Improve automation skills with the AD Administrative Center
You might know that you can use PowerShell to handle repetitive Active Directory tasks. But were you aware the Active Directory Administrative Center can help write the code?
The Active Directory Administrative Center is a powerful GUI tool for identity and access management. It also has the added benefit, as a PowerShell front end, to help write automation scripts.
Suppose you want to learn more about the PowerShell commands used to execute a common Active Directory task, such as creating user accounts. After completing this job in the Active Directory Administrative Center, you can review the PowerShell code this tool used to create the account and copy and modify the code, customizing it as you see fit.
How to use the PowerShell History viewer
First, open the Active Directory Administrative Center. The bottom-right corner of the Administrative Center interface shows the option for the PowerShell History Viewer. Click the arrow. The screen will split to show both the standard GUI interface and the history of PowerShell commands.
Next, browse to a test organizational unit (OU) or another location in Active Directory where you can create a few objects, such as users, groups or computers. The system records your actions, including the steps used to browse to different locations in Active Directory. You can toggle off the PowerShell History Viewer if it obstructs your view.
The PowerShell History Viewer interface features several helpful options, including searching for strings and defining tasks.
The Show All checkbox toggles the view. When checked, you will see all the PowerShell commands used to make changes in Active Directory, to find information and to navigate the directory service. When turned off, you will only see PowerShell commands used to modify objects.
How to search the PowerShell output
The PowerShell commands can stack up quickly in the interface. New PowerShell users might feel overwhelmed when the interface fills with a mix of cmdlets and parameters.
The Search option on the left side of the interface helps you find complete or partial cmdlets, or values, such as user or computer names.
How to copy one or more PowerShell commands
You can also copy the generated PowerShell commands by selecting text and using the Ctrl+C hotkey to copy then the Ctrl+V hotkey to paste into script editor, such as Visual Studio Code or the PowerShell Integrated Scripting Environment.
The PowerShell History Viewer includes a copy function when you select the text and right-click to select Copy and then paste into a scripting environment to create templates.
Manually clear the PowerShell History Viewer results with the Clear All option.
Use the task function to define specific actions
The PowerShell History Viewer can group a series of tasks that go together to perform a specific job. The Start Task and End Task selectors define the actions for certain tasks.
For example, use Start Task then execute the particular action, such as setting the account description values. Then use End Task to stop the recording process to record the sequence as a single action. You can use these tasks as the building blocks for daily tasks.
How to create a user
To learn how to use this PowerShell feature, let's create a template you can use to automate a standard task. This simple example will show what's possible with the PowerShell History Viewer, which might generate ideas for more advanced automation jobs.
Open the PowerShell History Viewer and clear any existing output. In a test OU, begin the process to create a new user. Fill in the name fields and descriptions, set a password, define a group membership, and set an account expiration.
Next, expand the PowerShell History Viewer. You can search for the username you configured to see the specific cmdlets involved with that value or read through the history to find the group membership you defined. Find and confirm the settings you configured in the GUI.
Find the cmdlets related to setting the account expiration. Select the fields and copy them. Next, open the PowerShell Integrated Scripting Engine. Paste the cmdlets from the History Viewer into the Integrated Scripting Engine's editing window. You can now modify this content as you see fit.
Learn how to take advantage of the PowerShell History Viewer
PowerShell knowledge is a critical part of Windows administration. However, it has a steep learning curve. By running through your tasks in the Active Directory Administrative Center daily and reviewing the generated PowerShell output, you can learn to identify the commands and the related parameters.
You can also use the PowerShell History Viewer in the following areas:
- Create new automation templates and scripts for common create and modify tasks.
- Identify frequent tasks that would be good candidates for automation.
- Document and archive common or sensitive tasks.