Starting in Windows 2008 R2, Microsoft included a PowerShell Active Directory module which includes a group of cmdlets to perform various administrative, configuration, and diagnostic tasks in your Active Directory environment. You can use these cmdlet’s to manage existing Active Directory user and computer accounts, groups, organizational units (OUs), domains and forests, domain controllers, and password policies, or you can create new ones.
The Active Directory module is available:
- On Windows 2008 R2 server when you install the AD DS or AD LDS server roles.
- As part of the Remote Server Administration Tools (RSAT) feature on a Windows Server 2008 R2 server
- As part of the RSAT feature on a Windows 7 computer
To use the AD cmdlet’s you will need to import the ActiveDirectory module in PowerShell (V2 is required):
%windir%\system32\WindowsPowerShell\v1.0\powershell.exe -noexit -command import-module ActiveDirectory
A key requirement to use the AD cmdlet’s to manage an Active Directory deployment is the following:
A Windows Server 2008 R2 Active Directory Web Services (ADWS) service must be installed on at least one domain controller in the AD domain or on one server that hosts your AD LDS instance. For more information about ADWS, see AD DS: Active Directory Web Services (http://go.microsoft.com/fwlink/?LinkID=141393).
If you receive this error:
‘Unable to find a default server with Active Directory Web Service running’
You do not have ADWS installed on at least one DC.
In addition, to use the Active Directory module in PowerShell to access or manage Active Directory services that are running on Windows Server 2008 or Windows Server 2003 computers, you need to install the Active Directory Management Gateway Service. See the Active Directory Management Gateway Service (Active Directory Web Service for Windows Server 2003 and Windows Server 2008).
Here is a useful cmdlet (that doesn’t require the ActiveDirectory module) to get information about your AD environment: