Introducing Windows PowerShell
Windows PowerShell is a task-based command-line shell and
scripting language designed especially for system administration, and
it is the recommended tool for performing and automating
administrative tasks in Windows Server 2008 R2. Built on the Microsoft
.NET Framework, Windows PowerShell helps IT professionals control and
automate the administration of several Microsoft technologies,
including the Windows operating system, AD DS, SharePoint 2010, and
Microsoft Exchange Server 2007 and later.
With Windows PowerShell commands, called
cmdlets, you can perform management tasks from
the command line. With Windows PowerShell
providers, you can access data stores, such as
the registry and Active Directory, as easily as you access the file
system. In addition, Windows PowerShell has a rich expression parser
and a fully developed scripting language.
Tip
EXAM TIP
This section introduces you to Windows PowerShell so that you
can become familiar with this important administrative tool. You are
not expected to create Windows PowerShell scripts on the 70-640
exam; however, you should be able to recognize cmdlets used for
basic Active Directory tasks such as those described in this
training kit. If you want to learn to administer using Windows
PowerShell, refer to Windows PowerShell 2.0
Administrator’s Pocket Consultant by William R. Stanek
(Microsoft Press, 2009).
Windows PowerShell includes the following features:
-
Cmdlets for performing common system administration
tasks.
-
A task-based scripting language.
-
Support for existing scripts and command-line tools. For
example, you can perform most Command Prompt (Cmd.exe) commands
with Windows PowerShell.
-
Consistent design. Because cmdlets and system data stores
use common syntax and naming conventions, data can be shared
easily and the output from one cmdlet can be used as the input to
another cmdlet without reformatting or manipulation.
-
Providers that expose system resources such as the registry,
certificate store, and directory service for simplified navigation
by using the same techniques that users employ to navigate the
file system.
-
Powerful object manipulation capabilities. You can
manipulate objects directly or send them to other tools or
databases.
-
Extensible interface. Independent software vendors and
enterprise developers can build custom tools and utilities to
administer their software.
Preparing to Administer Active Directory Using Windows
PowerShell
Windows PowerShell 2.0 is installed by default in Windows Server
2008 R2 and Windows 7. You can open a Windows PowerShell console from
the Accessories, Windows PowerShell program group in the Start menu,
or by running Powershell.exe.
Windows PowerShell provides native support for hundreds of
commands called cmdlets (pronounced,
“command-lets”), and you can add functionality to a session by
importing modules or
snapins. A module or snap-in is a package of
cmdlets and other items. Windows Server 2008 R2 introduces the Active
Directory module for Windows PowerShell. The module must be added to
the system on which you will use Windows PowerShell to administer
Active Directory—to your administrative workstation, for example. When
you use Server Manager to add the Active Directory Domain Services (AD
DS) role to a server running Windows Server 2008 R2, the Active
Directory module for Windows PowerShell features is added by
default.
You can install the Active Directory module on a server running Windows
Server 2008 R2 by using Server Manager to add the feature. To install
the module on your Windows 7 workstation, perform the following
steps:
The Active Directory module for Windows PowerShell is the client
side of the administrative module. The module communicates with Active
Directory by using a set of web services provided by the Active Directory Web Services (ADWS). ADWS—the server
side of the administrative module—must be installed on at least one
domain controller in the domain that can be accessed from your
administrative workstation. ADWS is installed automatically when you
promote a domain controller running Windows Server 2008 R2. If you
want to add ADWS to a domain controller running an earlier version of
Windows Server, you must download Active Directory Management Gateway
Service (Active Directory Web Service for Windows Server 2003 and
Windows Server 2008) from http://www.microsoft.com/downloads/en/details.aspx?displaylang=en&FamilyID=008940c6-0296-4597-be3e-1d24c1cf0dda.
The service can be added to a domain controller running Windows Server
2003 or Windows Server 2008, as long as the .NET Framework version 3.5
with Service Pack 1 (SP1) is installed, along with the hotfixes listed
on the download page.
