Administering AD With PowerShell...
Even If You Don't Know PowerShell

 

 "You got me started with PowerShell and in the past six months I've automated over a dozen processes at the Fortune 500 where I work.  You've made me a hero... thanks!"

a one-day course by Mark Minasi, writer of Windows IT Pro Magazine's popular Windows Power Tools columns since 1997

Where You Can Attend This Seminar •  Course Objectives  •   Course Outline  •   Course Materials  •  Bring a Class to Your Site • About the Instructor •   Attendee comments

Course Objectives

Why take this course?  Two reasons:
  • If you're administering an Active Directory, you probably have more and more things to look after, and less and less time to do it.  The answer to the problem (other than just quitting and going back to school to become a lawyer like your mother told you to do) is automation:  Useful custom reports that get generated automatically and appear in your mailbox.  Short utilities that find problems in your AD and fix them.   Knowledge of a bag of automate-able tools so easy to work with that you'll never say, "aw, heck, why try to automate that -- I can get it done in 20 minutes of clicking" again.
  • If you haven't yet adopted an automation tool, it's probably because your previous experience with automation tools is that they are (ahem) all too often arcane, spottily-documented, and feature steep learning curves.   Mark Minasi, the author of the two-decade-spanning Mastering Windows Server series of books, knows that, as he's been working with computer-based automation tools for a long time.  Mark believes that PowerShell is, however, an exception, a tool that you can get familiar with in just one day.  Furthermore, after that one day, you can use PowerShell to automate AD even if you're still running Server 2003.
  • And okay, maybe there's one more reason:  as Microsoft's "gone PowerShell," there are an increasing number of important AD tasks that you simply can't get done with anything but PowerShell.
Maybe you've heard that PowerShell's useful, but haven't had the time to look into it, or did look into it and found it dry.  In this class, however, Mark takes a different approach to teaching PowerShell.  This class isn't about PowerShell, it's about using some tools to get AD done easily and more quickly.  It just happens that you'll learn PowerShell in passing as you learn those tools!

Key Seminar Benefits

  • If you have "I really ought to learn PowerShell one of these days" on your things to do list, attending this seminar is the quickest and easiest way to accomplish that goal
  • See dozens of examples that illustrate PowerShell's usefulness to admins
  • Learn the quick path to figuring out how to find the right PowerShell tool for the job (which is a pretty useful skill, given that there are over 2,000 PowerShell commands)
  • Know how to turn PowerShell commands ("cmdlets," in PowerShell talk) into useful tools
  • Discover how to find AD accounts with particular problems using PowerShell
  • Apply your new PowerShell knowledge to Server configuration and networking tasks
  • Find out how to use PowerShell on your AD whether you're using Server 2003, Server 2012, or anything in-between
  • Create your own new PowerShell cmdlet in a simple PowerShell "module"
  • Build an AD report and tell Server to create it and email it to you every day
  • Use PowerShell to make your AD more consistent, which better prepares your AD to use 2012's new claims-based file permissions
  • Quickly learn how to create, delete, undelete and modify user accounts with PowerShell
  • Understand PowerShell's "pipeline," the essential tool that lets you "glue" two or more cmdlets together to create a productive "one-liner"
  • Use PowerShell's remote control tools to get more done in less time
  • Grasp how the ForEach and IF commands open the door to some truly flexible, powerful tools

Course Outline

  1. PowerShell:  the Value Proposition

    2. It's all well and good to promise increases in productivity, but let's get specific:  how exactly can PowerShell make your life easier?

    1. AD administration today
    2. Solving big AD problems, pre 2009:  VBScript and ADSI
    3. Contrasting PowerShell and one-liners versus VBScripts
    4. Sidebar:  PowerShell's the only way, sometimes
    5. Examples of complex AD tasks that PowerShell can make simple

  2. PowerShell Basics

    3. Next, let's see how to get PowerShell started and what it's going to require on our systems.

    1. Starting up PowerShell
    2. Making it AD-smart with a module
    3. New security and port requirements for AD PowerShell:  AD Web Service overview
    4. Making PowerShell work on Server 2003 and 2008 (it's built into 2008 R2 and later)
    5. Tasks that fit PowerShell well and those that don't
    6. A "slow motion" look at a one-liner in action
    7. Deciphering PowerShell cmdlet names
    8. How to cheat at PowerShell
    9. Solving AD problems with PowerShell:  the "filter" and the "hammer"
       
  3. Querying AD:  Meet the First Tool

    4. Much of AD administration involves finding troubled accounts, retrieving details about a particular account or just taking domain statistics.  You do that with a query tool of some kind, and PowerShell's basically got four such tools.  One of those tools, "get-aduser," will be our first order of business.  Learning your first PowerShell cmdlet's always the hardest, but get-aduser's so useful you won't notice. 

    1. Get-aduser explained
    2. Learning any cmdlet with PowerShell help
    3. Help bafflegab:  parameters, parameter sets, and positional parameters
    4. PowerShell made GUI-ish with show-command
    5. Updating Powershell help
    6. Querying AD
    7. Shortening PowerShell's long cmdlets
    8. Building useful queries easily
    9. Searching different parts of AD:  OUs, global catalog and other forests
    10. Interrogating get-aduser:  making PowerShell cough up more than just the default stuff
    11. An application:  finding users who haven't logged on in X days

  4. Side-Trip:  Making PowerShell Tools

    5. "Doing an AD query" is just another way of saying "generate the information you'd need for a cool report."  In this section, we pause from our AD focus and look at how to take any AD query and make it into a useful report with a bit of formatting and delivery.

