PowerShell if you haven’t been exposed to it yet is an Awesome tool. Now for someone who’s as infrastructure focused as I am say a statement like that means a lot. I tried to teach myself VB 6 back in the day and almost put a gun in my mouth. I just don’t have the “Code Monkey” mentality. There are those of you out there that can just bang out lines of script or code and not even bat an eye over it. For me, it’s pulling teeth.
This is where PowerShell really stands out. It’s the best of both worlds. You have extreme reach into the OS and configuration via WMI and .NET extensions if you need it. YET, it’s very straight forward and actually pretty easy to read once your used to it. I will be covering some basic nuggets of PowerShell components as this blog evolves to aid you in some common management tasks.
Let’s look at our first example.
I’m an AD administrator and would like to use PowerShell to create new user accounts.
Now this seems pretty basic right? Heck, PowerShell 2.0 even gives you an entire module (built in on WS2008 once the role is installed, or as part of the RSAT suite. For win7 SP1 HERE) just focused on AD administration through powershell. For a list of all the cmdlets available in the module, click on the TechNet logo to be brought to the page..
So given this scenario the Cmdlet you would need is the New-ADUser Cmdlet. Now almost every Cmdlet you can run in the shell or the ISE you can pass “Parameters” too. Think of parameters like switches you can send to DOS commands. The one this bugget is concerned with is the –AccountPassword parameter. Now the interesting thing about this parameter is that it’s NOT required! Well Chad, when I am in ADUC I HAVE to enter in a password during the wizard. Well this method it’s not. Now if you omit this parameter, or mess it up, the account is still created. The exception is that the account cannot be enabled.
enough about all of this, let’s get to the goods.
NewADUser –Name “Chad Solarz” –AccountPassword “Pa$$w0rd”
Now we’ve only added the ONLY required parameter –Name. This syntax listed above will NOT work. Why? well the string of text we’ve used for the –AccountPassword parameter needs to be scrambled and not readable. It would be pretty unsecure if we had passwords all over the place in the code!There are many ways to do this. let’s discuss two of the most likely.
First is using the Read-Host cmdlet embedded into the syntax. The Read-Host cmdlet prompts the person running the syntax to be asked for the string to use for the password. Let’s see how this is added in..
NewADUser –Name “Chad Solarz” -AccountPassword (Read-Host -AsSecureString "AccountPassword")
Now you see the parenthesis being used. Like in math, those are always evaluated first. So the user of the script is asked for the password that needs to be used, then it stores it as a secured string value which can then be passed into the –AccountPassword parameter.
Another way is to “define” or assign the value of a Variable and then use that to be passed into the New-ADUser cmdlet.
$Password = Read-Host –AsSecureString
NewADUser –Name “Chad Solarz” –AccountPassword $Password
The Advantage to using the variable is that it’s re-useable to any other cmdlet in the same script.
Good luck and happy PowerShelling!