Blog Post

Ask the Directory Services Team
3 MIN READ

Windows 2008 R2: Managing AD LDS using the AD PowerShell Module

NedPyle's avatar
NedPyle
Icon for Microsoft rankMicrosoft
Apr 04, 2019
First published on TechNet on Sep 14, 2009

Hello it’s LaNae again. Now that Windows 2008 R2 is available we get to use the coolness of PowerShell with AD LDS. When you install the AD LDS role on a Windows 2008 R2 server it will also install the AD PowerShell module.


Unfortunately the documentation in the help files for each cmdlet does not give an example of what the syntax would be for AD LDS. You can find a list of the cmdlets in the “What’s New in AD DS: Active Directory Module for Windows PowerShell” located at


http://technet.microsoft.com/en-us/library/dd378783(WS.10).aspx


Active Directory Cmdlets used with AD LDS

Below you will find a list of Active Directory cmdlets as well as the syntax that can be used to manage AD LDS instances.


Enable-ADOptionalFeature : Enable an optional feature.


Example: Enable-ADOptionalFeature “Recycle Bin Feature” –server servername:port –scope ForestorConfigurationSet –target “CN=Configuration,CN={GUID}”


Get-ADObject : Gets one or more AD LDS objects.


Example : Get-ADObject -filter ‘objectclass -eq "user"’ -searchbase 'partition DN' -server servername:port - properties DistinguishedName | FT Name, DistinguishedName –A



Get-ADOrganizationalUnit : Gets one or more AD LDS OUs


Example : Get-ADOrganizationalUnit -Filter {Name -Like '*'} -searchbase " partition DN " -server 'servername:port' - AuthType Negotiate | FT Name, DistinguishedName –A



Get-ADUser : Gets one or more AD LDS users


Example : Get-ADUser -Filter 'Name -like "*"' -searchbase "partition DN” -server 'servername:port'



Get-ADGroup : Gets one or more AD LDS groups


Example : Get-ADGroup' -Filter 'Name -like "*"' -searchbase "DN of partition to search" -server 'servername:port'



Get-ADGroupMember : Gets the members of an AD LDS group


Example : Get-ADGroupMember -identity 'DN of group' -server 'servername:port' -partition "DN of partition where group resides" | FT Name,DistinguishedName -A



New-ADGroup : Creates a new AD LDS group


Example : New-ADGroup -Name "groupname" -server 'servername:port' -GroupCategory Security -GroupScope Global -DisplayName "group display name" -path "DN where new group will reside"



New-ADUser : Creates a new AD LDS user


Example : New-ADUser -name "username" -Displayname "Display Name" -server 'servername:port' -path "DN of where the new user will reside"



ADD-ADGroupMember : Adds an AD LDS user to a group


Example : Add-ADGroupMember -identity "DN of group" -member "DN of user" -partition "DN of partition where group resides"



New-ADOrganizationalUnit : Creates a new AD LDS OU


Example : New-ADOrganizationalUnit -name "OU Name" -server 'servername:port' -path "DN of OU location"



Remove-ADGroup : Removes an AD LDS group


Example : Remove-ADGroup 'SID of Group' -server 'servername:portnumber' -partition "partition where group resides"



Remove-ADGroupMember : Removes an AD LDS user from a group.


Example : Remove-ADGroupMember -identity "DN of group" -member "DN of user" -server 'servername:port' -partition "DN of partition where group resides"



Remove-ADOrganizationalUnit : Deletes an OU in AD LDS


Example : Remove-ADOrganizationalUnit -identity "DN of OU" -recursive -server 'servername:port' -partition "DN of partition where OU resides"



Remove-ADUser : Deletes a user from AD LDS


Example : Remove-ADUser -identity "DN of user" -server 'servername:port' -partition "DN of partition where user resides"



-LaNae Wade

Updated Apr 04, 2019
Version 2.0
No CommentsBe the first to comment