Transcript Import-Module ActiveDirectory Get

Adding a Module
• The Import-Module cmdlet

Can be used to load any external module into PowerShell.

Uses the following syntax to add the ActiveDirectory module:
Import-Module ActiveDirectory

Using this cmdlet imports the module into only the currentlyrunning session. You will need to import it in each session.

After it is loaded, the module adds a set of commands for
administering Active Directory. You can retrieve the list of
commands using:
Get-Command –module ActiveDirectory
• The Remove-Module cmdlet will unload the module from
the current session.
The AD: Drive
• Adding the ActiveDirectory module also adds a PSDrive
provider.

This provider maps the AD: drive to your logon domain.

The main purpose of this drive is to provide a security context
for executing cmdlets.
• When you run an Active Directory cmdlet, it will
automatically use the credentials and domain of the
current AD: drive.

This eliminates the need to supply credentials for each
command.

You can map other drives to other domains and credentials.
Cmdlets will run using the credentials associated with the
current drive.

To use a different domain or set of credentials, change to the
correct mapped drive, and then begin running cmdlets.
Tip for Earlier Versions of Windows
• Be Aware: The Active Directory cmdlets are designed to be
used on Windows Server 2008 R2 and Windows 7 only

This means that other operating systems cannot directly
install and use the cmdlets

However, these older operating systems can indirectly use
the cmdlets of another host
• The process to use another host’s cmdlets is called implicit
remoting, and will be covered later in this course
Filtering
• It is generally a bad idea to query every object in Active
Directory at once

Doing so is computationally expensive

Doing so can impact your Domain Controllers’ performance
• Most Active Directory cmdlets have defined a mandatory
parameter called –filter

This –filter parameter limits the number of records that the
cmdlet will work with

It can accept wildcards and PowerShell-style criteria:
Get-ADUser -Filter 'Name -like "*SvcAccount"'
Get-ADUser -Filter {Name -eq "GlenJohn"}
Computer and Other Objects
• The ActiveDirectory cmdlet can also interact with objects
other than users, such as:

Computer objects

Groups

Fine-grained password policies
• The cmdlets Get-ADComputer, New-
ADFineGrainedPasswordPolicy, and many others interact
with these objects in ways that are similar to working with
users

Remember to pipe objects to Get-Member or Format-List * to
see which objects are available
Spend time with the help for the ActiveDirectory
module’s cmdlets to see which administrative
actions are exposed