deep dive on active directory powershell mudassir ali software development engineer microsoft...

Deep Dive on Active Directory PowerShell

Mudassir AliSoftware Development EngineerMicrosoft Corporation

SIA404

Objectives and Takeaways

Objectives:Instill enthusiasm for something you might have otherwise ignoredShow you an easy way to start learning Active Directory PowerShell

Takeaways:… and to provide sufficient knowledge for you to continue on your own

How’s this going to work?

Not many slidesLots o’ demos

Scenario-drivenInteractive

Q&A when you’ve got the “Q”

Agenda

Why PowerShell?High-level Architecture of Active Directory PowerShellScenarios1. User logon taking a long time2. Update an attribute of user accounts3. User is experiencing intermittent logon failure4. Find out when is the user password expiring5. Monitor health summary of Active Directory forest

demo

Active Directory Administrative Center (ADAC)

Why PowerShell?

Past: Windows CMD shellLimited intrinsic capabilitiesRequired purpose-built external binaries to do more

Present: PowerShell Full .NET reachDiscoverability

New ‘module’-based architecture

Piping

demo

Why PowerShell?

High-level Architecture

Scenario 1

User logon taking a long time across forests

User logon is taking a long time across forestRole:

Active Directory administrator

Problem: User authentication is taking a long time across forests

Cause:The sites and subnets are not synchronized between forests

Solution: Synchronize the sites and subnets between forests

demo

Synchronize sites and subnets between forests

Scenario 2

Update an attribute of user accounts

Update an attribute of user accounts

Role: Active Directory administrator

Problem: Company just moved3,712 user’s postal codes need to change

Solution: Active Directory PowerShell

demo

Update an attribute of user accounts

Pro tip: Increase cmdlet query timeout

Active Directory PowerShell cmdlet query is timing out

Go to the target Domain ControllerOpen the “%windir%\ADWS\Microsoft.ActiveDirectory.WebServices.exe.config” fileIncrease the “OperationTimeout” parameter value

More configuration values and their details at: http://technet.microsoft.com/en-us/library/dd391908(v=ws.10).aspx

Stop-Service ADWSStart-Service ADWS

Scenario 3

Intermittent logon failures

Intermittent logon failuresRole:

Active Directory support engineer

Problem: The user is getting intermittent logon failures

Cause:The user password is not synchronized between DCs

Solution: Ensure that the user password is synchronized

demo

Intermittent logon failures

Scenario 4

When is the user password expiring?

When is the user password expiring

Role: Active Directory administrator

Problem: How to warn the user that their password is expiring

Solution: Active Directory PowerShell script

demo

When is the user password expiring

Scenario 5

Monitor replication health of an Active Directory forest

Monitor replication health of a forest

Role: Active Directory administrator

Problem: What is the replication health of my forest

Solution: Active Directory PowerShell cmdlets to monitor the replication health

demo

Monitor replication health of an Active Directory forest

Pro tip: Send an email using PowerShell# Create the message parameters$messageParameters = @{ `

Subject = “Running processes - $((Get-Date).ToShortDateString())" `Body = Get-Process| ConvertTo-Html | Out-String `From = "Me@MyCompany.com" `To = "Me@MyCompany.com" `SmtpServer = "SmtpHost" }

# Send the mailSend-MailMessage @messageParameters -BodyAsHtml

Takeaways & Resources

Sufficient knowledge for you to continue learning Active Directory PowerShell

Active Directory Administration with Windows PowerShell: http://technet.microsoft.com/en-us/library/dd378937(v=WS.10).aspx

Active Directory PowerShell blog: http://blogs.msdn.com/b/adpowershell/

Active Directory PowerShell: Installation using RSAT on Windows 7: http://blogs.msdn.com/b/adpowershell/archive/2009/03/24/active-directory-powershell-installation-using-rsat-on-windows-7.aspx

Related Content

SIA312 – What is new in Active Directory in Windows Server 2012SIA341 – Windows Server 2012 Dynamic Access Control Deep Dive for Active Directory and Central Authorization PoliciesSIA317 - Active Directory Virtualization Safeguards and Domain Controller Cloning with Windows Server 2012

South Hall A TechExpo (Active Directory and Dynamic Access Control)

SIA, WSV, and VIR Track Resources

Talk to our Experts at the TLC

#TE(sessioncode)

DOWNLOAD Windows Server 2012 Release Candidate

microsoft.com/windowsserverHands-On Labs

DOWNLOAD Windows Azure

Windowsazure.com/teched

Resources

Connect. Share. Discuss.

http://northamerica.msteched.com

Learning

Microsoft Certification & Training Resources

www.microsoft.com/learning

TechNet

Resources for IT Professionals

http://microsoft.com/technet

Resources for Developers

http://microsoft.com/msdn

Complete an evaluation on CommNet and enter to win!

Please Complete an Evaluation Your feedback is important!

Multipleways to Evaluate Sessions

Scan the Tagto evaluate thissession now on myTechEd Mobile

© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to

be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS

PRESENTATION.