Windows 8 Active Directory: New Deployment PowerShell Cmdlets

In my previous blog post, I talked about some of the new cmdlets that were introduced in Windows Server 8 for managing Active Directory. Today, we’ll focus on cmdlets that were added for deploying and configuring Active Directory.

Previously, if you wanted to configure AD DS, you had to use the DCPROMO.exe utility. However, in Windows Server 8 this tool has been deprecated and replaced by a brand new cmdlet: Install-ADDSDomainController.

The cmdlets for deploying ADDS have been grouped into a separate module: ADDSDeployment. As a result, you can run the following command to retrieve a list of all available cmdlets within the module:

Get-Command –Module ADDSDeployment

Get-ActiveDirectoryDomainNames                                                
Get-ActiveDirectorySiteNames                                                  
Invoke-ADDSCanContactOtherDCsinDomain                                         
Invoke-ADDSDoesDCHostOperationMasterRole                                      
Invoke-ADDSDoesDNSDelegationForThisMachineExistInParentZone                   
Invoke-ADDSDoesDomainNamingContextExist                                       
Invoke-ADDSGetAllowedRodcReplicationAccounts                                  
Invoke-ADDSGetApplicationPartitionsInForest                                   
Invoke-ADDSGetDatabaseFacts                                                   
Invoke-ADDSGetDefaultDNSOption                                                
Invoke-ADDSGetDefaultSiteName                                                 
Invoke-ADDSGetDeniedRodcReplicationAccounts                                   
Invoke-ADDSGetDnsDelegationOptions                                            
Invoke-ADDSGetDomainControllersInDomain                                       
Invoke-ADDSGetExistingDCAccountInfo                                           
Invoke-ADDSGetForestFunctionalLevel                                           
Invoke-ADDSGetGeneratedNetbiosName                                            
Invoke-ADDSGetNDNCListWithNoOtherReplicas                                     
Invoke-ADDSGetSuitableHelperDomainController                                  
Invoke-ADDSIsDc                                                               
Invoke-ADDSIsRodc                                                             
Invoke-ExpandEnvironmentVariables                                             
Restart-DeploymentTarget                                                      
Test-VerifyADPrepCredential                                                   
Test-VerifyAppPartitionRemoval                                                
Test-VerifyAvailableWinDirSpace                                               
Test-VerifyCertServiceExists                                                  
Test-VerifyChild                                                              
Test-VerifyComputerName                                                       
Test-VerifyComputerWasRenamedAndNeedsReboot                                   
Test-VerifyCurrentUserIsAdministrator                                         
Test-VerifyDCServiceAvailableForDemotion                                      
Test-VerifyDemote                                                             
Test-VerifyDnsConfigOptions                                                   
Test-VerifyDnsDelegationRemoval                                               
Test-VerifyDnsRegistration                                                    
Test-VerifyDomainUpgradeStatus                                                
Test-VerifyForestName                                                         
Test-VerifyForestUpgradeStatus                                                
Test-VerifyFsmoForceRemoval                                                   
Test-VerifyInfrastructureMasterOnline                                         
Test-VerifyIsComputerNameValid                                                
Test-VerifyMachineAdminPassword                                               
Test-VerifyNamingMasterOnline                                                 
Test-VerifyNetBiosName                                                        
Test-VerifyNotInSafeBootMode                                                  
Test-VerifyNtfs5DriveAvailable                                                
Test-VerifyPaths                                                              
Test-VerifyReplica                                                            
Test-VerifyReplicateFromMedia                                                 
Test-VerifyReplicationPartner                                                 
Test-VerifyRequiredPortsAreAvailable                                          
Test-VerifyRODCUpgradeStatus                                                  
Test-VerifySafeModePassword                                                   
Test-VerifySchemaMasterOnline                                                 
Test-VerifySelectedDcAccount                                                  
Test-VerifySiteSelection                                                      
Test-VerifySupportedPlatform                                                  
Test-VerifyTcpIPIsInstalledAndFunctioning                                     
Test-VerifyTree                                                               
Test-VerifyUserCredentialPermissions                                          
Test-VerifyUserCredentials                                                    
Test-VerifyValidRoleChangeState                                               
Add-ADDSReadOnlyDomainControllerAccount                                       
Install-ADDSDomain                                                            
Install-ADDSDomainController                                                  
Install-ADDSForest                                                            
Test-ADDSDomainControllerInstallation                                         
Test-ADDSDomainControllerUninstallation                                       
Test-ADDSDomainInstallation                                                   
Test-ADDSForestInstallation                                                   
Test-ADDSReadOnlyDomainControllerAccountCreation                              
Uninstall-ADDSDomainController                                                

Together with new deployment cmdlets, you now have also a bunch of test-cmdlets which can verify your installation and prove useful during troubleshooting.