Note
WEB SERVICES FOR ACTIVE
DIRECTORY
ADWS provides XML Web Services–based protocols to interact with
Active Directory. The Active Directory module for Windows PowerShell
communicates with these services to perform administrative tasks.
This model is a departure from other interfaces including
Lightweight Directory Access Protocol (LDAP) and Active Directory
Services Interface (ADSI), which continue to be supported and used
by legacy tools including Active Directory Users And
Computers.
When ADWS is running on at least one domain controller (and
remember, it is installed automatically on a Windows Server 2008 R2
domain controller), and the Active Directory Module For Windows
PowerShell is available (which is also added automatically to a
Windows Server 2008 R2 domain controller), you are ready to administer
Active Directory with Windows PowerShell. You can open the Active
Directory Module For Windows PowerShell from the Administrative Tools
program group, or you can import the module into a PowerShell session
by typing the following command:
Import-Module ActiveDirectory
The Windows PowerShell console looks very similar to the command
prompt of Cmd.exe except that the prompt includes
PS. Figure 1 shows two
instances of the Windows PowerShell console. One instance was launched
by opening the Active Directory Module For Windows PowerShell from the
Administrative Tools program group. The second was launched by running
Powershell.exe and then importing the Active Directory module. You could use either instance
to administer the domain.
Note
ONE WINDOWS, ONE
SHELL
Windows PowerShell enables you to launch programs and execute
commands that are identical to those in Command Prompt. For example,
you can type dir, cls, ipconfig /all,
and robocopy in Windows PowerShell,
just as you can in Command Prompt. Therefore, Windows PowerShell is
backward compatible for administrators. If you use Windows
PowerShell, you can perform administrative tasks either with
familiar Cmd.exe commands or with Windows
PowerShell cmdlets.
In traditional shells such as Command Prompt (Cmd.exe), you
issue commands such as dir or
copy that access utilities built into the shell,
or you call executable programs, such as Attrib.exe or Xcopy.exe, many
of which accept parameters from the command line and return feedback
in the form of output, errors, and error codes.
In Windows PowerShell, you issue directives by using cmdlets. A cmdlet is a single-feature command that
manipulates an object. The Active Directory module ships with 76
cmdlets for Windows PowerShell, so it is not recommended that you try
to memorize them all. Instead, you should know how to discover and get
help about a cmdlet when you need it. Over time, you will memorize the
cmdlets that you use regularly.
Luckily, Windows PowerShell is a modern command-line and
automation interface, and it benefits from lessons learned from past
command-line environments, such as Command Prompt. One of the most
immediately useful sets of features are those that help you discover
cmdlets and learn syntax easily.
The Get-Command cmdlet lists cmdlets.
Simply type the following command to list all cmdlets available within
the Windows PowerShell session:
Get-Command
Cmdlets are not case-sensitive. Therefore, the following cmdlets
are equivalent:
-
Get-Command
-
get-command
-
GET-COMMAND
Cmdlets always follow the Verb-Noun format,
also called the Action-Object format. The
Noun is always singular. For example, the cmdlet
to list all services running on a computer is
Get-Service. To list all processes running on a
computer, type the following command:
Get-Service
Windows PowerShell standardizes cmdlets and supports a managed
number of verbs. You can display a list of supported verbs with the
Get-Verb cmdlet. Nouns follow naming standards
managed by the Windows PowerShell team. For example, all Active
Directory nouns begin with AD.
You can use these standards to list all Active Directory
cmdlets. Type the following command:
Get-Command -Noun AD* | More
Note
| MORE
Windows PowerShell supports much of the same syntax as Command
Prompt, which eases the transition to Windows PowerShell. As in
Command Prompt, adding | more to a command
pages the output of the command.
The command shown in the preceding paragraph is a shortcut based
on the fact that all Active Directory nouns begin with
AD. A more technically accurate approach is to
list all of the commands in the Active Directory for Windows
PowerShell. To list the commands in the module, type the following
command:
Get-Command -Module ActiveDirectory
You will instantly recognize the purpose of some cmdlets based on their names. For example, the
Get-ADGroupMember cmdlet lists—or enumerates—members
of a group.
