So you’re staring at that Server 2008R2 core Box as a DC.  You’ve got Powershell and all those wonderful AD Modules.

“Didn’t this guy say you could manage AD on a Core R2 box WITHOUT the GUI?”

Yes I did.

If you ran that last command after doing an “IMPORT-MODULE ActiveDirectory” you saw a rather LARGE pile of Available Commandlets.

You know, THIS Commandlet

GET-COMMAND –module ActiveDirectory

So AFTER you picked your eyeballs off the ground (ala Wile E Coyote) you DID have to take a look.

Well I’ll show you a few I use daily.   Ever have a use screaming on the phone how they LOCKED themselves out by mistyping their password?  It’s absolutely NOT their fault?  No they DIDN’T have anything to Drink at lunch?

Easy fix.


How about a whole division of users forever locking themselves out?

UNLOCK-ADACCOUNT –filter ‘Title –eq “Coop Student”’

Need to quickly disable a user?


Hey, did you say you needed to move Peter from the Seattle Office OU to Montreal OU? Noooo Problem!

Move-ADObject -Identity "CN=Peter PumpkinEater,OU=Seattle,OU=Offices,DC=Contoso,DC
=local" -TargetPath "OU=Montreal,OU=Offices,DC=Contos,DC=local"

As well you can Create users in AD with NEW-ADUSER, Check members of groups, and even Change the Domain Functional level.  All with simple CommandLets.

These are not only interactive Commands, these are tools you can use to build Scripts to automate your user deployments.  This is a box that can be dropped to as low a 64 MEGABYTES for your Domain controller.   Enterprise environments I wouldn’t recommend doing this, but how about a Small Business?

Have I wet your appetite?  Are you drooling on your Core R2 box?


Hold on folks, the ride is about to get a lot more exciting.  

The Power of Shell is in YOU

The Energized Tech