    1. Formatting PowerShell output:  format-list, format-table, out-gridview
    2. Ordering things with the sort-object cmdlet
    3. Saving output to text for later use
    4. How to assemble a few simple commands into a simple "one-liner"
    5. Email your report with send-mailmessage
    6. Prettier one-liners:  a very, very basic PowerShell script
    7. Reference section: package up your cool new report tool in a simple PowerShell module

  5. More Query:  Search-ADAccount

    6. Get-ADUser is a quite flexible tool, but that flexibility can sometimes lead to some quite lengthy cmdlets.  That's why the AD folks at Microsoft created a more-focused search tool, "Search-ADAccount."  We'll continue our tour of PowerShell query cmdlets with Search-ADAccount. 

    1. Meet Search-ADAccount
    2. Focus:  user lockouts, disabled accounts, expired passwords and more
    3. Interrogating Search-ADAccount:  laying more pipeline
    4. Probing the pipeline:  using "where" with get-aduser to do more than search-adaccount can do
    5. Avoid inefficient searches!  A look at some do's and don'ts
    6. How to time a search to find out if it's efficient or not

  6. Query Finale:  Querying Groups and Dead Users:  Get-ADGroup and Get-ADObject

    By now, we're almost ready to move beyond queries, but sometimes you'll want to find, say, everyone in a group "X" that has criterion "Y."  In other cases, you might need to know what user accounts have been deleted.  We'll answer those questions with two more cmdlets.

    1. Finding a group's members
    2. Answering the more interesting question:  to what groups does this user belong?
    3. Cmdlets to create, modify and manage groups
    4. Dead users walking:  get-adobject

  7. Hammer Time:  Changing AD User Objects with PowerShell Cmdlets

    Thus far, we've only looked at AD user objects, but now, it's time to touch.  By now, you'll have seen that "once you've learned your first PowerShell cmdlet, you've learned 'em all," and you'll be surprised at how quickly you'll understand and employ the next bunch.  Time to change, estrange and re-arrange some user accounts! 

    1. Set-ADUser, the all-purpose account changing tool
    2. Understanding Set-ADUser syntax's "hash tables," something PowerShell uses a lot
    3. Single-purpose tools:  unlock-adaccount, disable-adaccount, enable-adaccount
    4. User management in groups with add-adgroupmember, remove-adgroupmember
    5. Password management with PowerShell
    6. AD user deletes with remove-aduser
    7. AD user undeletes with restore-adobject
    8. Tell PowerShell to stop asking you if you're sure:  putting the kibosh on "confirm"
       
  8. Assembling Hammers and Filters to Create Powerful One-Liners

    Now we know how to create filters, like "what users in the Engineers group have Sally Watkins as a manager?," and hammers, like "disable this account," "unlock this account," or whatever.  Now we'll put them together to create useful tools like "find all of the users who haven't logged on in 75 days and disable them" or "find all of the accounts in the Chicago office and make them change their passwords on their next logon" or the like.

    1. Filter review
    2. Hammer review
    3. Some prebuilt examples
    4. Your input:  what tools would you build?  How could this be useful?
    5. A plan to build your own tools
    6. Example:  bulk AD creation from a CSV file

  9. Solving More Complex AD Problems with ForEach and IF

    10. Now we've seen how to build some great automated tools, but their scope is just a little limited.  We can fix that with another PowerShell tool -- For Each.

    1. Task:  cleaning up an active directory
    2. Where the pipeline fails
    3. The answer:  ForEach
    4. ForEach versus simple pipeline work
    5. How to create a ForEach loop and how to make it work
    6. Example:  making all display names consistent
    7. Adding a dimension:  decision-making with the IF operator
    8. Wrap-up and suggestions for learning more
       

Course Materials and Course Format

The class works from PowerPoint presentations.  Every attendee gets a printed copy of the PowerPoints.  To make it possible to run this course in just one day, this runs in mainly lecture/demo format.  You'll see PowerShell run through its paces in a series of interesting and explanatory demonstrations. 

Arranging a Course At Your Location

We offer this class as a public seminar at locations around the US; you can view the current schedule at www.minasi.com/pubsems.htm.  But you needn't wait — Mark can come to your organization to teach it on-site. On-site classes offer you the flexibility to lengthen or shorten the class, add hands-on labs, modify the course's focus and zero in on your group's specific needs.  For more info, please contact out office at (757) 426-1431 between noon and five PM Eastern time or email assistant@minasi.com to discuss scheduling and fees. 

Attendee Comments on our PowerShell-related classes:

  • The last time I came to one of your classes, the PowerShell you taught me got me a new position at work.  Can't wait to see the results this time!
  • You've inspired me to learn more PowerShell!  There is a LOT of it in 2012.
  • Mark, you are very good at what you do.  Keep it up!
  • Although this wasn't actually a PowerShell class, well, I've been to a multi-day PowerShell class, and you know what?  That instructor was good... but you're better!