Active Directory Services and PowerShell manageability
As you might be aware, every Microsoft server product has the requirement to be manageable through PowerShell and System Center. The PowerShell requirement is formulated as part of the Common Engineering Criteria (CEC).
With PowerShell available as a version 3 product (and part of Windows Server 2012) it’s time to see how the teams, responsible for the Active Directory products have built their management stories around PowerShell.
Active Directory Domain Services
The Active Directory Domain Services, that we love and loath as the core of our networking infrastructure on our Domain Controllers is manageable through PowerShell scripting. To enjoy PowerShell support in Active Directory Domain Services, it is recommended to manage your Domain Controllers from Windows Server 2012 or from a Windows 8 installation with the Remote Server Administration Tools (RSAT) for Active Directory installed. This way you can enjoy the 135 Active Directory Domain Services management-related PowerShell Cmdlets and 9 Active Directory Domain Services deployment-related PowerShell Cmdlets.
The Active Directory Domain Services team even went a few steps further and incorporated the PowerShell History viewer into the Active Directory Administrative Center (dsac.exe), that helps you discover the PowerShell magic that happens under the hood.
A couple of exceptions still exist, that make it impossible to manage Active Directory Domain Services from the PowerShell prompt completely. Tools like ntdsutil.exe, dsamain.exe, redirusr.exe and redircmp.exe come to mind, almost immediately. On the other end of the spectrum, several other functions in Active Directory Domain Services are only easily manageable with PowerShell. MSAs come to mind, quite to my own surprise...
Active Directory Lightweight Domain Services
The Active Directory Lightweight Domain Services offer specialized Domain Services, targeted at applications and perimeter networks. Their charm is you can manage the Lightweight Directory Services (mostly) with the same tools as you can manage the Directory Services in PowerShell (as long as you install the AD LDS Display Specifiers schema and Display Specifiers by importing MS-ADLDS-DisplaySpecifiers.ldf.).
Alas, the PowerShell learning ability, offered by the Active Directory Administrative Center (dsac.exe), is not available for Active Directory Lightweight Directory Services, since this management tool can not be directed to a Lightweight Directory Services installation.
Since most tools are exchangeable between Lightweight Directory Services and Directory Services, roughly the same exceptions for full PowerShell manageability exist.
Active Directory Certificate Services
Active Directory Certificate Services enable you to run Certification Authorities on Windows Servers. For Windows Server 2012, the team behind Active Directory Certificate Services has developed twelve PowerShell Cmdlets to deploy Certificate Services. Also an additional nine PowerShell Cmdlets were specifically created to manage certificates, but you can also manage these by mounting the Certificate Store as a PowerShell drive, if need be.
In versions of Windows Server earlier than Windows Server 2012, no built-in PowerShell Cmdlets were available to manage Active Directory Certificate Services, but you could rely on certutil.exe to script through them.
Active Directory Federation Services
As was the case with Active Directory Federation Services 2.0, which was a separately downloadable installation, Active Directory Federation Services 2.1, that comes bundled with Windows Server 2012, can be managed through PowerShell. A total of 48 Active Directory Federation Services-related PowerShell Cmdlets are available on Windows Server 2012, covering both deployment and management.
Active Directory Rights Management Services
As you might expect, the Active Directory Rights Management Services in Windows Server 2008 R2 and Windows Server 2012 are also PowerShell-enabled. Three straightforward Rights Management Services deployment-focused PowerShell Cmdlets (appropriately named Install-ADRMS, Uninstall-ADRMS and Update-ADRMS) and 21 Rights Management Services administration-focused PowerShell Cmdlets are at your disposal.
New features in AD DS in Windows Server 2012, Part 4: New PowerShell Cmdlets
New features in AD DS in Windows Server 2012, Part 5: PowerShell History Viewer
Managing Active Directory with Windows PowerShell
Active Directory Cmdlets for Windows Server 2008 R2
AD FS 2.0 Cmdlets for Windows Server 2008 R2
AD RMS Cmdlets for Windows Server 2008 R2
AD CS Administration Cmdlets in Windows Server 2012
AD CS Deployment Cmdlets in Windows Server 2012
AD DS Administration Cmdlets in Windows Server 2012
AD DS Deployment Cmdlet in Windows Server 2012
AD FS Cmdlets in Windows Server 2012
AD RMS Administration Cmdlets in Windows Server 2012
AD RMS Deployment Cmdlets in Windows Server 2012