Deploying and Managing AD with
Get-CimInstance -ClassName Win32_Product | Get-Random -Count 3 |fl
Obtaining a List of Installed Applications:
Get-CimInstance -ClassName Win32_Product |fl
Deploying and Managing Active Directory with Windows PowerShell
Chapter 1. Deploy your first forest and domain
Get-NetAdapter
Get-Member
Set-NetIPAddress
New-NetIPAddress
Set-DnsClientServerAddress
Get-NetIPAddress
Rename-Computer
Install-WindowsFeature
Get-Command
Format-Table
Update-Help
ConvertTo-SecureString
Get-NetAdapter | Get-Member
Set-NetIPInterface -InterfaceAlias "10 Network" -DHCP Disabled -PassThru
New-NetIPAddress `
-AddressFamily IPv4 `
-InterfaceAlias "10 Network" `
-IPAddress 192.168.10.2 `
-PrefixLength 24 `
-DefaultGateway 192.168.10.1
New-NetIPAddress `
-AddressFamily IPv6 `
-InterfaceAlias "10 Network" `
-IPAddress 2001:db8:0:10::2 `
-PrefixLength 64 `
-DefaultGateway 2001:db8:0:10::1
Set-DnsClientServerAddress `
-InterfaceAlias "10 Network" `
-ServerAddresses 192.168.10.2,2001:db8:0:10::2
Get-NetIPAddress -InterfaceAlias "10 Network"
Rename-Computer -NewName dc01 -Restart -Force -PassThru
Install Active Directory Domain Services
Install-WindowsFeature -Name AD-Domain-Services -IncludeManagementTools
Get-Command -Module ADDSDeployment | Format-Table Name
Name
----
Add-ADDSReadOnlyDomainControllerAccount
Install-ADDSDomain
Install-ADDSDomainController
Install-ADDSForest
Test-ADDSDomainControllerInstallation
Test-ADDSDomainControllerUninstallation
Test-ADDSDomainInstallation
Test-ADDSForestInstallation
Test-ADDSReadOnlyDomainControllerAccountCreation
Uninstall-ADDSDomainController
Update-Help -SourcePath \\dc02\PSHelp
Save-Help -DestinationPath \\dc02\PSHelp -force
Import-Module ADDSDeployment
Test-ADDSForestInstallation `
-DomainName 'afd.ink' `
-DomainNetBiosName 'afd' `
-DomainMode 6 `
-ForestMode 6 `
-NoDnsOnNetwork `
-NoRebootOnCompletion
Deploy the first domain controller and forest
Install-ADDSForest `
-DomainName 'afd.ink' `
-DomainNetBiosName 'afd' `
-DomainMode 4 `
-ForestMode 4 `
-NoDnsOnNetwork `
-SkipPreChecks `
-Force
a fuller list of the options for Install-ADDSForest:
Chapter 2. Manage DNS and DHCP
Add-DnsServerPrimaryZone
Add-DnsServerSecondaryZone
Get-DnsServerZone
Export-DnsServerZone
Set-DnsServerPrimaryZone
Set-DnsServerSecondaryZone
Add-DnsServerStubZone
Set-DnsServerStubZone
Add-DnsServerConditionalForwarderZone
Add-DnsServerZoneDelegation
Set-DnsServerZoneDelegation
Add-DnsServerResourceRecord
Add-DnsServerResourceRecordA
Add-DnsServerResourceRecordAAAA
Add-DnsServerResourceRecordCName
Add-DnsServerResourceRecordDnsKey
Add-DnsServerResourceRecordDS
Add-DnsServerResourceRecordMX
Add-DnsServerResourceRecordPtr
Get-DnsServerResourceRecord
Set-DnsServerResourceRecord
Set-DnsServerScavenging
Start-DnsServerScavenging
Get-DnsServerScavenging
Add-DhcpServerInDC
Add-DhcpServerv4Scope
Add-DhcpServerv4ExclusionRange
Set-DhcpServerv4OptionValue
Add-DhcpServerv6Scope
Add-DhcpServerv6ExclusionRange
Set-DhcpServerv6OptionValue
Create new primary zones
Add-DnsServerPrimaryZone -Name 'nipit.cn' `
-ComputerName 'dc01.afd.ink' `
-ReplicationScope 'Domain' `
-DynamicUpdate 'Secure' `
-PassThru
Creating a reverse lookup zone
Add-DnsServerPrimaryZone -NetworkID 172.16.8.0/24 `
-ReplicationScope 'Forest' `
-DynamicUpdate 'NonsecureAndSecure' `
-PassThru
Add-DnsServerPrimaryZone -NetworkID 2001:db8:0:10::/64 `
