PowerShell.nu » Server Core

Searching through Active-Directory on Windows 2008 Server Core R2

Niklas Goude — Sat, 17 Jan 2009 16:01:09 +0000

Searching through Active-Directory can be done using the DirectorySearcher. First we need to connect to Active-Directory.


PS > $Connection = "LDAP://Server1/DC=APA,DC=CORP"
PS > $AD = [adsi] $Connection

We then create a new object containing the Searcher.


PS > $Searcher = New-Object System.DirectoryServices.DirectorySearcher $AD

In order to search through Active-Directory we have to specify a filter that tells the searcher what kind of information we wnat to look up.
First we define which objectClass we want to search through and then we specify the criterias. First we’ll search for a specicif Group.


PS > $Searcher.Filter = '(&(objectClass=Group)(name=NewGroup))'
PS > $Group = ($Searcher.FindOne()).GetDirectoryEntry()
PS > $Group


distinguishedName : {CN=NewGroup,OU=NewOU,DC=APA,DC=CORP}
Path              : LDAP://Server1/CN=NewGroup,OU=NewOU,DC=APA,DC=CORP

If we instead want to search for All groups we can specify this in the searcher.


PS > $Searcher.Filter = '(objectClass=Group)'
PS > $AllGroups = $Searcher.FindAll()
PS > $AllGroups

Path                                    Properties
----                                    ----------
LDAP://Server1/CN=Administrators,CN=... {admincount, iscriticalsystemobject,...
LDAP://Server1/CN=Users,CN=Builtin,D... {iscriticalsystemobject, samaccountn...
LDAP://Server1/CN=Guests,CN=Builtin,... {iscriticalsystemobject, samaccountn...
LDAP://Server1/CN=Print Operators,CN... {admincount, iscriticalsystemobject,...

We can also present the returned information in a variaty of ways, using ForEach-Object CmdLet.


PS > $AllGroups | ForEach { $_.GetDirectoryEntry() }


distinguishedName : {CN=Administrators,CN=Builtin,DC=APA,DC=CORP}
Path              : LDAP://Server1/CN=Administrators,CN=Builtin,DC=APA,DC=CORP

distinguishedName : {CN=Users,CN=Builtin,DC=APA,DC=CORP}
Path              : LDAP://Server1/CN=Users,CN=Builtin,DC=APA,DC=CORP

distinguishedName : {CN=Guests,CN=Builtin,DC=APA,DC=CORP}
Path              : LDAP://Server1/CN=Guests,CN=Builtin,DC=APA,DC=CORP

distinguishedName : {CN=Print Operators,CN=Builtin,DC=APA,DC=CORP}
Path              : LDAP://Server1/CN=Print Operators,CN=Builtin,DC=APA,DC=CORP

If we instead want to search for a User-Object, we can specify this in the Filter.


PS > $Searcher.Filter = '(&(objectClass=User)(name=jeapic))'
PS > $User = ($Searcher.FindOne()).GetDirectoryEntry()
PS > $User


distinguishedName : {CN=jeapic,OU=NewOU,DC=APA,DC=CORP}
Path              : LDAP://Server1/CN=jeapic,OU=NewOU,DC=APA,DC=CORP

Seraching for all Users is done as shown below


PS > $Searcher.Filter = '(objectClass=User)'
PS > $AllUser = $Searcher.FindAll()
PS > $AllUser

Path                                    Properties
----                                    ----------
LDAP://Server1/CN=Administrator,CN=U... {admincount, logonhours, iscriticals...
LDAP://Server1/CN=Guest,CN=Users,DC=... {iscriticalsystemobject, samaccountn...
LDAP://Server1/CN=SERVER1,OU=Domain ... {primarygroupid, iscriticalsystemobj...
LDAP://Server1/CN=krbtgt,CN=Users,DC... {admincount, countrycode, samaccount...
LDAP://Server1/CN=Client1,CN=Compute... {primarygroupid, iscriticalsystemobj...
LDAP://Server1/CN=SERVER2,CN=Compute... {primarygroupid, iscriticalsystemobj...
LDAP://Server1/CN=jeapic,OU=NewOU,DC... {primarygroupid, mail, displayname, ...

