UNIT 4 LAB INSTRUCTIONS: ADMINISTERING ACTIVE DIRECTORY WITH POWERSHELLOVERVIEWThe Active Directory database is the primary source of data about network objects within aWindows domain. It is used to provision computers and users and configure access to resourcesin a Windows network. In this lab, you will learn to query Active Directory and performcommon administrative tasks using PowerShell.OBJECTIVES
8.3.8.4.
Query the Active Directory database to locate informationProvision users, groups, and computer in Active Directory
PREREQUISITES
A virtual machine running the Windows 7 Operating systemA virtual machine running the Windows 8.1 or later operating systemA virtual machine running the Windows Server 2012 R2 or later operating system
SCENARIOYour organization is investigating the use of the command line and scripting for networkadministration. Active Directory is a key component of your network and you need to be able touse PowerShell for administration. You have decided to investigate the PowerShell featuresavailable for managing Active Directory in your lab environment.TASKSEXPLORING ACTIVE DIRECTORY COMMANDSPowerShell comes with a module with commands for managing Active Directory. The module isnamed ActiveDirectory. On a Windows server machine, the Active Directory module is installedas part of the Active Directory installation. On a client machine, you need to download andinstall the Remote Server Administration tools from Microsoft’s website or import the moduleinto a PowerShell session. Once the module is installed, you need to import the module into thecurrent session. This step is not required on systems that have dynamic module loading turnedon (Windows 8.1 and Windows Server 2012 R2 or newer. On these systems, modules areloaded dynamically when a user attempts to use one of its commands.To import the Active Directory Module, perform the following:1. Logon to the DC1 Virtual machine as corpadministrator2. Open a PowerShell session with admin rights.3. Type the following in PowerShell:Import-Module ActiveDirectoryUNIT 4 LAB INSTRUCTIONS: ADMINISTERING ACTIVE DIRECTORY WITH POWERSHELL4. You should see some information flashing at the top of the screen and then thecommand prompt is displayed again.5. Type the following to view the commands in the Active Directory module:Get-Command -Module ActiveDirectory6. You should see the screen shown in Figure 1 below.Figure 1 – Partial listing of commands in AD Module7. We will explore some of these commands in the following tasks.UNIT 4 LAB INSTRUCTIONS: ADMINISTERING ACTIVE DIRECTORY WITH POWERSHELLCREATING ORGANIZATIONAL UNITSYour organization has the Active Directory OU structure shown inFigure 2. Organizational Units are used to organize object in ActiveDirectory for ease of location and for delegation of administrativecontrol and application of group policies. You wish to replicate theOUs in your lab environment using PowerShell.To create an organizational unit (OU), perform the following:1. Logon to the DC1 virtual machine as the corpadministrator2. Open a PowerShell session with admin rights.3. Import the Active Directory module if not already imported.4. Type the following command to create the SC OU:New-ADOrganizationalUnit -Name SC5. The command provides no feedback except the lack of an error. Type the following toverify the OU was created:Get-ADOrganizationalUnit -Filter *6. You should see the output in Figure 3 below.Figure 3 – Output from the Get-ADOrganizationalUnit command7. Note the DistinguishedName property; this indicates the location of the object withinAD. When the location is not specified using the path parameter then the object will beplaced at the root of the domain.8. To create an organizational unit using the path parameter type the following:New-ADOrganizationalUnit -Name Greenville -Path “OU=SC,DC=Corp,DC=net”9. This creates an OU named Greenville in the SC OU.Figure 2 – Corp.net OU StructureUNIT 4 LAB INSTRUCTIONS: ADMINISTERING ACTIVE DIRECTORY WITH POWERSHELL10. To