Меню

Active directory module for windows powershell windows 7

Azure ActiveDirectory (MSOnline)

You can use the Azure Active Directory Module for Windows PowerShell cmdlets for Azure AD administrative tasks such as user management, domain management and for configuring single sign-on. This topic includes information about how to install these cmdlets for use with your directory.

Please note that we will begin to deprecate this module when the functionality of this module is available in the newer Azure Active Directory PowerShell for Graph module. We advise customers who are creating new PowerShell scripts to use the newer module instead of this module.

Install the Azure AD Module

The Azure AD Module is supported on the following Windows operating systems with the default version of Microsoft .NET Framework and Windows PowerShell: Windows 8.1, Windows 8, Windows 7, Windows Server 2012 R2, Windows Server 2012, or Windows Server 2008 R2.

The easiest way to install the module is from the PowerShell Gallery. You can install the module with the Install-Module cmdlet:

MSOnline Public Preview module

The MSOnline Public Preview release 1.1.130.0 is no longer available for download. If you are looking for the MSOL-Settings cmdlets to manage groups settings for Unified Groups, these are now available in the newer Azure AD PowerShell V2 Public Preview module, which can be found in the Powershell Gallery for the Azure AD Preview module. You can install this module with the cmdlet

Note that the MSOL Settings cmdlets have been given a new name, more information about these cmdlets and how to use them can be found in this article.

Effective October 20, 2014, the Azure Active Directory Module for Windows PowerShell (32-bit version) is discontinued. Support for the 32-bit version will no longer occur, and future updates to the Azure Active Directory Module will be released only for the 64-bit version.

We strongly recommend you install the 64-bit version to ensure future support and compatibility.

You can also access previous versions of the Azure AD module from the Microsoft Azure Active Directory PowerShell Module Version Release History on the TechNet Wiki.

Updating the Azure AD Module

You can run the Get-Item cmdlet to check the version of the DLL files of the module that you have currently installed:

If the version number is lower than 1.0.8070.2, remove the existing version and re-install the module using the link in the previous section. Use Add/Remove Programs in Control Panel to remove Azure Active Directory Module for Windows PowerShell, or if you have an older installation, to remove Microsoft Online Services Module for Windows PowerShell. Uninstalling removes both the MSOnline and MSOnlineExtended modules.

The Remove-Module cmdlet removes the MSOnline cmdlets from the session but it does not uninstall the module.

Connect to Azure AD

Before you can run any of the cmdlets discussed in this article, you must first connect to your online service. To do so, run the cmdlet Connect-MsolService at the Windows PowerShell command prompt. You will then be prompted for your credentials. If you want, you can supply your credentials in advance, for example:

The first command prompts for credentials and stores them as $Msolcred. The next command uses those credentials as $Msolcred to connect to the service.

To connect to a specific environment of Azure Active Directory, use the AzureEnvironment parameter, as follows:

This example connects your PowerShell session to the German AzureAD environment.

See Connect-MsolService for more information.

For more information about the cmdlets, you can do the following:

  • To create a folder for help, list the cmdlets, and then open the file in notepad, you can run the following commands at the Windows PowerShell command prompt:

    View the examples for a cmdlet, run the following command at the Windows PowerShell command prompt: Get-Help -Examples

    View the name, synopsis, description, parameter descriptions, and any examples provided for a cmdlet, run the following command at the Windows PowerShell command prompt: Get-Help -Detailed

    View the name, synopsis, description, detailed parameters, and any examples provided for a cmdlet, run the following command at the Windows PowerShell command prompt: Get-Help -Full

    More about Windows PowerShell

    Windows PowerShell is a task-based command-line shell and scripting language designed for system administration. Unlike most shells, which accept and return text, Windows PowerShell is built on top of the .NET Framework, and accepts and returns .NET Framework objects. Windows PowerShell introduces the concept of a cmdlet (pronounced «command-let»), a simple, single-function command-line tool built into the shell. Cmdlets have the following naming convention: a verb and noun separated by a dash (-), such as Get-Help, Get-Process, and Start-Service. Windows PowerShell includes more than one hundred basic core cmdlets. For more information about Windows PowerShell, see Getting Started with Windows PowerShell.

    Источник статьи: http://docs.microsoft.com/en-us/powershell/azure/active-directory/install-msonlinev1?view=azureadps-1.0

    Active Directory

    The Active Directory module for Windows PowerShell is a PowerShell module that consolidates a group of cmdlets. You can use these cmdlets to manage your Active Directory domains, Active Directory Lightweight Directory Services (AD LDS) configuration sets, and Active Directory Database Mounting Tool instances in a single, self-contained package.