And last, searching for computers in Active-Directory, first we’ll search for one Computer


PS > $Searcher.Filter = '(&(objectClass=Computer)(name=Client1))'
PS > $Computer = ($Searcher.FindOne()).GetDirectoryEntry()
PS > $Computer


distinguishedName : {CN=Client1,CN=Computers,DC=APA,DC=CORP}
Path              : LDAP://Server1/CN=Client1,CN=Computers,DC=APA,DC=CORP

And finally, searching for All Computers.


PS > $Searcher.Filter = '(objectClass=Computer)'
PS > $AllComputer = $Searcher.FindAll()
PS >
PS > $AllComputer

Path                                    Properties
----                                    ----------
LDAP://Server1/CN=SERVER1,OU=Domain ... {primarygroupid, iscriticalsystemobj...
LDAP://Server1/CN=Client1,CN=Compute... {primarygroupid, iscriticalsystemobj...
LDAP://Server1/CN=SERVER2,CN=Compute... {primarygroupid, iscriticalsystemobj...

Below is the code used in this Post


$Connection = "LDAP://Server1/DC=APA,DC=CORP"
$AD = [adsi] $Connection

$Searcher = New-Object System.DirectoryServices.DirectorySearcher $AD
$Searcher.Filter = '(&(objectClass=Group)(name=NewGroup))'

$Group = ($Searcher.FindOne()).GetDirectoryEntry()
$Group

$Searcher.Filter = '(objectClass=Group)'

$AllGroups = $Searcher.FindAll()
$AllGroups | ForEach { $_.GetDirectoryEntry() }

$Searcher.Filter = '(&(objectClass=User)(name=jeapic))'

$User = ($Searcher.FindOne()).GetDirectoryEntry()
$User

$Searcher.Filter = '(objectClass=User)'

$AllUser = $Searcher.FindAll()

$Searcher.Filter = '(&(objectClass=Computer)(name=Client1))'

$Computer = ($Searcher.FindOne()).GetDirectoryEntry()
$Computer

$Searcher.Filter = '(objectClass=Computer)'

$AllComputer = $Searcher.FindAll()
$AllComputer

Adding User To Group in Active-Directory on Windows 2008 Server Core R2

Niklas Goude — Sat, 17 Jan 2009 15:59:46 +0000

To add our new User to our Group, the add() method is used as shown below.


PS > $Connection = "LDAP://Server1/CN=NewGroup,OU=NewOU,DC=APA,DC=CORP"
PS > $Group = [adsi] $Connection
PS > $User = "LDAP://Server1/CN=jeapic,OU=NewOU,DC=APA,DC=CORP"
PS > $Group.Add($User)

If we look at the memebers of the group, our user will be added.


PS > $Group.member

CN=jeapic,OU=NewOU,DC=APA,DC=CORP

In the AD MMC Snapin, we can view the changes that we made.

And if we want to remove a user from a Group we can use the Delete() method.


PS > $Group.Remove($User)

Below is the code used in this post


$Connection = "LDAP://Server1/CN=NewGroup,OU=NewOU,DC=APA,DC=CORP"
$Group = [adsi] $Connection

$User = "LDAP://Server1/CN=jeapic,OU=NewOU,DC=APA,DC=CORP"

$Group.Add($User)

Creating a User in Active-Directory on Windows 2008 Server Core R2

Niklas Goude — Sat, 17 Jan 2009 15:55:27 +0000

Creating a user is basically the same as creating a Group or an OU. First we cast the OU we want to use into a [adsi] object and then start setting the properties. After adding all properties we set a password and set Disabled to false, otherwise the account will be disabled.


