Deep Dive on Active Directory PowerShell Mudassir Ali Software Development Engineer Microsoft...
-
Upload
kristian-basil-bennett -
Category
Documents
-
view
219 -
download
2
Transcript of Deep Dive on Active Directory PowerShell Mudassir Ali Software Development Engineer Microsoft...
Deep Dive on Active Directory PowerShell
Mudassir AliSoftware Development EngineerMicrosoft Corporation
SIA404
Objectives and Takeaways
Objectives:Instill enthusiasm for something you might have otherwise ignoredShow you an easy way to start learning Active Directory PowerShell
Takeaways:… and to provide sufficient knowledge for you to continue on your own
How’s this going to work?
Not many slidesLots o’ demos
Scenario-drivenInteractive
Q&A when you’ve got the “Q”
Agenda
Why PowerShell?High-level Architecture of Active Directory PowerShellScenarios1. User logon taking a long time2. Update an attribute of user accounts3. User is experiencing intermittent logon failure4. Find out when is the user password expiring5. Monitor health summary of Active Directory forest
demo
Active Directory Administrative Center (ADAC)
Why PowerShell?
Past: Windows CMD shellLimited intrinsic capabilitiesRequired purpose-built external binaries to do more
Present: PowerShell Full .NET reachDiscoverability
New ‘module’-based architecture
Piping
demo
Why PowerShell?
High-level Architecture
Scenario 1
User logon taking a long time across forests
User logon is taking a long time across forestRole:
Active Directory administrator
Problem: User authentication is taking a long time across forests
Cause:The sites and subnets are not synchronized between forests
Solution: Synchronize the sites and subnets between forests
demo
Synchronize sites and subnets between forests
Scenario 2
Update an attribute of user accounts
Update an attribute of user accounts
Role: Active Directory administrator
Problem: Company just moved3,712 user’s postal codes need to change
Solution: Active Directory PowerShell
demo
Update an attribute of user accounts
Pro tip: Increase cmdlet query timeout
Active Directory PowerShell cmdlet query is timing out
Go to the target Domain ControllerOpen the “%windir%\ADWS\Microsoft.ActiveDirectory.WebServices.exe.config” fileIncrease the “OperationTimeout” parameter value
More configuration values and their details at: http://technet.microsoft.com/en-us/library/dd391908(v=ws.10).aspx
Stop-Service ADWSStart-Service ADWS
Scenario 3
Intermittent logon failures
Intermittent logon failuresRole:
Active Directory support engineer
Problem: The user is getting intermittent logon failures
Cause:The user password is not synchronized between DCs
Solution: Ensure that the user password is synchronized
demo
Intermittent logon failures
Scenario 4
When is the user password expiring?
When is the user password expiring
Role: Active Directory administrator
Problem: How to warn the user that their password is expiring
Solution: Active Directory PowerShell script
demo
When is the user password expiring
Scenario 5
Monitor replication health of an Active Directory forest
Monitor replication health of a forest
Role: Active Directory administrator
Problem: What is the replication health of my forest
Solution: Active Directory PowerShell cmdlets to monitor the replication health
demo
Monitor replication health of an Active Directory forest
Pro tip: Send an email using PowerShell# Create the message parameters$messageParameters = @{ `
Subject = “Running processes - $((Get-Date).ToShortDateString())" `Body = Get-Process| ConvertTo-Html | Out-String `From = "[email protected]" `To = "[email protected]" `SmtpServer = "SmtpHost" }
# Send the mailSend-MailMessage @messageParameters -BodyAsHtml
Takeaways & Resources
Sufficient knowledge for you to continue learning Active Directory PowerShell
Active Directory Administration with Windows PowerShell: http://technet.microsoft.com/en-us/library/dd378937(v=WS.10).aspx
Active Directory PowerShell blog: http://blogs.msdn.com/b/adpowershell/
Active Directory PowerShell: Installation using RSAT on Windows 7: http://blogs.msdn.com/b/adpowershell/archive/2009/03/24/active-directory-powershell-installation-using-rsat-on-windows-7.aspx
Related Content
SIA312 – What is new in Active Directory in Windows Server 2012SIA341 – Windows Server 2012 Dynamic Access Control Deep Dive for Active Directory and Central Authorization PoliciesSIA317 - Active Directory Virtualization Safeguards and Domain Controller Cloning with Windows Server 2012
South Hall A TechExpo (Active Directory and Dynamic Access Control)
SIA, WSV, and VIR Track Resources
Talk to our Experts at the TLC
#TE(sessioncode)
DOWNLOAD Windows Server 2012 Release Candidate
microsoft.com/windowsserverHands-On Labs
DOWNLOAD Windows Azure
Windowsazure.com/teched
Resources
Connect. Share. Discuss.
http://northamerica.msteched.com
Learning
Microsoft Certification & Training Resources
www.microsoft.com/learning
TechNet
Resources for IT Professionals
http://microsoft.com/technet
Resources for Developers
http://microsoft.com/msdn
Complete an evaluation on CommNet and enter to win!
Please Complete an Evaluation Your feedback is important!
Multipleways to Evaluate Sessions
Scan the Tagto evaluate thissession now on myTechEd Mobile
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to
be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS
PRESENTATION.