After some research and reading various websites about how to control Active Directory with Powershell, I finally found what I needed. A lot of articles about this topic immediately start using all kinds of cmdlets developed by several parties, especially the one by Quest. But I wanted to do this stuff without needing any extra libraries/cmdlets. The script shown in this article does a search in the Active Directory for a user object given the SAM account name. It then shows some of the attributes of that user. The third part of the script changes some of the attributes and writes the changes back to Active Directory. And finally it moves the object to a new Organisational Unit (OU). All this with native Powershell.

Summary of techniques applied in the Powershell script:

• search Active Directory objects
• show Active Directory object attributes
• update Active Directory object attributes
• move an Active Directory object to a specified Organisational Unit (OU)
• set the ‘user must change password at next logon’ flag
• set a password on a Active Directory user object

vclear the ‘disabled user account’ flag

• set the terminal services profile path (Changing the Terminal Server profile path requires the powershell script to run on a server because the call requires some DLLs that are only installed on servers)

Disclaimer: The powershell scripts shown in this article have only been tested on Windows Server 2008 and Windows Vista.

function searchUserSam($userID)
{
$root = [ADSI]”
$searcher = new-object System.DirectoryServices.DirectorySearcher($root)
$searcher.filter = "(&(objectClass=user)(sAMAccountName= $userID))"
$object = $searcher.findall()
if ($object.count -eq 0) {
return 0
} else {
return $object[0]
}
}

$Name = $args[0]
$objUser = searchUserSam $Name
([string]($objUser.Properties.adspath))
$userObject = [ADSI]([string]($objUser.Properties.adspath))

#show the current user values
"name:"+$userObject.name
"samaccountname:"+$userObject.samaccountname
"extensionattribute8:"+$userObject.extensionattribute8
"userPrincipalName:"+$userObject.userprincipalname
"cn:"+$userObject.cn
"useraccountcontrol:"+$userObject.useraccountcontrol
"profilePath:"+$userObject.profilepath
"scriptPath:"+$userObject.scriptpath
# This terminal server specific InvokeGet method only works on Server 2008, not on Vista!
"terminalservicesprofilepath:"+$userObject.PSBase.InvokeGet(‘terminalservicesprofilepath’)

# set userPrincipalName to X account and add the ‘@foo.bar’ extension
$userObject.userprincipalname = ($userID + "@foor.bar")

# clear the ‘disabled user account’ flag
$userObject.psbase.InvokeSet(‘accountdisabled’,$true)

# set the profile path
$userObject.profilepath = "\\"+$domainFQDN+"\data\"+$environment+"\Users\"+$UserID+"\Profiles\Desktop"

# set the terminal services profile path
$userObject.PSBase.InvokeSet(‘terminalservicesprofilepath’, "\\"+$domainFQDN+"\data\"+$environment+"\Users\"+$UserID+"\Profiles\%FarmName%")

# set the login script
$userObject.scriptPath = "Login.cmd"

# set a new password for the account
$userObject.psbase.Invoke("SetPassword", "Whatever1")

# set the ‘user must change password at next logon’ flag
$userObject.pwdLastSet = 0

# write all updates to the user object in Active Directory
$userObject.setinfo()

# Move the user object to the ‘Standard Users’ OU
$userObject.PSBase.MoveTo("LDAP://OU=Business Users,OU=Production,DC=foo,DC=bar")

Jeff Alexander is perfecting the art of screencasting and his latest adventure with Windows PowerShell is certainly well worth watching. He stole my intro but it’s all good matey. I think in return he needs to tell us where he snagged that cool spinning globe on his desktop.

So what is PowerShell you ask?

I would imagine a lot of you have at least heard of PowerShell. If you aren’t a developer you’ve probably steered clear of it simply because it looks like complex code. Fear not, it isn’t that complex. Here’s the description from microsoft.com:

Microsoft Windows PowerShell command line shell and scripting language helps IT professionals achieve greater control and productivity. Using a new admin-focused scripting language, more than 130 standard command line tools, and consistent syntax and utilities, Windows PowerShell allows IT professionals to more easily control system administration and accelerate automation. Windows PowerShell is easy to adopt, learn, and use, because it works with your existing IT infrastructure and existing script investments, and because it runs on Windows XP, Windows Vista, and Windows Server 2003. Windows PowerShell is now included as part of Windows Server 2008. Exchange Server 2007, System Center Operations Manager 2007, System Center Data Protection Manager V2, and System Center Virtual Machine Manager also leverage Windows PowerShell to improve administrator control, efficiency, and productivity.

Here’s the 20 minute screencast video Jeff created. Jeff demonstrates some really cool tools so stick with him through the entire video. Double click the small window below while playing and it will go full screen. If you want to download the video and watch it offline, right mouse click this link and SAVE AS to your local disk.

For more information on PowerShell, see the website at http://www.microsoft.com/windowsserver2003/technologies/management/powershell/default.mspx.

See the TechNet Script Center at http://www.microsoft.com/technet/scriptcenter/hubs/msh.mspx.

Get PowerShell version 2 (CTP) @ http://www.microsoft.com/downloads/details.aspx?FamilyId=7C8051C2-9BFC-4C81-859D-0864979FA403&displaylang=en.

Original Post Here:
http://blogs.technet.com/keithcombs/archive/2008/07/22/windows-powershell-excellent-screencast-now-available.aspx

Thay have just posted the newest release of PowerGUI – version 1.5.1 – to the web. As you might guess, it got better, with most of the bugs thay got reported on the community forums fixed , and most feature requests implemented.

A more complete version of what’s new can be found on our version history page .

Both components got:

• VMware Infrastructure Client integration
• Support for roaming profiles, as well as Citrix/TS deployments
• Easier UI localization switch right from the GUI
• STA mode support

The highlights for the IDE include:

• Online search for PowerShell scripts
• Support for multiple runspaces
• Intellisense now supporting NoteProperties, env:, and function drive
• Support for signed scripts

Admin console got a lot of improvements for making your powerpacks easier to create and use:

• Ability to select which parameters get prompted
• Support for $host.ui.prompt and $host.ui.promptforchoice so you can easily create dialog boxes of your own
• Updated default PowerPacks
• Column selection now associated with data type and thus consistent and working for dynamic nodes

Again, the what’s new page has some details and we are out there at the forums waiting for your feedback.

Go ahead and download the latest build ! (Or wait another week or so till we turn the automated upgrade)

Try the Script Center Script Repository;

The Script Repository categorizes sample scripts designed to run on Windows 2000, Windows XP, and Windows Server 2003.

Most of the scripts on this this page were written using VBScript.
New to scripting at all? Take a look at the Getting Started page to learn more about how these scripts work and how to write your own scripts.

Ed Wilson has created a Scriptomatic PowerShell Version, which you can download here.

This Scriptomatic writes Windows PowerShell scripts that harness the power of WMI (Windows Instrumentation Management) for use in system management and administration.

It really has some nice features, like output options. Check it out!