|
Replies:
6
-
Pages:
1
-
Last Post:
May 31, 2007 12:50 AM
by: Rostislav Prida...
|
|
|
Posts:
969
Registered:
8/9/06
|
|
|
|
Quest ActiveRoles Management Shell for AD (beta) 1.0.2
Posted:
May 17, 2007 3:52 AM
|
|
|
A new buildof the ManagementShell for AD is now available for download.
Installationprogram and user documentation can befound here: http://www.quest.com/2_0/registration.aspx?requestdefid=13255 OVERVIEW
TheActiveRoles Management Shell is implemented as a Windows PowerShell snap-in,providing an extension to the Windows PowerShell environment. Built onMicrosoft Windows PowerShell technology, the Management Shell for ActiveDirectory provides a command-line interface that enables automation ofdirectory data-related administrative tasks. With the ActiveRoles ManagementShell, administrators can manage directory objects such as users and groups.Thus, they can create new users and groups, modify user properties, and add orremove members from groups.
WHAT'S NEWIN THIS BUILD
The entirebuilds history document can be found here: http://www.powergui.org/entry.jspa?externalID=762&categoryID=46
This buildcontains the following major changes and improvements: - Newcmdlet Remove-QADObject to delete object or a tree of objects from AD Example: Remove-QADObject'company.com/UsersOU/Darren Cullimore' - You canspecify "-SizeLimit 0" to return all available objects with Get-QADUser,Get-QADGroup and Get-QADObject cmdlets. - FIX: Get-QADGroupMemberreturns only first 1000 members of a group - FIX:Management Shell can not be installed on Vistaand Longhorn Server.
|
Regards,
Andrei [Quest]
This posting is provided "AS IS" with no warranties, and confers no rights
|
|
Posts:
1
Registered:
5/22/07
|
|
|
|
Re: Quest ActiveRoles Management Shell for AD (beta) 1.0.2
Posted:
May 23, 2007 11:09 AM
in response to: Andrei Polevoi ...
|
|
|
I am having an issue with the get-qaduser cmdlet.
specifically, the 'LastName' value. when the cmdlet is run, it never returns a value for LastName, even though it is set in Active Directory.
Thanks,
Justin
|
|
|
Posts:
1,151
Registered:
12/1/06
|
|
|
|
Re: Quest ActiveRoles Management Shell for AD (beta) 1.0.2
Posted:
May 28, 2007 8:42 AM
in response to: jdainsworth
|
|
|
I think the reason for that is that LastName is so far not in the set of properties Get-QADUser returns:
PS C:\> Get-QADUser dsotniko | Get-Member -MemberType Property | Format-Table Name
Name
----
CanonicalName
City
Company
CreationDate
Department
Description
DirectoryEntry
DisplayName
DN
Email
Fax
FirstName
Guid
HomePhone
Initials
LogonName
Manager
MobilePhone
ModificationDate
Name
NetworkCredential
Notes
Office
Pager
ParentContainer
PhoneNumber
PostalCode
PostOfficeBox
Sid
StateOrProvince
StreetAddress
Title
Type
UserPrincipalName
WebPage
|
|
|
Posts:
25
Registered:
2/15/07
|
|
|
|
Re: Quest ActiveRoles Management Shell for AD (beta) 1.0.2
Posted:
May 29, 2007 12:07 AM
in response to: jdainsworth
|
|
|
Thanks for reporting this bug; it is fixed in 1.0.3 (which is not publicly available yet). Workaround for 1.0.2: get-qaduser | select Name, @{Name="Last Name"; Expression={$_.DirectoryEntry.sn}}
|
|
|
Posts:
3
Registered:
5/30/07
|
|
|
|
Re: Quest ActiveRoles Management Shell for AD (beta) 1.0.2
Posted:
May 30, 2007 11:58 AM
in response to: Rostislav Prida...
|
|
|
I just installed the ActiveRoles snapin for the first time today and the missing 'lastname' field was the first thing I noticed.  Glad to know it's fixed.
I do have a question. Why is DirectoryEntry exposed in addition to all the other named properties? I don't think I should complain but I found it a little confusing. Is there any documentation regarding the design/architecture of the cmdlets. I'm reading the manual but I'm having a little trouble putting everything into perspective given the PowerShell [ADSI] syntax, .NET System.DirectoryServices, and other community "stuff" available.
Anyway, thanks for what looks like a very useful set of cmdlets.
--Greg
|
|
|
Posts:
969
Registered:
8/9/06
|
|
|
|
Re: Quest ActiveRoles Management Shell for AD (beta) 1.0.2
Posted:
May 31, 2007 12:46 AM
in response to: gwojan
|
|
|
DirectoryEntry is exposed to provide a workaround for scenarios not covered yet with the out of the box functionality. For example, if you want to read some constructed attribute (like allowedAttributesEffective or ms-DS-User-Account-Control-Computed), you will need to use RefreshCache() method of the DirectoryEntry class.
In 1.0.3 we are going to re-design the library. You will have instant access to all attributes. There will be no unnecessary binds to AD. More scenarios will be supported out of the box.
At some time in the future, when the architecture will become stable, we will add some design overview section to the documentation.
Regards,
Andrei
|
Regards,
Andrei [Quest]
This posting is provided "AS IS" with no warranties, and confers no rights
|
|
Posts:
25
Registered:
2/15/07
|
|
|
|
Re: Quest ActiveRoles Management Shell for AD (beta) 1.0.2
Posted:
May 31, 2007 12:50 AM
in response to: gwojan
|
|
|
We're working hard to keep general users protected from LDAP, ADSI, DirectoryServices and other scary stuff. :) Ideally, users shouldn't have to use the DirectoryEntry property (and other underdocumented things), but we keep it available just in case. This allows us to publish commands that can bu used a temporary workarounds for a bug or when users require some functionality that is not exposed in a friendly way yet.
|
|
|
|
Legend
|
|
MVP: 2501
+
pts
|
|
Guru: 2001
- 2500
pts
|
|
Expert: 751
- 2000
pts
|
|
Enthusiast: 31
- 750
pts
|
|
Novice: 0
- 30
pts
|
|
Moderators
|
|
Helpful answer
(5 pts)
|
|
Answered
(10 pts)
|
|