PS > $Connection = "LDAP://Server1/OU=NewOU,DC=APA,DC=CORP"
PS > $OU = [adsi] $Connection
PS > $User = $OU.Create("user", "cn=jeapic")
PS > $User.Put("sAMAccountName", "jeapic")
PS > $User.Put("userPrincipalName", "jeapic@apa.corp")
PS > $User.Put("DisplayName", "Jean-Luc Picard")
PS > $User.Put("givenName", "Jean-Luc")
PS > $User.Put("sn", "Picard")
PS > $User.Put("Description", "Captain of the Enterprise")
PS > $User.Put("mail", "picard@enterprise.com")
PS > $User.SetInfo()
PS >
PS > $User.PsBase.Invoke("SetPassword", "Password123")
PS > $User.PsBase.InvokeSet("AccountDisabled", $false)
PS > $User.SetInfo()

If we want to set the account to never expires, we can edit the UserAccountControl


PS > $User.userAccountControl[0] = $User.userAccountControl[0] -bor (65536)
PS > $User.SetInfo()

Now we can check out the properties on our User.


PS > $User | Format-List *


objectClass           : {top, person, organizationalPerson, user}
cn                    : {jeapic}
sn                    : {Picard}
description           : {Captain of the Enterprise}
givenName             : {Jean-Luc}
distinguishedName     : {CN=jeapic,OU=NewOU,DC=APA,DC=CORP}
instanceType          : {4}
whenCreated           : {1/18/2009 12:08:29 AM}
whenChanged           : {1/18/2009 12:08:32 AM}
displayName           : {Jean-Luc Picard}
uSNCreated            : {System.__ComObject}
uSNChanged            : {System.__ComObject}
name                  : {jeapic}
objectGUID            : {77 84 253 130 36 215 146 76 155 38 10 217 57 208 44 45
                        }
userAccountControl    : {66080}
badPwdCount           : {0}
codePage              : {0}
countryCode           : {0}
badPasswordTime       : {System.__ComObject}
lastLogoff            : {System.__ComObject}
lastLogon             : {System.__ComObject}
pwdLastSet            : {System.__ComObject}
primaryGroupID        : {513}
objectSid             : {1 5 0 0 0 0 0 5 21 0 0 0 171 166 141 168 63 138 126 92
                         158 59 183 83 83 4 0 0}
accountExpires        : {System.__ComObject}
logonCount            : {0}
sAMAccountName        : {jeapic}
sAMAccountType        : {805306368}
userPrincipalName     : {jeapic@apa.corp}
objectCategory        : {CN=Person,CN=Schema,CN=Configuration,DC=APA,DC=CORP}
dSCorePropagationData : {1/1/1601 12:00:00 AM}
mail                  : {picard@enterprise.com}
nTSecurityDescriptor  : {System.__ComObject}
AuthenticationType    : Secure
Children              : {}
Guid                  : 4d54fd8224d7924c9b260ad939d02c2d
ObjectSecurity        : System.DirectoryServices.ActiveDirectorySecurity
NativeGuid            : 4d54fd8224d7924c9b260ad939d02c2d
NativeObject          : System.__ComObject
Parent                : LDAP://Server1/OU=NewOU,DC=APA,DC=CORP
Password              :
Path                  : LDAP://Server1/cn=jeapic,OU=NewOU,DC=APA,DC=CORP
Properties            : {objectClass, cn, sn, description...}
SchemaClassName       : user
SchemaEntry           : System.DirectoryServices.DirectoryEntry
UsePropertyCache      : True
Username              :
Options               : {}
Site                  :
Container             :

If we check out the User through the Active-Directory MMC Snapin we can varify that all information added through PowerShell is added.

If we want to Delete a User in Active-Directory, we can use the Delete() method.