    If you don’t have the Active Directory module installed on your machine, you need to download the correct Remote Server Administration Tools (RSAT) package for your OS. If you’re running Windows 7, you will also need to run the import-module ActiveDirectory command from an elevated PowerShell prompt. For more detail, see RSAT for Windows operating systems. Starting with Windows 10 October 2018 Update, RSAT is included as a set of Features on Demand right from Windows 10. Now, instead of downloading an RSAT package you can just go to Manage optional features in Settings and click Add a feature to see the list of available RSAT tools. Select and install the specific RSAT tools you need. To see installation progress, click the Back button to view status on the Manage optional features page.

    If you want to use this module in PowerShell 7, please see PowerShell 7 module compatibility.

    ActiveDirectory

    Adds central access rules to a central access policy in Active Directory.

    Adds one or more service accounts to an Active Directory computer.

    Adds users, computers, and groups to the allowed or denied list of a read-only domain controller password replication policy.

    Applies a fine-grained password policy to one more users and groups.

    Adds one or more members to an Active Directory group.

    Adds a member to one or more Active Directory groups.

    Adds one or more resource properties to a resource property list in Active Directory.

    Clears the expiration date for an Active Directory account.

    Removes a claims transformation from being applied to one or more cross-forest trust relationships in Active Directory.

    Disables an Active Directory account.

    Disables an Active Directory optional feature.

    Enables an Active Directory account.

    Enables an Active Directory optional feature.

    Gets the accounts token group information.

    Gets the resultant password replication policy for an Active Directory account.

    Gets one or more Active Directory Domain Services authentication policies.

    Gets one or more Active Directory Domain Services authentication policy silos.

    Retrieves central access policies from Active Directory.

    Retrieves central access rules from Active Directory.

    Returns one or more Active Directory claim transform objects based on a specified filter.

    Returns a claim type from Active Directory.

    Gets one or more Active Directory computers.

    Gets the service accounts hosted by a computer.

    Gets a list of installed programs and services present on this domain controller that are not in the default or user defined inclusion list.

    Gets the default password policy for an Active Directory domain.

    Gets an Active Directory domain.

    Gets one or more Active Directory domain controllers based on discoverable services criteria, search parameters or by providing a domain controller identifier, such as the NetBIOS name.

    Gets the members of the allowed list or denied list of a read-only domain controller’s password replication policy.

    Gets the Active Directory accounts that are authenticated by a read-only domain controller or that are in the revealed list of the domain controller.

    Gets one or more Active Directory fine-grained password policies.

    Gets the users and groups to which a fine-grained password policy is applied.

    Gets an Active Directory forest.

    Gets one or more Active Directory groups.

    Gets the members of an Active Directory group.

    Gets one or more Active Directory objects.

    Gets one or more Active Directory optional features.

    Gets one or more Active Directory organizational units.

    Gets the Active Directory groups that have a specified user, computer, group, or service account.

    Gets the replication metadata for one or more Active Directory replication partners.

    Returns a specific Active Directory replication connection or a set of AD replication connection objects based on a specified filter.

    Returns a collection of data describing an Active Directory replication failure.

    Returns the replication metadata for a set of one or more replication partners.

    Returns the contents of the replication queue for a specified server.

    Returns a specific Active Directory replication site or a set of replication site objects based on a specified filter.

    Returns a specific Active Directory site link or a set of site links based on a specified filter.

    Gets a specific Active Directory site link bridge or a set of site link bridge objects based on a specified filter.

    Gets one or more Active Directory subnets.

    Displays the highest Update Sequence Number (USN) for the specified domain controller.

    Gets one or more resource properties.

    Gets resource property lists from Active Directory.

    Gets a resource property value type from Active Directory.

    Gets the root of a directory server information tree.

    Gets one or more Active Directory managed service accounts or group managed service accounts.

    Gets all trusted domain objects in the directory.

    Gets one or more Active Directory users.

    Gets the resultant password policy for a user.

    Grants permission to join an authentication policy silo.

    Installs an Active Directory managed service account on a computer or caches a group managed service account on a computer.

    Moves a directory server in Active Directory to a new site.

    Moves operation master roles to an Active Directory directory server.

    Moves an Active Directory object or a container of objects to a different container or domain.

