Sunday, July 11, 2010

How to use the Administrative Center and Windows PowerShell to manageActive Directory

This article is about managing Active Directory with Administrative Center and Windows PowerShell. The Active Directory Administrative Center provides a task-oriented interface for managing Active Directory. If you want to use this tool, click on the Start Button, select Administrative Tools and then select the Active Directory Administrative Center. Following are the tasks you can do with the Active Directory Administrative Center.
•    You can connect to one or more domains
•    You can create and manage user accounts
•    You can create and manage groups
•    You can create and manage organizational units
•    You can perform global searches of Active Directory

The Active Directory Administrative Center will be installed by default on Windows Server 2008 RS and is available on Windows 7 too when you install the Remote Server Administration Tools (RSAT). The Windows PowerShell is used in this tool to perform administrative tasks and relies on the .NET Framework 3.5.1. At the same time, the both of the features should be properly installed and configured for using the Active Directory Administrative Center.

Moreover, the Active Directory Administrative Center makes use of the Web services provided by Active Directory Web Services (ADWS). At least, any one of the domain controllers in each Active Directory Domain should have the ADWS installed and the related services running.

The connections are made over TCP port 9389 by default, and firewall policies must enable an exception on this port for ADWS.

Additionally, you can use the Active Directory Module for Windows PowerShell to work with Active Directory. The module will be automatically imported when you select the related option on the Administrative Tools menu. Otherwise, this module is not imported into Windows PowerShell by default, and you need to import it before you can work with any Active Directory cmdlets.

At the same time, you can import the Active Directory module at the Windows PowerShell prompt by entering Import-Module ActiveDirectory. If the module is imported, it is possible to use it with the currently running instance of Windows PowerShell. Then, it is required to import the module again the next time you start Windows PowerShell. Moreover, it is possible to list all the available cmdlets by typing get-command at the Windows PowerShell prompt. You may also use Get-help to get more information about how cmdlets are used. For example, if you enter get-help *-*, you can get a list of all cmdlets that include a synopsis of the purpose of each cmdlet. Besides, you can use get-help followed by the cmdlet name to get help documentation on a specific folder. If you use the get-help *-ad* at the Windows PowerShell prompt, you can get a list of the cmdlets that are more often used.