PS > $Connection = "LDAP://Server1/OU=NewOU,DC=APA,DC=CORP"
PS > $OU = [adsi] $Connection
PS > $OU.delete(”user”,”CN=UserToDelete”)

Below is the code used in this post


$Connection = "LDAP://Server1/OU=NewOU,DC=APA,DC=CORP"
$OU = [adsi] $Connection
$User = $OU.Create("user", "cn=jeapic")
$User.Put("sAMAccountName", "jeapic")
$User.Put("userPrincipalName", "jeapic@apa.corp")
$User.Put("DisplayName", "Jean-Luc Picard")
$User.Put("givenName", "Jean-Luc")
$User.Put("sn", "Picard")
$User.Put("Description", "Captain of the Enterprise")
$User.Put("mail", "picard@enterprise.com")
$User.SetInfo()

$User.PsBase.Invoke("SetPassword", "Password123")
$User.PsBase.InvokeSet("AccountDisabled", $false)
$User.SetInfo()

$User.userAccountControl[0] = $User.userAccountControl[0] -bor (65536)
$User.SetInfo()

$Connection = "LDAP://Server1/OU=NewOU,DC=APA,DC=CORP"
$OU = [adsi] $Connection
$OU.delete("user", "cn=UserToDelete")

Creating a Group in Active-Directory on Windows 2008 Server Core R2

Niklas Goude — Sat, 17 Jan 2009 01:09:36 +0000

We can create Groups in Active-Directory through PowerShell. Step one is to make a connection to the OU where you want to place your Group. In this example I’ll use the OU that i created in a previous post.


PS > $Connection = "LDAP://OU=NewOU,DC=BPA,DC=CORP"
PS > $OU = [adsi] $Connection
PS > $OU


distinguishedName : {OU=NewOU,DC=APA,DC=CORP}
Path              : LDAP://OU=NewOU,DC=APA,DC=CORP

Next, we use the Create() method to create a New Group.


PS > $Group = $OU.Create("Group", "CN=NewGroup")
PS > $Group.setinfo()

If we look at the group through the MMC snapin.

It’s also possible to retrieve detailed information if we pipe the object to the Format-List CmdLet.


PS > $Group | Format-List *


objectClass           : {top, group}
cn                    : {NewGroup}
distinguishedName     : {CN=NewGroup,OU=NewOU,DC=APA,DC=CORP}
instanceType          : {4}
whenCreated           : {1/17/2009 7:45:09 AM}
whenChanged           : {1/17/2009 7:45:09 AM}
uSNCreated            : {System.__ComObject}
uSNChanged            : {System.__ComObject}
name                  : {NewGroup}
objectGUID            : {54 186 37 137 40 211 36 68 191 63 127 148 134 182 116
                        2}
objectSid             : {1 5 0 0 0 0 0 5 21 0 0 0 171 166 141 168 63 138 126 92
                         158 59 183 83 80 4 0 0}
sAMAccountName        : {$G21000-VS2BCS6RM3JL}
sAMAccountType        : {268435456}
groupType             : {-2147483646}
objectCategory        : {CN=Group,CN=Schema,CN=Configuration,DC=APA,DC=CORP}
dSCorePropagationData : {1/1/1601 12:00:00 AM}
nTSecurityDescriptor  : {System.__ComObject}
AuthenticationType    : Secure
Children              : {}
Guid                  : 36ba258928d32444bf3f7f9486b67402
ObjectSecurity        : System.DirectoryServices.ActiveDirectorySecurity
NativeGuid            : 36ba258928d32444bf3f7f9486b67402
NativeObject          : System.__ComObject
Parent                : LDAP://Server1/OU=NewOU,DC=APA,DC=CORP
Password              :
Path                  : LDAP://Server1/CN=NewGroup,OU=NewOU,DC=APA,DC=CORP
Properties            : {objectClass, cn, distinguishedName, instanceType...}
SchemaClassName       : Group
SchemaEntry           : System.DirectoryServices.DirectoryEntry
UsePropertyCache      : True
Username              :
Options               : {}
Site                  :
Container             :

If we inspect the returned information above, sAMAccountName looks a little funny, changing that is simple through PowerShell.


PS > $Connection = "LDAP://Server1/CN=NewGroup,OU=NewOU,DC=APA,DC=CORP"
PS > $Group = [adsi] $Connection

PS > $Group.put("sAMAccountName", ”NewGroup")
PS > $Group.SetInfo()

PS > $Group.sAMAccountName

NewGroup

It’s also possible to change the property directly as shown below.