create the Users and Workstations OUs in the Greenville OU type the following:“Users”, “Workstations” | % New-ADOrganizationalUnit -Name $_ -Path“OU=Greenville,OU=SC,DC=Corp,DC=net”11. The % symbol is an alias for the Foreach-Object cmdlet.12. Verify that all the OUs have been created using the following command:Get-ADOrganizationalUnit -Filter * | Format-Table Name,DistinguishedName13. You should see the output shown in Figure 4 below.Figure 4 – Verifying OU creation14. Create the remaining OUs shown in Figure 2.CREATING USERSYour supervisor (Mr. Azevedo) has requested you to create an account in your domain for himthat has administrative rights.Use the following procedure to create a user account using PowerShell:1. On the DC1 virtual machine logon as corpadministrator2. Open PowerShell with administrative rights.3. Type the following to import the Active Directory commands (this is not necessary onWindows Server 2012 R2 and later).Import-Module ActiveDirectory4. Create a new user with the following settings:a. First name: Kevinb. Initials: Dc. Last name: Azevedod. Full name: Kevin Azevedoe. User logon name: kazevedo@corp.netf. User logon name (pre-Windows200): kazevedog. Display Name: Kevin Azevh. Name: Kevin Azevedoi. Location: Users OU in the Greenville OUUNIT 4 LAB INSTRUCTIONS: ADMINISTERING ACTIVE DIRECTORY WITH POWERSHELL5. Before we can create the user, we must create a password that is a secure string andassign it to a variable. To do this type the following:$passwd = ConvertTo-SecureString -AsPlainText “Password1” -Force6. Our password is now a secure string in the $passwd variable.7. Type the following command to create this user:New-ADUser –Name “Kevin Azevedo” –GivenName Kevin –Surname Azevedo –UserPrincipalName kazevedo@corp.net –SamAccountName kazevedo –DisplayName“Kevin Azevedo” -Path “OU=Users,OU=Greenville,OU=SC,DC=corp,DC=net” –AccountPassword $passwd -Enabled $True8. Verify the user was created by typing the following command in PowerShell:Get-ADUser kazevedoUse the following procedure to give the user administrative rights to your domain:9. Type the following command in PowerShellAdd-ADGroupMember –identity “Domain Admins” –members kazevedo10. Verify the user was added to the Domain Admins group by typing the followingcommand:Get-ADGroupMember –identity “Domain Admins”11. Create the following users in the Users OU in Columbia using the procedure above; donot give them Domain Admin rights.
FirstName
Last Name
Full Name
Logon Name
Logon Name(Pre-W2K)
Password
Grant
Stoome
Grant Stoome
gstoome@corp.net
gstoome
Password1
Hiram
Cheap
Hiram Cheap
hcheap@corp.net
hcheap
Password1
Hugh
Jasse
Hugh Jasse
hjasse@corp.net
hjasse
Password1
Ivana
Tinkle
Ivana Tinkle
itinkle@corp.net
itinkle
Password1
Jerry
Atric
Jerry Atric
jatric@corp.net
jatric
Password1
Table 1- Corp.net Columbia UsersCREATING GROUPSIn order to control access to network resources efficiently and effectively, groups are necessary.When assigning access to resources security groups are required. To ensure that excessivegroup creation is not required, you need to know when to create groups with a specific scope.UNIT 4 LAB INSTRUCTIONS: ADMINISTERING ACTIVE DIRECTORY WITH POWERSHELLGroups are generally created for each department, location, and the entire organization. In thisstep, we will create a group for SC, each city in the SC OU and the entire organization.To create a Global Security group to represent the Greenville location within the Greenville OU,perform the following:1. Logon to the DC1 virtual machine with and administrative account.2. Open a PowerShell session with admin rights.3. Type the following in PowerShell:New-ADGroup -Name Greenville -Path “OU=Greenville,OU=SC,DC=Corp,DC=Net” –GroupCategory Security -GroupScope Global4. To verify the group was created type the following in PowerShell:Get-ADGroup Greenville5. You should see the output in Figure 5 below.Figure 5 – Verifying Group creation6. Use the information above to create the groups in Table 2 below.