-ReplicationScope 'Forest' `
-DynamicUpdate 'Secure' `
-PassThru
Creating file-based zones uses the -ZoneFile parameter
Add-DnsServerPrimaryZone -Name 'nipict.com' `
-ZoneFile 'nipict.com.dns' `
-DynamicUpdate 'None'
Change the settings of a primary zone
Set-DnsServerPrimaryZone
Set-DnsServerPrimaryZone -Name 'nipict.com' `
-Notify 'NotifyServers' `
-NotifyServers "192.168.10.201","192.168.10.202" `
-PassThru
Get-DnsServerZone -Name 'nipict.com' | Format-List
Export a primary zone
Export-DnsServerZone -Name '0.1.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa' `
-Filename '0.1.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.dns'
The file is saved in the %windir%\system32\dns
Create secondary zones
Secondary DNS zones are primarily used for providing distributed DNS resolution when you are using traditional file-based DNS zones. Secondary DNS zones are used for both forward lookup and reverse lookup zones. The DnsServerSecondaryZone set of cmdlets is used to deploy and manage secondary DNS zones.
A secondary DNS zone is a read-only zone and depends on transferring the data for the zone from another DNS server. That other server must be configured to allow zone transfers.
Add-DnsServerSecondaryZone -Name 0.1.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa `
-ZoneFile "0.1.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.dns" `
-LoadExisting `
-MasterServers 192.168.10.2,2001:db8:0:10::2 `
-PassThru
Set-DnsServerSecondaryZone -Name 0.1.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa `
-MasterServers 192.168.10.3,2001:db8:0:10::3 `
-PassThru
Set-DnsServerPrimaryZone -Name 'nipit.cn' `
-SecureSecondaries TransferToZoneNameServer `
-PassThru
Add-DnsServerStubZone -Name nipict.com `
-MasterServers 192.168.10.4 `
-ReplicationScope Domain `
-PassThru
Set-DnsServerStubZone -Name nipict.com `
-LocalMasters 192.168.10.201,192.168.10.202 `
-PassThru
Configure conditional forwards
Add-DnsServerConditionalForwarderZone -Name nipict.com`
-MasterServers 192.168.10.2,2001:db8::10:2 `
-ForwarderTimeout 5 `
-ReplicationScope "Forest" `
-Recursion $False `
-PassThru
Set-DnsServerConditionalForwarderZone -Name nipict.com `
-MasterServers 192.168.10.3,2001:db8::10:3 `
-PassThru
To remove a conditional forward, use the Remove-DnsServerZone
Manage zone delegation
Add-DnsServerZoneDelegation -Name nipict.com `
-ChildZoneName Engineering `
-IPAddress 192.168.10.12,2001:db8:0:10::c `
-NameServer dc01.afd.ink`
-PassThru
Set-DnsServerZoneDelegation -Name nipict.com `
-ChildZoneName Engineering `
-IPAddress 192.168.10.13,2001:db8:0:10::d `
-NameServer dc02.afd.ink`
-PassThru
Manage DNS records
Get-Help Add-DnsServerResourceRecord* | ft -auto Name,Synopsis
Name Synopsis
---- --------
Add-DnsServerResourceRecord Adds a resource record of a specified type to...
Add-DnsServerResourceRecordA Adds a type A resource record to a DNS zone.
Add-DnsServerResourceRecordAAAA Adds a type AAAA resource record to a DNS server.
Add-DnsServerResourceRecordCName Adds a type CNAME resource record to a DNS zone.
Add-DnsServerResourceRecordDnsKey Adds a type DNSKEY resource record to a DNS zone.
Add-DnsServerResourceRecordDS Adds a type DS resource record to a DNS zone.
Add-DnsServerResourceRecordMX Adds an MX resource record to a DNS server.
Add-DnsServerResourceRecordPtr Adds a type PTR resource record to a DNS server.
