Course Objectives
Why take this course? Several reasons:
- If you're administering an Active Directory, you probably have
more and more things to look after, and less and less time to do
it. The answer to the problem (other than just quitting
and going back to school to become a lawyer like your mother
told you to do) is automation: Useful custom reports that
get generated automatically and appear in your mailbox.
Short utilities that find problems in your AD and fix
them. Knowledge of a bag of automate-able tools so easy
to work with that you'll never say, "aw, heck, why try to
automate that -- I can get it done in 20 minutes of clicking"
again.
- If you haven't yet adopted an automation tool, it's probably
because your previous experience with automation tools is that
they are (ahem) all too often arcane, spottily-documented,
and feature steep learning curves. Mark Minasi, the
author of the two-decade-spanning Mastering
Windows Server series of books, knows that, as he's
been working with computer-based automation tools for a long
time. Mark believes that PowerShell is, however, an
exception, a tool that you can get familiar with in just one
day. Furthermore, after that one day, you can
use PowerShell to automate AD even if you're still running
Server 2003.
- You're looking for hands-on experience with PowerShell.
- You want to learn how to extend PowerShell with easy-to-build,
useful "modules."
- In this course, you'll mostly work with Active Directory and
PowerShell, but we'll take it further, covering networking and
application (Office) control.
- And okay, maybe there's one more reason: as
Microsoft's "gone PowerShell," there are an increasing number of
important Windows administration tasks that you simply can't get
done with anything but
PowerShell.
Maybe you've heard that PowerShell's useful, but haven't had the
time to look into it, or did
look into it and found it dry. In this class, however, Mark
takes a different approach to teaching PowerShell. This class
isn't about PowerShell, it's about using some tools to get your work
done easily and more quickly. It just happens that you'll
learn PowerShell in passing as you learn those tools!
Key Seminar Benefits
- If you have "I really ought to learn PowerShell one of these
days" on your things to do list, attending this seminar is the
quickest and easiest way to accomplish that goal
- See dozens of examples that illustrate PowerShell's usefulness
to admins
- Learn the quick path to figuring out how to find the right
PowerShell tool for the job (which is a pretty useful skill,
given that there are over 2,000 PowerShell commands)
- Know how to turn PowerShell commands ("cmdlets," in PowerShell
talk) into useful tools
- Understand enough about .NET and COM "objects" to use
PowerShell to explore and control them... and (for example) make
your computer talk to you
- Discover how to find AD accounts with particular problems
using PowerShell
- Apply your new PowerShell knowledge to server configuration
and networking tasks
- Find out how to use PowerShell on your AD whether you're using
Server 2003, Server 2012, or anything in-between
- Create your own new PowerShell cmdlet in a simple
PowerShell "module"
- Build an AD report and tell Server to create it and email it
to you every day
- Use PowerShell to make your AD more consistent, which better
prepares your AD to use 2012's new claims-based file permissions
- Quickly learn how to create, delete, undelete and modify user
accounts with PowerShell
- Understand PowerShell's "pipeline," the essential tool that
lets you "glue" two or more cmdlets together to create a
productive "one-liner"
- Use PowerShell's remote control tools to get more done in less
time
- Grasp how the ForEach and IF commands open the door to some
truly flexible, powerful tools
- Build simple scripts and make them modules
- See how to use PowerShell to examine your network stack
Course Outline
- PowerShell: the Value Proposition
It's all well and good to promise increases in productivity,
but let's get specific: how exactly can PowerShell make
your life easier?
- AD administration today
- Solving big AD problems, pre 2009: VBScript and ADSI
- Contrasting PowerShell and one-liners versus VBScripts
- Sidebar: PowerShell's the only way, sometimes
- Examples of complex AD tasks that PowerShell can make simple
- PowerShell Basics
Next, let's see how to get PowerShell started and what it's
going to require on our systems.
- Starting up PowerShell
- Making it AD-smart with a module
- New security and port requirements for AD PowerShell:
AD Web Service overview
- Making PowerShell work on Server 2003 and 2008 (it's built
into 2008 R2 and later)
- Tasks that fit PowerShell well and those that don't
- A "slow motion" look at a one-liner in action
- Deciphering PowerShell cmdlet names
- How to cheat at PowerShell
- Solving AD problems with PowerShell: the "filter" and
the "hammer"
- Querying AD: Meet the First Tool
Much of AD administration involves finding troubled accounts,
retrieving details about a particular account or just taking
domain statistics. You do that with a query tool of some
kind, and PowerShell's basically got four such tools. One
of those tools, "get-aduser," will be our first order of
business. Learning your first PowerShell cmdlet's always
the hardest, but get-aduser's so useful you won't notice.
- Get-aduser explained
- Learning any
cmdlet with PowerShell help
- Help bafflegab: parameters, parameter sets, and
positional parameters
- PowerShell made GUI-ish with show-command
- Updating Powershell help
- Querying AD
- Shortening PowerShell's long cmdlets
- Building useful queries easily
- Searching different parts of AD: OUs, global catalog
and other forests
- Interrogating get-aduser: making PowerShell cough up
more than just the default stuff
- An application: finding users who haven't logged on in
X days
- Side-Trip: Making PowerShell Tools
"Doing an AD query" is just another way of saying "generate the
information you'd need for a cool report." In this
section, we pause from our AD focus and look at how to take any
AD query and make it into a useful report with a bit of
formatting and delivery.