    Creates an Active Directory Domain Services authentication policy object.

    Creates an Active Directory Domain Services authentication policy silo object.

    Creates a new central access policy in Active Directory containing a set of central access rules.

    Creates a central access rule in Active Directory.

    Creates a new claim transformation policy object in Active Directory.

    Creates a new claim type in Active Directory.

    Creates a new Active Directory computer object.

    Performs prerequisite checks for cloning a domain controller and generates a clone configuration file if all checks succeed.

    Creates a new Active Directory fine-grained password policy.

    Creates an Active Directory group.

    Creates an Active Directory object.

    Creates an Active Directory organizational unit.

    Creates an Active Directory replication site in the directory.

    Creates a new Active Directory site link for in managing replication.

    Creates a site link bridge in Active Directory for replication.

    Creates an Active Directory replication subnet object.

    Creates a resource property in Active Directory.

    Creates a resource property list in Active Directory.

    Creates a new Active Directory managed service account or group managed service account object.

    Creates an Active Directory user.

    Removes an Active Directory Domain Services authentication policy object.

    Removes an Active Directory Domain Services authentication policy silo object.

    Removes a central access policy from Active Directory.

    Removes central access rules from a central access policy in Active Directory.

    Removes a central access rule from Active Directory.

    Removes a claim transformation policy object from Active Directory.

    Removes a claim type from Active Directory.

    Removes an Active Directory computer.

    Removes one or more service accounts from a computer.

    Removes users, computers, and groups from the allowed or denied list of a read-only domain controller password replication policy.

    Removes an Active Directory fine-grained password policy.

    Removes one or more users from a fine-grained password policy.

    Removes an Active Directory group.

    Removes one or more members from an Active Directory group.

    Removes an Active Directory object.

    Removes an Active Directory organizational unit.

    Removes a member from one or more Active Directory groups.

    Deletes the specified replication site object from Active Directory.

    Deletes an Active Directory site link used to manage replication.

    Deletes a replication site link bridge from Active Directory.

    Deletes the specified Active Directory replication subnet object from the directory.

    Removes a resource property from Active Directory.

    Removes one or more resource property lists from Active Directory.

    Removes one or more resource properties from a resource property list in Active Directory.

    Removes an Active Directory managed service account or group managed service account object.

    Removes an Active Directory user.

    Changes the name of an Active Directory object.

    Resets the password for a standalone managed service account.

    Restores an Active Directory object.

    Revokes membership in an authentication policy silo for the specified account.

    Gets Active Directory user, computer, or service accounts.

    Modifies the authentication policy or authentication policy silo of an account.

    Modifies user account control (UAC) values for an Active Directory account.

    Sets the expiration date for an Active Directory account.

    Modifies the password of an Active Directory account.

    Modifies an Active Directory Domain Services authentication policy object.

    Modifies an Active Directory Domain Services authentication policy silo object.

    Modifies a central access policy in Active Directory.

    Modifies a central access rule in Active Directory.

    Applies a claims transformation to one or more cross-forest trust relationships in Active Directory.

    Sets the properties of a claims transformation policy in Active Directory.

    Modify a claim type in Active Directory.

    Modifies an Active Directory computer object.

    Modifies the default password policy for an Active Directory domain.

    Modifies an Active Directory domain.

    Sets the domain mode for an Active Directory domain.

    Modifies an Active Directory fine-grained password policy.

    Modifies an Active Directory forest.

    Sets the forest mode for an Active Directory forest.

    Modifies an Active Directory group.

    Modifies an Active Directory object.

    Modifies an Active Directory organizational unit.

    Sets properties on Active Directory replication connections.

    Sets the replication properties for an Active Directory site.

    Sets the properties for an Active Directory site link.

    Sets the properties of a replication site link bridge in Active Directory.

    Sets the properties of an Active Directory replication subnet object.

    Modifies a resource property in Active Directory.

    Modifies a resource property list in Active Directory.

    Modifies an Active Directory managed service account or group managed service account object.

    Modifies an Active Directory user.

    Displays the Edit Access Control Conditions window update or create security descriptor definition language (SDDL) security descriptors.

    Replicates a single object between any two domain controllers that have partitions in common.

    Tests a managed service account from a computer.

    Uninstalls an Active Directory managed service account from a computer or removes a cached group managed service account from a computer.

    Источник статьи: http://docs.microsoft.com/en-us/powershell/module/addsadministration/?view=win10-ps


Adblock
detector