Add-DnsServerResourceRecord -ZoneName "afd.ink" `
-A `
-Name wds-11 `
-IPv4Address 192.168.10.11 `
-CreatePtr `
-PassThru
Add-DnsServerResourceRecordA -ZoneName "afd.ink" `
-Name wds-11 `
-IPv4Address 192.168.10.11 `
-CreatePtr `
-PassThru
Add-DnsServerResourceRecord -ZoneName "afd.ink" `
-AAAA `
-Name wds-11 `
-IPv6Address 2001:db8:0:10::b `
-CreatePtr `
-PassThru
Add-DnsServerResourceRecord -ZoneName "afd.ink" `
-CName `
-Name wds `
-HostNameAlias wds-11.afd.ink `
-PassThru
Add-DnsServerResourceRecord -ZoneName "afd.ink" `
-Name "." `
-MX `
-MailExchange mail.afd.ink`
-Preference 10
Add-DnsServerResourceRecord -ZoneName "afd.ink" `
-Name "." `
-MX `
-MailExchange mail2.afd.ink`
-Preference 20
Add-DnsServerResourceRecord Parameters for SRV records:
Add-DnsServerResourceRecord -ZoneName "afd.ink" `
-Name _nntp._tcp `
-SRV `
-DomainName "edge-1.afd.ink" `
-Port 119 `
-Priority 0 `
-Weight 0 `
-PassThru
HostName RecordType Timestamp TimeToLive RecordData
-------- ---------- --------- ---------- ----------
_nntp._tcp SRV 0 01:00:00 [0][0][119][edge-1.afd.ink.]
Configure zone scavenging and aging (配置区域清理和老化)
Set-DnsServerScavenging -ScavengingState:$True `
-ScavengingInterval 4:00:00:00 `
-RefreshInterval 3:00:00:00 `
-NoRefreshInterval 0 `
-ApplyOnAllZones `
-PassThru
Get-DnsServerScavenging
Start-DnsServerScavenging
Deploy DHCP
Install-WindowsFeature -ComputerName dc01 `
-Name DHCP `
-IncludeAllSubFeature `
-IncludeManagementTools
Add-DhcpServerInDC -DnsName 'dc01.afd.ink' -PassThru
Add-DhcpServerv4Scope -Name "afd-dhcp" `
-ComputerName "dc01" `
-Description "Default IPv4 Scope for afd.ink" `
-StartRange "172.16.8.100" `
-EndRange "172.16.8.200" `
-SubNetMask "255.255.255.0" `
-State Active `
-Type DHCP `
-PassThru
Add-DhcpServerv4ExclusionRange -ScopeID "172.16.8.0" `
-ComputerName "dc01" `
-StartRange "172.16.8.100" `
-EndRange "172.16.8.120" `
-PassThru
Set-DhcpServerv4OptionValue -ScopeID 172.16.8.0 `
-ComputerName "dc01" `
-DnsDomain "afd.ink" `
-DnsServer "172.16.8.10" `
-Router "172.16.8.1" `
-PassThru
Add-DhcpServerv6Scope -Name "afd-IPv6-Default" `
-ComputerName "dc01" `
-Description "Default IPv6 Scope for afd.ink" `
-Prefix 2001:db8:0:10:: `
-State Active `
-PassThru
Add-DhcpServerv6ExclusionRange -ComputerName dc01 `
-Prefix 2001:db8:0:10:: `
-StartRange 2001:db8:0:10::1 `
-EndRange 2001:db8:0:10::20 `
-PassThru
Set-DhcpServerv6OptionValue -Prefix 2001:db8:0:10:: `
-ComputerName "dc01" `
-DnsServer 2001:db8:0:10::1 `
-DomainSearchList "afd.ink" `
-PassThru
Chapter 3. Create and manage users and groups
ADUser
ADGroup
ADGroupMember
ADAccountPassword
ADPrincipalGroupMembership
ADObject
ADComputer
Import-CSV
ConvertTo-SecureString
Get-Command
Test-Path
Read-Host
Write-Host
Create users
New-ADUser
Get-ADUser -Identity Administrator
$SecurePW = Read-Host -Prompt "Enter a password" -asSecureString
New-ADUser -Name "gazh" `
-AccountPassword $SecurePW `
-SamAccountName 'gazh' `
-DisplayName 'gazh' `
-Enabled $True `
-PassThru `
-PasswordNeverExpires $True `
-UserPrincipalName 'gazh'
