TechnoGist

gist (jst)# The central idea; the essence…

Archive for the ‘AD CmdLets’ tag

Quest AD Management Shell – Get-QADGroup

without comments

In my previous blog entry “Getting Started” I went over downloading and installing the Quest AD Management shell, registering the snapins and running some basic commands using the Get-QADUser CmdLet.

Today I will be looking at the Get-QADGroup CmdLet.
This allows easy access to Active Directory “Group” objects.

As before open a PowerShell Shell window and add in your snapins.

add-pssnapin Quest.ActiveRoles.ADManagement

Getting the number of members in a group.

(Get-QADGroup "GroupName").members.count

Export out the members of a group to a formatted table including the name,displayname,mail(SMTP) and office for each member.

Function Get-MemberName()
{
Process
{
ForEach($Member In $_)
{
Get-QADUser –ObjectAttributes @{distinguishedName=$Member}
}
}
}
(Get-QADGroup "GroupName").members | Get-MemberName | Format-Table name,displayname,mail,office

I often have to clean up groups by looking for disabled users.
To do this you can just add the “accountisdisabled” property to the script above.

E.g.

(Get-QADGroup "GroupName").members | Get-MemberName | Format-Table name,displayname,mail,office,accountisdisabled

Export out the members of a group to a CSV file with all properties.

Function Get-MemberName()
{
Process
{
ForEach($Member In $_)
{
Get-QADUser –ObjectAttributes @{distinguishedName=$Member}
}
}
}
(Get-QADGroup "GroupName").members | Get-MemberName | Export-Csv "C:\GroupMembers.csv"

Above are some useful examples of using Quest AD CmdLets to enumerate Active Directory Group objects.

Hope this helps.

All information is provided on an AS-IS basis, with no warranties and confers no rights.

Written by Paul Brice

April 21st, 2009 at 10:45 am

Posted in PowerShell

Tagged with , , , , ,

Quest AD Management Shell – Getting Started

with one comment

Until now I have always used ADSI and LDAP to query Active Directory for object stored information.
I have been following Dimitry’s examples with the Quest AD PowerShell CmdLets and I thought it was about time I started to embrace them into my PowerShell scripts.

You can download the “ActiveRoles Management Shell for AD” Here.

Before running the Quest ActiveRoles Management Shell snapins I would recommend reading the “Requirements on Active Directory” section (p21) in the administration guide.

After you have installed the Quest ActiveRoles Management Shell you will have to register the PowerShell snapin at the PowerShell prompt.

Enter the command:

add-pssnapin Quest.ActiveRoles.ADManagement

Once you are ready to go and the Quest ActiveRoles Management Shell snapins are installed and registered you can get started with some basic commands.

For Example:

Getting the .displayName of your Active Directory account.

$User = Get-QADUser -Name "YourAccountName"
$User.DisplayName

Getting the Sam Account Name of your Active Directory account.

(Get-QADUSer -Name "YourAccountName").SamAccountName

Checking if a user account is disabled.

(Get-QADUSer -Name "UserAccount").AccountIsDisabled

Using the Get-QADUser with no previously specified connection details allows the Cmdlet to connect to any available domain controller with the credentials of the locally logged on user.

Next time I will start to go through mail enabled groups, their memberships and properties.

Hope this helps.

All information is provided on an AS-IS basis, with no warranties and confers no rights.

Written by Paul Brice

April 20th, 2009 at 7:49 pm

Posted in PowerShell

Tagged with , , ,