PS > $Group.sAMAccountName = "Another Name"
PS > $Group.SetInfo()

Below is the code used in this post


$Connection = "LDAP://OU=NewOU,DC=APA,DC=CORP"
$OU = [adsi] $Connection

$Group = $OU.Create("Group", "CN=NewGroup")
$Group.setinfo()

$Connection = "LDAP://Server1/CN=NewGroup,OU=NewOU,DC=APA,DC=CORP"

$Group = [adsi] $Connection
$Group.put("sAMAccountName", ”NewGroup")
$Group.SetInfo()

$Group.sAMAccountName = "Another Name"
$Group.SetInfo()

Creating an OU in Active-Directory on Windows 2008 Server Core R2

Niklas Goude — Sat, 17 Jan 2009 00:53:27 +0000

When creating Organizational-Units through PowerShell, we can use the Create() method. First we need to connect to the place where we want to create it. In this example I’m going to create an OU in the top level of my domain. If you want to create further down in the structure, simply connect to the level that you wish to create the OU in.


PS > $Connect = "LDAP://Server1/DC=APA,DC=CORP"
PS > $AD = [adsi] $Connect

PS > $OU = $AD.Create("OrganizationalUnit", "OU=NewOU")
PS > $OU.SetInfo()

If we call on our variable $OU, it returns information about the object that we just created.


PS > $OU = [adsi] "LDAP://Server1/OU=NewOU,DC=APA,DC=CORP"
PS > $OU


distinguishedName : {OU=NewOU,DC=APA,DC=CORP}
Path              : LDAP://Server1/OU=NewOU,DC=APA,DC=CORP

And if we look in the Active-Directory snapin, we can see that our new OU is created.

If we want to explore the properties on our Organizational-Unit, we can simply pipe the object to the Format-List CmdLet


PS > $OU | Format-List *


objectClass           : {top, organizationalUnit}
ou                    : {NewOU}
distinguishedName     : {OU=NewOU,DC=APA,DC=CORP}
instanceType          : {4}
whenCreated           : {1/17/2009 7:34:43 AM}
whenChanged           : {1/17/2009 7:34:43 AM}
uSNCreated            : {System.__ComObject}
uSNChanged            : {System.__ComObject}
name                  : {NewOU}
objectGUID            : {169 138 178 239 63 60 113 76 153 251 193 11 61 99 27 1
                        75}
objectCategory        : {CN=Organizational-Unit,CN=Schema,CN=Configuration,DC=A
                        PA,DC=CORP}
dSCorePropagationData : {1/1/1601 12:00:00 AM}
nTSecurityDescriptor  : {System.__ComObject}
AuthenticationType    : Secure
Children              : {}
Guid                  : a98ab2ef3f3c714c99fbc10b3d631baf
ObjectSecurity        : System.DirectoryServices.ActiveDirectorySecurity
NativeGuid            : a98ab2ef3f3c714c99fbc10b3d631baf
NativeObject          : System.__ComObject
Parent                : LDAP://Server1/DC=APA,DC=CORP
Password              :
Path                  : LDAP://Server1/OU=NewOU,DC=APA,DC=CORP
Properties            : {objectClass, ou, distinguishedName, instanceType...}
SchemaClassName       : organizationalUnit
SchemaEntry           : System.DirectoryServices.DirectoryEntry
UsePropertyCache      : True
Username              :
Options               : {}
Site                  :
Container             :

If we want to modify properties, we can use the put() method. In this example we will set the City and the Description of the OU.


PS > $OU.put("l", "Gothenburg")
PS > $OU.put("Description", "www.PowerShell.nu")
PS > $OU.SetInfo()

We can check the values set by calling the Objects Property.


PS > $OU.l

Gothenburg

PS > $OU.Description

www.PowerShell.nu

If we look at the properties on our OU in the Active-Directory snapin we can see the changes.

And last step, removing an Organizational-Unit. It’s possible to accomplish through the deleteTree() method as shown below.


