Manualshelf

Datasheet

ManualsBrandsWiley ManualsSoftware978-1-1180-2731-8
41424344454647484950
42 CHAPTER 1
USING POWERSHELL WITH ACTIVE DIRECTORY
userAccountControl Property System.DirectoryServices.PropertyValu...
uSNChanged Property System.DirectoryServices.PropertyValu...
uSNCreated Property System.DirectoryServices.PropertyValu...
whenChanged Property System.DirectoryServices.PropertyValu...
whenCreated Property System.DirectoryServices.PropertyValu...
You can work with any of those properties in PowerShell by referencing the object,
followed by a dot, followed by the property name. For example, if you want to view the
logon name of the user, run the following command in PowerShell and press Enter:
PS C:\> $user.samAccountName
Change Object Properties
A er you bind to the object, you have a copy of it in PowerShell. If you were to
change any of the properties, it would change your local copy. For example, if you
change the user’s  rst name to Charlie, the change is made on the PowerShell object
but not in Active Directory:
PS C:\> $user.givenName = “Charlie”
In order to make the change take e ect in Active Directory, you need to call the
CommitChanges
method. When you call this method, PowerShell commits
the changes that you made on its local copy of the object into Active Directory.  e
following command ensures that the user’s object is updated in Active Directory:
PS C:\> $user.CommitChanges()
e parentheses a er the method name indicate that you’re calling a method rather
than referencing a property. Properties only contain data that you can read or write,
but a method actually executes some code. Because you know that the user object is
being used in PowerShell as a
System.DirectoryServices.DirectoryEntry
object, you can see a listing of all the methods this object supports by looking at
Microso s documentation online:
http://msdn.microsoft.com/en-us/
library/system.directoryservices.directoryentry_methods.aspx
.
Create New Objects
As shown earlier, when you want to work with an object via ADSI, you  rst have to
bind to it. But what do you do if the object doesn’t exist yet? Consider the situation
where you want to create an object in Active Directory. In this case, you’ll need to
bind to the parent of the object that you creating. When creating a user, for example,
the parent will either be an organizational unit (OU) or a container. Assuming that
you’re creating a user in the
Users
container, you bind using the following command:
PS C:\> $container = [ADSI]”LDAP://cn=users,dc=contoso,dc=com”
c01.indd 42c01.indd 42 5/12/2011 1:07:55 PM5/12/2011 1:07:55 PM