest() PoSH>$for Name : mow.local Sites : {Default-First-Site} Domains : {mow.local} GlobalCatalogs : {mowdc001.mow.local} ApplicationPartitions : {DC=DomainDnsZones,DC=mow,DC=local, DC=ForestDnsZones,DC=mow,DC=local, DC=TAPI3Directory,DC=mow ,DC=local} ForestMode : Windows2000Forest RootDomain : mow.local Schema : CN=Schema,CN=Configuration,DC=mow,DC=local SchemaRoleOwner : mowdc001.mow.local NamingRoleOwner : mowdc001.mow.local PoSH>$gc = $for.FindGlobalCatalog() PoSH>$gc Forest : mow.local CurrentTime : 2/9/2007 11:20:16 PM HighestCommittedUsn : 90156 OSVersion : Windows Server 2003 Roles : {SchemaRole, NamingRole, PdcRole, RidRole...} Domain : mow.local IPAddress : 192.168.0.1 SiteName : Default-First-Site SyncFromAllServersCallback : InboundConnections : {} OutboundConnections : {} Name : mowdc001.mow.local Partitions : {DC=mow,DC=local, CN=Configuration,DC=mow,DC=local, CN=Schema,CN=Configuration,DC=mow,DC=l ocal, DC=DomainDnsZones,DC=mow,DC=local...} PoSH>$gc.DisableGlobalCatalog MemberType : Method OverloadDefinitions : {System.DirectoryServices.ActiveDirectory.DomainController DisableGlobalCatalog()} TypeNameOfValue : System.Management.Automation.PSMethod Value : System.DirectoryServices.ActiveDirectory.DomainController DisableGlobalCatalog() Name : DisableGlobalCatalog IsInstance : True PoSH>$gc.EnableGlobalCatalog MemberType : Method OverloadDefinitions : {System.DirectoryServices.ActiveDirectory.GlobalCatalog EnableGlobalCatalog()} TypeNameOfValue : System.Management.Automation.PSMethod Value : System.DirectoryServices.ActiveDirectory.GlobalCatalog EnableGlobalCatalog() Name : EnableGlobalCatalog IsInstance : True PoSH>
Creating an Organizational Unit in Active Directory with PowerShell
n/a
As I have only one DC in my VM, I can not test all, but you see that this NameSpace helps a lot in Managing AD infrastructure
Enjoy,
Greetings /\/\o\/\/