PS > $OU.psbase.deleteTree()

Below is the complete code used in this example:


$Connect = "LDAP://Server1/DC=APA,DC=CORP"
$AD = [adsi] $Connect

$OU = $AD.Create("OrganizationalUnit", "ou=NewOU")
$OU.SetInfo()

$OU.put("l", "Gothenburg")
$OU.put("Description", "www.PowerShell.nu")
$OU.setinfo()

$OU.psbase.deleteTree()

Connecting to Active-Directory on Windows 2008 Server Core R2

Niklas Goude — Sat, 17 Jan 2009 00:43:56 +0000

PowerShell doesn’t have any built in CmdLet for working with Active-Directory. Quest has put togheter a couple of real nice Active-Directory CmdLets that automate Active-Directory tasks. Anyway, I’m going to do a couple of posts on managing Active-Directory on a Server Core, through the DirectoryEntryAdapter. First off, let’s take a quick look at my dev Active-Directory.

Nothing strange here, Domain name is APA.CORP and the server is called Server1

Lets connect to the Active-Directory through PowerShell. First we create a connection string.


PS > $Connection = "LDAP://DC=APA,DC=CORP"

Next, we connect to Active-Directory through [adsi]


PS > $AD = [adsi] $Connection
PS > $AD


distinguishedName : {DC=APA,DC=CORP}
Path              : LDAP://Server1/DC=APA,DC=CORP

If you have alot of domain controllers in your farm you can specify which DC you want to connect to and also specify the LDAP port 389 in the connectionstring:


PS > $Connect = LDAP://Server1:389/DC=APA,DC=CORP
PS > $AD = [adsi] $Connection

If we want to explore our AD through PowerShell, we can use PsBase.Children to retrieve its children.


PS > $AD.PsBase.Children


distinguishedName : {CN=Builtin,DC=APA,DC=CORP}
Path              : LDAP://Server1/CN=Builtin,DC=APA,DC=CORP

distinguishedName : {CN=Computers,DC=APA,DC=CORP}
Path              : LDAP://Server1/CN=Computers,DC=APA,DC=CORP

distinguishedName : {OU=Domain Controllers,DC=APA,DC=CORP}
Path              : LDAP://Server1/OU=Domain Controllers,DC=APA,DC=CORP

distinguishedName : {CN=ForeignSecurityPrincipals,DC=APA,DC=CORP}
Path              : LDAP://Server1/CN=ForeignSecurityPrincipals,DC=APA,DC=CORP

distinguishedName : {CN=Infrastructure,DC=APA,DC=CORP}
Path              : LDAP://Server1/CN=Infrastructure,DC=APA,DC=CORP

distinguishedName : {CN=LostAndFound,DC=APA,DC=CORP}
Path              : LDAP://Server1/CN=LostAndFound,DC=APA,DC=CORP

distinguishedName : {CN=Managed Service Accounts,DC=APA,DC=CORP}
Path              : LDAP://Server1/CN=Managed Service Accounts,DC=APA,DC=CORP

distinguishedName : {CN=NTDS Quotas,DC=APA,DC=CORP}
Path              : LDAP://Server1/CN=NTDS Quotas,DC=APA,DC=CORP

distinguishedName : {CN=Program Data,DC=APA,DC=CORP}
Path              : LDAP://Server1/CN=Program Data,DC=APA,DC=CORP

distinguishedName : {CN=System,DC=APA,DC=CORP}
Path              : LDAP://Server1/CN=System,DC=APA,DC=CORP

distinguishedName : {CN=Users,DC=APA,DC=CORP}
Path              : LDAP://Server1/CN=Users,DC=APA,DC=CORP

It’s also possible to list all properties through the Format-List CmdLet.


