« Previous 1 2 3 Next »
The best cmdlets for PowerShell
The Horse's Mouth
Testing the Conditions for Active Directory
The cmdlet Test-ADDSDomainControllerInstallation
[1] tests whether the conditions for installing a domain controller are met. For a read-only domain controller, you would do the same thing using Test-ADDSReadOnlyDomainControllerAccountCreation
[2].
To test the conditions for installing a new domain in Active Directory, you would instead use Test-ADDSDomainInstallation
(Figure 3). Test-ADDSForestInstallation
does the same for a new forest based on Windows Server 2012. To run the tests, you must still enter passwords in different places. The cmdlet here only accepts this as secure input. An example of the command is:
Test-ADDSDomainControllerInstallation -Domainname <DNS-name of domain> -SafeModeAdministratorPassword <SecureString>
To install a new domain controller, use the Install-ADDSDomainController
cmdlet. For this command to work, you need to specify the name of the domain and configure the password for Directory Services Restore Mode as a SecureString
. The following command does the trick:
Install-ADDSDomainController -DomainName <DNS name of domain> -SafeModeAdministratorPassword (read-host -prompt "Password"-assecurestring)
To demote a domain controller, again your best option is UnInstall-ADDSDomainController
. You need to specify at least the local administrator's password, which is defined as a SecureString
. The syntax looks like this:
UnInstall-ADDSDomainController -LocalAdministratorPassword (read-host -prompt "Password" -assecurestring)
The get-help UnInstall-ADDSDomainController
cmdlet gives you more information on the command. You can also name, reboot, and add servers to domains in PowerShell. To do this, PowerShell provides the following cmdlets:
Rename-Computer -Name <Computername>
Add-Computer -DomainName <domain name>
Restart-Computer
You can also set up replication in PowerShell. For a list of the available commands, type get-command *adreplication*
, and to display help for the cmdlets, use the get-help
cmdlet.
You can also create sites in PowerShell with the use of the New-ADReplicationSite <location>
command, and you can create new site links, for example, like this:
New-ADReplicationSiteLink CORPORATE-BRANCH1 -SitesIncluded CORPORATE,BRANCH1 -OtherAttributes @{'options'=1}
You can also set the metric of the time frame for synchronization in the same command line by setting the appropriate switches:
Set-ADReplicationSiteLink CORPORATE-BRANCH1 -Cost 100 -ReplicationFrequencyInMinutes 15
This call sets the metric to 100 and the replication interval to 15 minutes.
Testing Replication in PowerShell
To discover the replication status, you can use the Get-ADReplicationUpToDatenessVectorTable <server name>
cmdlet. For a list of all your servers, do this:
Get-ADReplicationUpToDatenessVectorTable * | sort Partner,Server | ft Partner,Server,UsnFilter
Use the following two cmdlets to view the individual sites and the domain controllers at these sites:
Get-ADReplicationSite -Filter * | ft <Name>
Get-ADDomainController -Filter * | ft <Hostname>,<Site>
To view the replication connections in PowerShell, use the Get-ADReplicationConnection
command. PowerShell will also give you detailed information on the individual sites on request. To do this, use Get-ADReplicationSite -Filter *
. Other interesting cmdlets in this area are:
Get-ADReplicationPartnerMetadata
Get-ADReplicationFailure
Get-ADReplicationQueueOperation
PowerShell Web Access
Windows PowerShell Web Access provides a web-based Windows PowerShell console. In this way, you can run PowerShell commands and scripts from a console in a web browser. You can even use PowerShell Web Access to access the PowerShell on your servers remotely on a smartphone or tablet, which means you can use all the cmdlets that are available on the server. When you install Windows PowerShell Web Access using PowerShell, the administration tools for IIS are not added:
Install-WindowsFeature -Name WindowsPowershellWebAccess -ComputerName <Servername> -IncludeManagementTools -Restart
The next step is to set up the gateway for PowerShell Web Access. The Install-PswaWebApplication
cmdlet provides a quick approach to configuring this. You can install a self-signed SSL certificate with the option -UseTestCertificate
. Running this cmdlet installs the PowerShell Web Access web application in the Default Web Site container of IIS; then, you can access the PSWA website on https://<servername>/pswa
.
After installing PowerShell Web Access and setting up the gateway with the website and the certificate, you still need to allow users to access PowerShell via Web Access. In a PowerShell session that was opened with the administrative role, run the commands shown in Listing 1.
Listing 1
Allowing Web Access
$applicationPoolName = "<name of application pool for PSWA>" $authorizationFile = "C:\windows\web\powershellwebaccess\data\AuthorizationRules.xml" c:\windows\system32\icacls.exe $authorizationFile /grant ('"' + "IIS AppPool\$applicationPoolName" + '":R') > $null
Authorization rules allow a user to access a computer on the network. Access is limited to a specific session configuration. The cmdlet:
Add-PswaAuthorizationRule -UserName Contoso\administrator -ComputerName srv1.contoso.int -ConfigurationName microsoft.powershell
grants the "administrator" user in the "contoso" domain access for managing the "srv1.contoso.int" computer and use of the "Microsoft.PowerShell" session configuration.
« Previous 1 2 3 Next »
Buy ADMIN Magazine
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Most Popular
Support Our Work
ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.