I really like the PowerShell for Active Directory, that you find in Windows Server 2008 and above. I cut my teeth on PowerShell with Microsoft Exchange Server 2007, and love the ability to script almost everything – even if the script is just a bunch of repeated commands against a list in Excel, that’s copied and pasted.
Recently, I’ve been looking for quicker and better ways to do things, and I’ve rediscovered Quest’s (Dell’s) ActiveRoles Management Shell.
This is a freely downloadable bunch of cmdlets for Active Directory PowerShell, that really enhance your queries, and help you get so much more from your servers.
For example, the following command will list all enabled user objects in your domain :
get-qaduser -includeallproperties -ldapfilter "(!(userAccountControl:1.2.840.113522.214.171.1243:=2))"
Sometimes I find that more relevant to me than finding disabled user objects, but it’s not as easy to do in the out of the box PowerShell.
Anyway, it’s free, it’s useful, and I think it’s a good addition to any AD manager’s toolkit…