PS > $AD | Format-List *


objectClass                      : {top, domain, domainDNS}
distinguishedName                : {DC=APA,DC=CORP}
instanceType                     : {5}
whenCreated                      : {1/17/2009 6:29:21 AM}
whenChanged                      : {1/17/2009 6:33:07 AM}
subRefs                          : {DC=ForestDnsZones,DC=APA,DC=CORP, DC=Domain
                                   DnsZones,DC=APA,DC=CORP, CN=Configuration,DC
                                   =APA,DC=CORP}
uSNCreated                       : {System.__ComObject}
uSNChanged                       : {System.__ComObject}
name                             : {APA}
objectGUID                       : {164 249 62 250 183 125 32 74 162 127 129 25
                                   5 219 196 229 116}
creationTime                     : {System.__ComObject}
forceLogoff                      : {System.__ComObject}
lockoutDuration                  : {System.__ComObject}
lockOutObservationWindow         : {System.__ComObject}
lockoutThreshold                 : {0}
maxPwdAge                        : {System.__ComObject}
minPwdAge                        : {System.__ComObject}
minPwdLength                     : {7}
modifiedCountAtLastProm          : {System.__ComObject}
nextRid                          : {1000}
pwdProperties                    : {1}
pwdHistoryLength                 : {24}
objectSid                        : {1 4 0 0 0 0 0 5 21 0 0 0 171 166 141 168 63
                                    138 126 92 158 59 183 83}
serverState                      : {1}
uASCompat                        : {1}
modifiedCount                    : {System.__ComObject}
auditingPolicy                   : {0 1}
nTMixedDomain                    : {0}
rIDManagerReference              : {CN=RID Manager$,CN=System,DC=APA,DC=CORP}
fSMORoleOwner                    : {CN=NTDS Settings,CN=SERVER1,CN=Servers,CN=D
                                   efault-First-Site-Name,CN=Sites,CN=Configura
                                   tion,DC=APA,DC=CORP}
systemFlags                      : {-1946157056}
wellKnownObjects                 : {System.__ComObject, System.__ComObject, Sys
                                   tem.__ComObject, System.__ComObject...}
objectCategory                   : {CN=Domain-DNS,CN=Schema,CN=Configuration,DC
                                   =APA,DC=CORP}
isCriticalSystemObject           : {True}
gPLink                           : {[LDAP://CN={31B2F340-016D-11D2-945F-00C04FB
                                   984F9},CN=Policies,CN=System,DC=APA,DC=CORP;
                                   0]}
dSCorePropagationData            : {1/17/2009 6:30:55 AM, 1/1/1601 12:00:04 AM}
otherWellKnownObjects            : {System.__ComObject}
masteredBy                       : {CN=NTDS Settings,CN=SERVER1,CN=Servers,CN=D
                                   efault-First-Site-Name,CN=Sites,CN=Configura
                                   tion,DC=APA,DC=CORP}
ms-DS-MachineAccountQuota        : {10}
msDS-Behavior-Version            : {2}
msDS-PerUserTrustQuota           : {1}
msDS-AllUsersTrustQuota          : {1000}
msDS-PerUserTrustTombstonesQuota : {10}
msDs-masteredBy                  : {CN=NTDS Settings,CN=SERVER1,CN=Servers,CN=D
                                   efault-First-Site-Name,CN=Sites,CN=Configura
                                   tion,DC=APA,DC=CORP}
msDS-IsDomainFor                 : {CN=NTDS Settings,CN=SERVER1,CN=Servers,CN=D
                                   efault-First-Site-Name,CN=Sites,CN=Configura
                                   tion,DC=APA,DC=CORP}
msDS-NcType                      : {0}
dc                               : {APA}
nTSecurityDescriptor             : {System.__ComObject}
AuthenticationType               : Secure
Children                         : {Builtin, Computers, Domain Controllers, For
                                   eignSecurityPrincipals...}
Guid                             : a4f93efab77d204aa27f81ffdbc4e574
ObjectSecurity                   : System.DirectoryServices.ActiveDirectorySecu
                                   rity
NativeGuid                       : a4f93efab77d204aa27f81ffdbc4e574
NativeObject                     : System.__ComObject
Parent                           : LDAP://Server1/DC=CORP
Password                         :
Path                             : LDAP://Server1/DC=APA,DC=CORP
Properties                       : {objectClass, distinguishedName, instanceTyp
                                   e, whenCreated...}
SchemaClassName                  : domainDNS
SchemaEntry                      : System.DirectoryServices.DirectoryEntry
UsePropertyCache                 : True
Username                         :
Options                          : {}
Site                             :
Container                        :

