Archive

Archive for the ‘Active Directory’ Category

Active Directory Administrative Center — a New AD interface for Win7 and Win 2008

February 11th, 2010 No comments

Since the time I started working with active directory, I have seen only one official interface, dsa.msc(ADUC) to work with active directory objects(users, computers, etc) — I am bored with it. With the introduction of Windows 7 and Win 2008 R2, MS has brought improvements to the way how administer your active directory with “Active Directory Administrative Center”.

Built on Windows PowerShell™ command-line interface technology, Active Directory Administrative Center provides network administrators with an enhanced Active Directory data management experience and a rich graphical user interface (GUI). Administrators can use Active Directory Administrative Center to perform common Active Directory object management tasks through both data-driven navigation and task-oriented navigation.

You can use Active Directory Administrative Center to perform the following Active Directory administrative tasks:

  • Create new user accounts or manage existing user accounts
  • Create new groups or manage existing groups
  • Create new computer accounts or manage existing computer accounts
  • Create new organizational units (OUs) and containers or manage existing OUs
  • Connect to one or several domains or domain controllers in the same instance of Active Directory Administrative Center, and view or manage the directory information for those domains or domain controllers
  • Filter Active Directory data by using query-building search

In addition, you can use the enhanced GUI to customize Active Directory Administrative Center to suite your particular directory service administering requirements. This can help improve your productivity and efficiency as you perform common Active Directory object management tasks.

So, what should be my domain to get ADAC?

If your domain level is 2008 R2, then it should work by default as it comes with ADMGS(Active Directory Management Gateway Service) which has ADWS(Active Directory Web Services) as built-in component. No worries if you have 2003 domain level also as microsft recently started to support ADWS on Windows 2003 domain controller.

Then, how can I install ADWS on my windows 2003 domain?

Active Directory powerShell blog already spoke about this. Visit http://blogs.msdn.com/adpowershell/archive/2009/06/23/use-active-directory-powershell-to-manage-windows-2003-2008-dcs.aspx for more details about this.

In brief, you should follow below steps to download ADWS source/documentation.

  1. Visit http://connect.microsoft.com and enter the invitation ID ADWS-FDBT-CVJK on the home page.
  2. Sign in using your live/hotmail ID
  3. Active Directory Management Gateway Service download details and instructions will be available to you on MS Connect site – http://connect.microsoft.com/ADWS/

Ok, I have my server side setup done. How to get the ADAC console on my machine?

You client should be running Windows 7 or Windows 2008 atleast to get this client.

  1. Install your RSAT on your machine
  2. Go to Control Panel and search for “turn windows features on or off” and select it from search results
  3. It diplays below windows and navigate to Active Directory Administrative Center and select the check box
  4. Click OK to complete the installation.

Now installation part is done, how to launch it?

Go to Start -> Run and enter “DSAC.exe” to launch the ADAC console and enjoy it’s rich features.

References :

ADAC : http://technet.microsoft.com/en-us/library/dd560651(WS.10).aspx

RSAT for Win 7: Refer to Step-3 in http://techibee.com/windows-2008/implement-group-policy-preferences-in-windows-2003-environment/161

Hope this helps you…

Happy Learning..,
Sitaram Pamarthi

Categories: Active Directory Tags: ,

PowerShell Commands to list domain controllers in Domain.

December 2nd, 2009 No comments
My previous article talks about listing domain controllers in a domain in non-powershell world. But with introduction of powershell things changed a lot to give more flexibility to system administrators and developers.
 Below piece of powershell code helps to you get it.
 List domain Controllers in domain:

$localdomain = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()
$localdomain | % { $_.DomainControllers } | Select name
  

List all domain controllers in forest

 

$localdomain = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()$localdomain.forest.domains | % { $_.DomainControllers } | Select name

You can count the no. of domain controllers also.

 

($localdomain.forest.domains | % { $_.DomainControllers } | Select name).count
Happy Learning..,
Sitaram Pamarthi

Categories: Active Directory, PowerShell Tags:

Find password last set/reset time using Powershell

December 1st, 2009 2 comments

This small piece of code helps you to know when a active directory user has changed his password last time. Use your own inventions to make the output appear the way you want.

$user = “user1″
$searcher=New-Object DirectoryServices.DirectorySearcher
$searcher.Filter=”(&(samaccountname=$user))”
$results=$searcher.findone()
$changedtime  = [datetime]::fromfiletime($results.properties.pwdlastset[0])
write-host -b blue -f red The user, $user has changed password last time at $changedtime

It will be more easy if you have Quest PowerShell Cmdlets for active roles installed in your PC. Download it from Quest site and install on your machine and execute the below oneliner in Quest powershell window.

Get-QADUser user1 | ft displayname, PasswordLastSet

Happy Learning..,
Sitaram Pamarthi

Categories: Active Directory, PowerShell Tags: