PowerShell Tutorial 9-16
PowerShell Tutorial 9-16
Get-Service -Name W*
If you forget a cmdlet’s parameters, just use a script like the following, which will display the parameters for
the Get-Process cmdlet:
Get-Process | Get-Member
If you still don’t find the cmdlet you need, you can make sure the help is current and then get examples for
a cmdlet (such as Get-Process) using a script like this:
9
You can also use aliases, which are shortened cmdlet names. For instance, instead of Get-Help you can use
just Help. Try running the following two commands and see whether you get the same result:
Start-Process notepad
start notepad
Similarly, to stop this process, you can use either of the following commands:
10
1.4 Comments
Leaving comments in a script will help you — and your colleagues — better understand what the script does.
A string comment is a single line that starts with a number sign (#); block comments spread across multiple
lines, starting and ending with number signs and angle brackets:
1.5 Pipes
A pipe passes data from one cmdlet to another. I used a pipe earlier to get all properties of an object.
For example, if you execute the following script, you’ll get all services sorted by their status:
You can also use a pipe to output text to a file using a script like the following:
You can use multiple pipes. For instance, the following script lists all services, with the first pipe excluding
stopped services and the second pipe limiting the list to display names only:
11
2. Top 10 Active Directory Management
Tasks with PowerShell
The easiest way to manage objects in an Active Directory domain is using the Active Directory Users and
Computers (ADUC) MMC snap-in. However, what if you need to create multiple user accounts in bulk, or
ADUC is not available for some reason? In this part, we’ll explore how to perform most common AD
management tasks with PowerShell.
Keep in mind that before you can work with Active Directory and its objects, you need to import the Active
Directory module for Windows PowerShell. In Microsoft Windows Server 2008 R2, you need to enable this
module by running the following command:
Import-Module ActiveDirectory
In Microsoft Windows Server 2012 and later, this module is enabled by default.
When you know the syntax, it’s easy to add users to Active Directory:
New-ADUser B.Johnson
12
Accounts are created with the following default properties:
Account is disabled.
No password is set.
Therefore, to make a new account that’s actually usable, you need to enable it using the Enable-ADAccount
cmdlet and give it a password using the Set-ADAccountPassword cmdlet.
Surname — Robinson
Path — “OU=Managers,DC=enterprise,DC=com”
Status — Enabled
The Read-Host parameter will ask you to input new password. Note that the password should meet the
length, complexity and history requirements of your domain security policy.
13
Now, let’s create ten similar Active Directory accounts in bulk and set a default password (P@ssw0rd) for
each of them. To send the default password in a protected state, we must use the ConvertTo-SecureString
parameter. Here’s the script to use:
To make the script more flexible, add the Read-Host parameter, which will ask for the number of users to be
added:
$path="OU=IT,DC=enterprise,DC=com"
$username=Read-Host "Enter name"
$n=Read-Host "Enter Number"
$count=1..$n
foreach ($i in $count)
{ New-AdUser -Name $username$i -Path $path -Enabled $True -ChangePasswordAtLogon $true `
-AccountPassword (ConvertTo-SecureString "P@ssw0rd" -AsPlainText -force) -passThru }
14
Another option for creating users in AD is to import them from a CSV file. This option is great when you have
a list of users with predefined personal details such as:
FirstName
LastName
Username
Department
Password
OU
The CSV file must be in UTF8 encoding and contain contact data that looks like this:
The following script will create enabled user objects for any users in the CSV that don’t already have accounts
in AD. The “Reset password at the next logon” option will be enabled for the new accounts, so you can use
your default password:
15
#Enter a path to your import CSV file
$ADUsers = Import-csv C:\scripts\newusers.csv
#Account will be created in the OU listed in the $OU variable in the CSV file; don’t forget
to change the domain name in the"-UserPrincipalName" variable
New-ADUser `
-SamAccountName $Username `
-UserPrincipalName "[email protected]" `
-Name "$Firstname $Lastname" `
-GivenName $Firstname `
-Surname $Lastname `
-Enabled $True `
-ChangePasswordAtLogon $True `
-DisplayName "$Lastname, $Firstname" `
-Department $Department `
-Path $OU `
-AccountPassword (convertto-securestring $Password -AsPlainText -Force)
}
}
16