Below is the complete code used in this example


$Connection = "LDAP://DC=BPA,DC=CORP"

$AD = [adsi] $Connection
$AD

$AD.PsBase.Children

$AD | Format-List *

Installing Active-Directory on Windows 2008 Server Core R2

Niklas Goude — Sat, 17 Jan 2009 00:12:04 +0000

Server Core is a scaled back installation of Windows Server 2008 where no Windows Explorer is installed. The configuration is done entirly through the Command-Line interface, or by connecting remote using MMC.

All examples regarding Server Core will be done using the Windows Server 2008 R2 Beta edition, available at MSDN.

Starting off, since this is a PowerShell blog, we’ll start with installing PowerShell.


C:>start /w ocsetup MicrosoftWindowsPowerShell

After PowerShell is installed, browse to the PowerShell installation folder and start powershell.exe.


C:>%WINDIR%System32WindowsPowerShellv1.0powershell.exe

Next, we want to configure the Network Adapter Settings. this can be done either from the netsh or through WMI. In this example I’ll describe how to do it through WMI.

First we create a variable that contains information regarding our Network Adapter Configuration. To ensure that we connect to the correct Adapter, we use the Where-Object CmdLet to specify which Adapter we want to use. If you have two enabled Network Adapters it might be a good idea to have two criterias.


PS > $NetworkConfig = Get-WmiObject Win32_NetworkAdapterConfiguration
PS > $NetworkConfig | Where {$_.IPEnabled -eq $true -and $_.Description -match "Intel"}

Now that we have pinpointed our Network Adapter, we can prepare the settings that we want.


PS > $IP = "10.0.0.2"
PS > $SubNet = "255.0.0.0"
PS > $Gateway = "10.0.0.1"
PS > $Metric = [int32]1

And finally, we can update the Network Adapter Configuration with our custom settings.


PS > $NetworkConfig.EnableStatic($IP,$SubNet)
PS > $NetworkConfig.SetGateWays($Gateway,$Metric)

Changing the computername might also be a good idea. The computername can be changed through the netdom command or through wmi as the example below shows.


PS > $Computer = Get-WmiObject Win32_ComputerSystem
PS > $Computer.Rename("Server1","Password1,"Administrator")

The Server requires a Reboot before the computername changes.


PS > shutdown /r /t 0

The Active-Directory Role is added through the dcpromo command. The command takes arguments that specify the type of AD you want to setup. It’s also possible to create a list contining the information and run dcpromo with the unattend switch.

Here is an example of the list I used in my test domain. A complete description of available switches are available on TechNet

[DCINSTALL]
ReplicaOrNewDomain=Domain
NewDomain=Forest
NewDomainDNSName=APA.CORP
DomainNetBiosName=APA
InstallDNS=yes
RebootOnCompletion=Yes
SafeModeAdminPassword=Password1

Save the list in a txt file, then run dcpromo with the unattend switch and specify the path to the txt file.


PS > dcpromo /unattend:C:DCINSTALL.txt

Restart the Client and when the login screen appears, you will be able to Log on to your New Domain.

Below is the code used in this post:


start /w ocsetup MicrosoftWindowsPowerShell

%WINDIR%System32WindowsPowerShellv1.0powershell.exe

$NetworkConfig = Get-WmiObject Win32_NetworkAdapterConfiguration
$NetworkConfig | Where {$_.IPEnabled -eq $true -and $_.Description -match "Intel"}

$IP = "10.0.0.2"
$SubNet = "255.0.0.0"
$Gateway = "10.0.0.1"
$Metric = [int32]1

$NetworkConfig.EnableStatic($IP,$SubNet)
$NetworkConfig.SetGateWays($Gateway,$Metric)

$Computer = Get-WmiObject Win32_ComputerSystem
$Computer.Rename("Server1","Password1,"Administrator")

shutdown /r /t 0

dcpromo /unattend:C:DCINSTALL.txt