With Windows PowerShell Scripting being one of the requirements in the current Common Engineering Criteria (CEC), all Microsoft server products need to comply with having Windows PowerShell scripting support. In Windows Server 2012, Active Directory Domain Services expands beyond the 76 Active Directory Management PowerShell Cmdlets and 15 Active Directory Provider PowerShell Cmdlets found in Windows Server 2008 R2.
What’s New
Windows Server 2008 R2
With Windows Server 2008 R2, Microsoft introduced the Active Directory Cmdlets. These PowerShell Cmdlets communicate through the Active Directory Web Service (ADWS):
Windows Server 2012
In Windows Server 2012, Active Directory PowerShell has been extended with various new PowerShell Cmdlets. These new Cmdlets extend beyond the areas of Account Management, Topology Management and Directory Object Management.
In Windows Server 2012 you’ll have 59 more PowerShell Cmdlets to your disposal from the Active Directory Module to manage your Active Directory Topology and Objects, with a specific focus on Active Directory Sites and Services, Active Directory replication, Dynamic Access Control and Domain Controller cloning:
- Add-ADCentralAccessPolicyMember
- Add-ADResourcePropertyListMember
- Clear-ADClaimTransformLink
- Get-ADCentralAccessPolicy
- Get-ADCentralAccessRule
- Get-ADClaimTransformPolicy
- Get-ADClaimType
- Get-ADDCCloningExcludedApplicationList
- Get-ADReplicationAttributeMetadata
- Get-ADReplicationConnection
- Get-ADReplicationFailure
- Get-ADReplicationPartnerMetadata
- Get-ADReplicationQueueOperation
- Get-ADReplicationSite
- Get-ADReplicationSiteLink
- Get-ADReplicationSiteLinkBridge
- Get-ADReplicationSubnet
- Get-ADReplicationUpToDatenessVectorTable
- Get-ADResourceProperty
- Get-ADResourcePropertyList
- Get-ADResourcePropertyValueType
- Get-ADTrust
- New-ADCentralAccessPolicy
- New-ADCentralAccessRule
- New-ADClaimTransformPolicy
- New-ADClaimType
- New-ADDCCloneConfigFile
- New-ADReplicationSite
- New-ADReplicationSiteLink
- New-ADReplicationSiteLinkBridge
- New-ADReplicationSubnet
- New-ADResourceProperty
- New-ADResourcePropertyList
- Remove-ADCentralAccessPolicy
- Remove-ADCentralAccessPolicyMember
- Remove-ADCentralAccessRule
- Remove-ADClaimTransformPolicy
- Remove-ADClaimType
- Remove-ADReplicationSite
- Remove-ADReplicationSiteLink
- Remove-ADReplicationSiteLinkBridge
- Remove-ADReplicationSubnet
- Remove-ADResourceProperty
- Remove-ADResourcePropertyList
- Remove-ADResourcePropertyListMember
- Set-ADCentralAccessPolicy
- Set-ADCentralAccessRule
- Set-ADClaimTransformLink
- Set-ADClaimTransformPolicy
- Set-ADClaimType
- Set-ADReplicationConnection
- Set-ADReplicationSite
- Set-ADReplicationSiteLink
- Set-ADReplicationSiteLinkBridge
- Set-ADReplicationSubnet
- Set-ADResourceProperty
- Set-ADResourcePropertyList
- Sync-ADObject
- Test-ADServiceAccount
In addition, you’ll have 10 PowerShell Cmdlets to deploy Active Directory Domain Services with Windows Server 2012:
- Add-ADDSReadOnlyDomainControllerAccount
- Install-ADDSDomain
- Install-ADDSDomainController
- Install-ADDSForest
- Test-ADDSDomainControllerInstallation
- Test-ADDSDomainControllerUninstallation
- Test-ADDSDomainInstallation
- Test-ADDSForestInstallation
- Test-ADDSReadOnlyDomainControllerAccountCreation
- Uninstall-ADDSDomainController
You’ve already seen one of these PowerShell Cmdlets in action in Part 2 of this series when we promoted a server to a Domain Controller from the command-line and other Cmdlets are used under the hood by the automated Active Directory preparation feature.
Requirements
To gain access to the PowerShell commands, you need to use either:
- Implement a Windows Server 2012 Domain Controller with the Active Directory Module for Windows PowerShell feature installed. (It is installed by default when you install the Active Directory Domain Services role.)
- Implement a Windows Server 2012-based member server with the Active Directory Module for Windows PowerShell feature installed. This feature is buried deep in the Remote Server Administration Tools, then Role Administration Tools and AD DS and AD LDS Tools.
- Implement a Windows 8-based domain-joined workstation with the Remote Server Administration Tools (RSAT) package installed and Active Directory Module for Windows PowerShell feature installed. This feature is buried deep in the Remote Server Administration Tools, then Role Administration Tools and AD DS and AD LDS Tools.
To point the PowerShell commands to a Domain Controller, this Domain Controller needs to run the Active Directory Web Services (ADWS). This functionality is available on both Server Core and Full Installations of Windows Server 2008 R2. For Windows Server 2003 and full installations of Windows Server 2008, the Active Directory Management Gateway Service (Active Directory Web Service for Windows Server 2003 and Windows Server 2008) can be installed.
Concluding
The Active Directory team has almost doubled the amount of Active Directory Domain Services-related PowerShell Cmdlets, allowing us to perform even more actions on the command-line.
If only, there was an easy way to learn PowerShell… Oh wait, there is! Read more about it in Part 4 of this series.
Further reading
Use Windows PowerShell Commands in Windows Server 2012
Active Directory Cmdlets in Windows PowerShell
Introduction to Active Directory Replication and Topology Management Using PowerShell
Advanced Active Directory Replication and Topology Management Using PowerShell
Windows Server 2012 AD DS Administration Cmdlets in Windows PowerShell
PowerShell oneliners to get information about your Active Directory infrastructure
Login