Group Name
Type
Scope
Location
Charlotte
Security
Global
Charlotte OU
Columbia
Security
Global
Columbia OU
SC
Security
Global
SC OU
Table 2 – Corp.net groupsADDING MEMBERS TO GROUPSOnce you have created groups you will want to add members to these groups.To add the user kazevedo to the Greenville group, perform the following:1. In a PowerShell session, type the following:Add-ADGroupMember -Identity Greenville -Members kazevedoUNIT 4 LAB INSTRUCTIONS: ADMINISTERING ACTIVE DIRECTORY WITH POWERSHELL2. Type the following to verify the user was added:Get-ADGroupMember -Identity Greenville3. You should see the output in Figure 6 below.Figure 6 – Verifying the addition of a user to a group4. Add the following members to the associated groups shown in Table 3 below. Note, youcan add multiple members to a group with a single command.
Group
Members
SC
Greenville, Charlotte, Columbia
Columbia
All the users in the Users OU in Columbia
Table 3 – Group MembershipQUERYING ACTIVE DIRECTORYOnce users, groups, and computers have been provisioned, they still need to be maintained. Itis often helpful to manage multiple users simultaneously. For example, you may need to resetthe password of users at a specific location because you think they may have beencompromised or you may need to install software on all of the Windows 7 computers in yourdomain. At these times, it is helpful to be able to query Active Directory for the specific users orcomputers and then pipe the output to a command to perform the required task. PowerShellhas several commands that can be used to query for objects in Active Directory.QUERYING FOR AD OBJECTSTo perform the tasks in this section you need a PowerShell session with access to the ActiveDirectory module.1. To list all the users in the domain type the following:Get-ADUser -Filter *UNIT 4 LAB INSTRUCTIONS: ADMINISTERING ACTIVE DIRECTORY WITH POWERSHELL2. You should see the output shown in Figure 7 below.Figure 7 – Partial output of search3. You can tell your search to start in a particular location using the SearchBase parameter.4. To list all of the users in the SC OU and below type the following:Get-ADUser -Filter * -SearchBase “OU=SC,DC=Corp,DC=net”UNIT 4 LAB INSTRUCTIONS: ADMINISTERING ACTIVE DIRECTORY WITH POWERSHELL5. You should see the output shown in Figure 8 below.Figure 8 – Partial output of user search6. You can specify that the search limits the results to only the OU and not descend intochild OUs.7. To list the users in the SC OU only type the following (you can use 1 or the keywordOneLevel):Get-ADUser -Filter * -SearchBase “OU=SC,DC=Corp,DC=net” -SearchScope 18. The default value for SearchScope is 2 or subtree which will search the OU and all OUsbelow it. SearchScope 0 or Base can be used to test if an object exists.9. You can also use the Filter parameter to filter the output based on the value of a userproperty.10. To find all users that have logon names (samaccountname property) that start with theletter “h”, type the following:Get-ADUser -Filter “samaccountname -Like ‘h*’”UNIT 4 LAB INSTRUCTIONS: ADMINISTERING ACTIVE DIRECTORY WITH POWERSHELL11. You should see the output in Figure 9 below.Figure 9 – Users whose logon name starts with ‘h’12. To list the users whose first name (givenname property) is Ivana, type the following:Get-ADUser -Filter “givenname -EQ ‘Ivana’”13. You should see the output in Figure 10 below.14. You can use the techniques with the following commands to find other objects:a. Get-ADGroup search for groupsb. Get-ADOrganizationalUnit search for organizational unitsc. Get-ADComputer search for computer accountsd. Get-ADObject search for other AD objects
[Button id=”1″]
Quality and affordable writing services. Our papers are written to meet your needs, in a personalized manner. You can order essays, annotated bibliography, discussion, research papers, reaction paper, article critique, coursework, projects, case study, term papers, movie review, research proposal, capstone project, speech/presentation, book report/review, and more.
Need Help? Click On The Order Now Button For Help
What Students Are Saying About Us
.......... Customer ID: 12*** | Rating: ⭐⭐⭐⭐⭐"Honestly, I was afraid to send my paper to you, but splendidwritings.com proved they are a trustworthy service. My essay was done in less than a day, and I received a brilliant piece. I didn’t even believe it was my essay at first 🙂 Great job, thank you!"
.......... Customer ID: 14***| Rating: ⭐⭐⭐⭐⭐
"The company has some nice prices and good content. I ordered a term paper here and got a very good one. I'll keep ordering from this website."