We’re facing some exiting times as these new cmdlets will allow you to create more comprehensive scripts. Not only for AD Management, but also for deployment and testing!

Until later!

Blog

Windows 8 Active Directory: New PowerShell Cmdlets

Windows 8 Server will bring a whole lot of changes compared to it’s predecessor: Windows 2008 R2. There has already been a lot of fuzz about these changes, and today I’d like to take a moment and take a look at what new cmdlets we’ve been given to manage Active Directory.

As you all know, Server 2008 R2 gave us the ability to natively manage Active Directory from PowerShell through the AD Module for PowerShell. Unfortunately, not everything could be managed. Although third-party tools (like Quest’s AD cmdlets) made up for it, I always missed the “native” support.

With Windows 8, Microsoft has added quite some new cmdlets to support Active Directory (58 to be exactly), which brings the total amount of cmdlets in the AD Module to 134! Please not that I got this number from the Developer preview and it’s always possible that this amount changes in the RTM-version.

A lot of the new cmdlets fit the gap with before (e.g. AD Replication), others are related to new features as the new claims-based “Dynamic Access Control”.

The following list shows all the cmdlets that have been added:

Add-ADCentralAccessPolicyMember
Add-ADResourcePropertyListMember
Clear-ADClaimTransformLink
Get-ADCentralAccessPolicy                                                     
Get-ADCentralAccessRule                                                       
Get-ADClaimTransformPolicy                                                    
Get-ADClaimType   
Get-ADDCCloningExcludedApplicationList  
Get-ADReplicationAttributeMetadata                                            
Get-ADReplicationConnection                                                   
Get-ADReplicationFailure                                                      
Get-ADReplicationPartnerMetadata                                              
Get-ADReplicationQueueOperation                                               
Get-ADReplicationSite                                                         
Get-ADReplicationSiteLink                                                     
Get-ADReplicationSiteLinkBridge                                               
Get-ADReplicationSubnet                                                       
Get-ADReplicationUpToDatenessVectorTable                                      
Get-ADResourceProperty                                                        
Get-ADResourcePropertyList                                                    
Get-ADResourcePropertyValueType
Get-ADTrust 
New-ADCentralAccessPolicy                                                     
New-ADCentralAccessRule                                                       
New-ADClaimTransformPolicy                                                    
New-ADClaimType            
New-ADReplicationSite                                                         
New-ADReplicationSiteLink                                                     
New-ADReplicationSiteLinkBridge                                               
New-ADReplicationSubnet                                                       
New-ADResourceProperty                                                        
New-ADResourcePropertyList 
Remove-ADCentralAccessPolicy                                                  
Remove-ADCentralAccessPolicyMember                                            
Remove-ADCentralAccessRule                                                    
Remove-ADClaimTransformPolicy                                                 
Remove-ADClaimType          
Remove-ADReplicationSite                                                      
Remove-ADReplicationSiteLink                                                  
Remove-ADReplicationSiteLinkBridge                                            
Remove-ADReplicationSubnet                                                    
Remove-ADResourceProperty                                                     
Remove-ADResourcePropertyList                                                 
Remove-ADResourcePropertyListMember  
Set-ADCentralAccessPolicy                                                     
Set-ADCentralAccessRule                                                       
Set-ADClaimTransformLink                                                      
Set-ADClaimTransformPolicy                                                    
Set-ADClaimType        
Set-ADReplicationConnection                                                   
Set-ADReplicationSite                                                         
Set-ADReplicationSiteLink                                                     
Set-ADReplicationSiteLinkBridge                                               
Set-ADReplicationSubnet                                                       
Set-ADResourceProperty                                                        
Set-ADResourcePropertyList
Sync-ADObject                                                                 
Test-ADServiceAccount  

Note: if you are interested in getting the full list of cmdlets, try running the following cmdlet:

Get-Command –Module ActiveDirectory

To view the total amount of cmdlets, you could easily do the following:

$commands = Get-Command –Module ActiveDirectory
$commands.count

Until later,

Michael

Blog