Active Directory Administration with Windows PowerShell
Applies To: Windows Server 2008 R2
Windows PowerShellâ„¢ is a command-line shell and scripting language that can help information technology (IT) professionals control system administration more easily and achieve greater productivity.
The Active Directory module for Windows PowerShell for Windows PowerShell consolidates a group of cmdlets. You can use these cmdlets to manage your Active Directory® domains, Active Directory Lightweight Directory Services (AD LDS) configuration sets, and Active Directory Database Mounting Tool instances in a single, self-contained package.
In Windows Server 2000, Windows Server 2003, and Windows Server 2008, administrators used a variety of command-line tools and Microsoft Management Console (MMC) snap-ins to connect to their Active Directory domains and AD LDS configuration sets to monitor and manage them. The Active Directory module for Windows PowerShell now provides a centralized experience for administering your directory service.
Note
The content in this guide was originally written for Windows Server 2008 R2 and still applies to Windows Server 2012. For more information on Active Directory PowerShell features that are new to Windows Server 2012, please refer to the following topics:
- Active Directory Replication and Topology Management Using Windows PowerShell
- Installing AD DS Using Windows PowerShell
- Removing AD DS Using Windows PowerShell
- In the Dynamic Access Control deployment documentation, look for any sections that are labeled Windows PowerShell equivalent commands
- In the Active Directory Domain Services (AD DS) Virtualization documentation, see the steps for deploying a virtualized domain controller.
Installation
You can install the Active Directory module by using any of the following methods:
By default, on a Windows Server 2008 R2 or Windows Server 2012 server when you install the AD DS or AD LDS server roles
By default, when you make a Windows Server 2008 R2 or Windows Server 2012 server a domain controller by running Dcpromo.exe
Note
In Windows Server 2012, Dcpromo.exe is deprecated and installation of AD DS is done through Server Manager or using Windows PowerShell commands. For more information, Install Active Directory Domain Services.
As part of the Remote Server Administration Tools (RSAT) feature on a Windows Server 2008 R2 or Windows Server 2012 server
As part of the RSAT feature on a Windows 7 or Windows 8 Release Preview computer
Important
If you want to use the Active Directory module in Windows 7 or Windows 8 Release Preview to remotely manage an Active Directory domain, an AD LDS instance or configuration set, or an Active Directory Database Mounting Tool instance, you must have at least one Windows Server 2008 R2 domain controller in your domain or at least one instance in an AD LDS configuration set that is running on a Windows Server 2008 R2 server.
The Active Directory module is installed with the following features by default:
Windows PowerShell
The Microsoft .NET Framework 3.5.1 or 4.5
For the Active Directory module to function correctly, Windows PowerShell and the .NET Framework 3.5.1 or 4.5 must be installed.
If you want to use the Active Directory module to manage an Active Directory domain, an AD LDS instance or configuration set, or an Active Directory Database Mounting Tool instance, the Active Directory Web Services (ADWS) service must be installed on at least one domain controller in this domain or on one server that hosts your AD LDS instance. For more information about ADWS, see What's New in AD DS: Active Directory Web Services.
In Windows Server 2008 R2, when the Active Directory module is installed, to start it click Start, point to Administrative Tools, and then click Active Directory Module for Windows PowerShell. You can also load the Active Directory module manually by running the Import-Module ActiveDirectory command at the Windows PowerShell prompt. In Windows Server 2012, the Active Directory module for Windows PowerShell can be accessed using Start screen tile, and module autoloading enables you to use Active Directory PowerShell commands without having to first import the module into your Windows PowerShell session.
Which editions include the Active Directory module?
The Active Directory module is available in the following editions of Windows and Windows Server:
Windows Server 2012 Foundation
Standard
Datacenter
Windows Server 2008 R2 Standard
Windows Server 2008 R2 Enterprise
Windows Server 2008 R2 Datacenter
Windows 7
Windows 8 Release Preview
The Active Directory module is not available in the following editions of Windows and Windows Server:
Windows Server 2008 R2 for Itanium-Based Systems
Windows Web Server 2008 R2
Getting started
This section explains how to start the Active Directory module. You do not have to be a local administrator to use the Active Directory module or to add the module explicitly from a base Windows PowerShell instance.
To start the Active Directory module
Click Start, point to Administrative Tools, and then click Active Directory Module for Windows PowerShell.
This command opens Windows PowerShell with the Active Directory module preloaded.
Note
In Windows Server 2012, the Active Directory module for Windows PowerShell can be accessed using Start screen tile, and module autoloading enables you to use Active Directory PowerShell commands without having to first import the module into your Windows PowerShell session.
Credentials
Membership in Domain Admins, or equivalent, is the minimum required to complete the tasks in this guide.
Membership in Schema Admins, or equivalent, is the minimum required to complete schema operations tasks.
Membership in Enterprise Admins, or equivalent, is the minimum required to complete topology-related tasks.
Scripts
There are several tasks that require you to run a sample script. Sample scripts provide fictitious names, domains, servers, organizational units (OU)s, and other items for the purpose of providing concrete examples of the Active Directory module cmdlets. If you use one of these sample scripts in your environment, change these names to fit your organizational structure. For more information about running Windows PowerShell scripts, see Running Windows PowerShell Scripts (https://go.microsoft.com/fwlink/?LinkID=119588).
Links
The following links take you directly to the section of this guide that contains the group of tasks that you are trying to complete. For example, the Users link takes you to the section that contains all the tasks for managing users in AD DS or AD LDS.
Note
The Account Management section contains information pertaining to User Management and Computer Management with the Active Directory module
Note
For more information on Active Directory PowerShell features that are new to Windows Server 2012, please refer to the following topics:
- Active Directory Replication and Topology Management Using Windows PowerShell
- Installing AD DS Using Windows PowerShell
- Removing AD DS Using Windows PowerShell
- In the Dynamic Access Control deployment documentation, look for any sections that are labeled Windows PowerShell equivalent commands
- In the Active Directory Domain Services (AD DS) Virtualization documentation, see the steps for deploying a virtualized domain controller.
Additional information
For more information about the Active Directory module, see AD DS: Active Directory PowerShell (https://go.microsoft.com/fwlink/?LinkId=134679).
For more information about Windows PowerShell, see Windows PowerShell (https://go.microsoft.com/fwlink/?LinkID=102372).