- Formatting PowerShell output: format-list,
format-table, out-gridview
- Ordering things with the sort-object cmdlet
- Saving output to text for later use
- How to assemble a few simple commands into a simple
"one-liner"
- Email your report with send-mailmessage
- Prettier one-liners: a very, very basic PowerShell
script
- Reference section: package up your cool new report tool in a
simple PowerShell module
- Navigating PowerShell: Nouns First!
One of PowerShell's great strengths is that it's a way to poke
around the inside of Windows to uncover the kind of information
that you sometimes need to get a job done and, better,
PowerShell lets you then change and reconfigure that information
to your liking. In this section, you'll learn a simple but
effective way to find your way around any part of Windows in
this second short digression from our AD exploration.
- Understanding the structure of Windows: objects
- Object pieces: members, properties, methods
- Exploring objects with PowerShell: a "nouns-first"
approach
- Nouns-first example: figure out who hasn't logged on
in the longest time
- Put objects under the x-ray with get-member
- Object types: .NET, COM, CIM overview
- Explore a second, "COM" object: speech
- More Query: Search-ADAccount
Get-ADUser is a quite flexible tool, but that flexibility can
sometimes lead to some quite lengthy cmdlets. That's why
the AD folks at Microsoft created a more-focused search tool,
"Search-ADAccount." We'll continue our tour of PowerShell
query cmdlets with Search-ADAccount.
- Meet Search-ADAccount
- Focus: user lockouts, disabled accounts, expired
passwords and more
- Interrogating Search-ADAccount: laying more pipeline
- Probing the pipeline: using "where" with get-aduser to
do more than search-adaccount can do
- Avoid inefficient searches! A look at some do's and
don'ts
- How to time a search to find out if it's efficient or not
- Query Finale: Querying Groups and Dead Users:
Get-ADGroup and Get-ADObject
By now, we're almost ready to move beyond queries, but
sometimes you'll want to find, say, everyone in a group "X"
that has criterion "Y." In other cases, you might need
to know what user accounts have been deleted. We'll
answer those questions with two more cmdlets.
- Finding a group's members
- Answering the more interesting question: to what
groups does this user belong?
- Cmdlets to create, modify and manage groups
- Dead users walking: get-adobject
- Hammer Time: Changing AD User Objects with PowerShell
Cmdlets
Thus far, we've only looked at AD user objects, but now, it's
time to touch.
By now, you'll have seen that "once you've learned your
first PowerShell cmdlet, you've learned 'em all," and you'll
be surprised at how quickly you'll understand and employ the
next bunch. Time to change, estrange and re-arrange some
user accounts!
- Set-ADUser, the all-purpose account changing tool
- Understanding Set-ADUser syntax's "hash tables," something
PowerShell uses a lot
- Single-purpose tools: unlock-adaccount,
disable-adaccount, enable-adaccount
- User management in groups with add-adgroupmember,
remove-adgroupmember
- Password management with PowerShell
- AD user deletes with remove-aduser
- AD user undeletes
with restore-adobject
- Tell PowerShell to stop asking you if you're sure:
putting the kibosh on "confirm"
- Assembling Hammers and Filters to Create Powerful One-Liners
Now we know how to create filters, like "what users in the
Engineers group have Sally Watkins as a manager?," and
hammers, like "disable this account," "unlock this account,"
or whatever. Now we'll put them together to create
useful tools like "find all of the users who haven't logged on
in 75 days and disable them" or "find all of the accounts in
the Chicago office and make them change their passwords on
their next logon" or the like.
- Filter review
- Hammer review
- Some prebuilt examples
- Your input: what tools would you build? How
could this be useful?
- A plan to build your own tools
- Example: bulk AD creation from a CSV file
- Solving More Complex AD Problems with ForEach and IF
Now we've seen how to build some great automated tools, but
their scope is just a little limited. We can fix that with
another PowerShell tool -- For Each.
- Task:
cleaning up an active directory
- Where the pipeline fails
- The answer: ForEach
- ForEach versus simple pipeline work
- How to create a ForEach loop and how to make it work
- Example: making all display names consistent
- Adding a dimension: decision-making with the IF
operator
- Building Modules
With the big automation tools in hand, we'll see how to build
simple scripts and then how to make them official PowerShell
modules.
- From one-liner to script
- Basic script pieces
- Running scripts
- Understanding basic modules
- Beyond AD
PowerShell opens the door to automating far more than AD.
In our last section, we'll look at two other apt PowerShell
targets
- Server 2012 and Windows 8 networking cmdlets
- Simple application: an ipconfig replacement
- Taming a tool that doesn't understand PowerShell:
Outlook
- Connecting to Outlook
- Choosing folders
- Controlling events
- Dealing with attachments
- Next steps
How Class Hands-On Works
You'll run the exercises on your computer, running a VMWare
Server 2012 virtual machine supplied by your instructor.
You'll need a laptop with at least 8 GB of RAM, a 64-bit processor
that supports hardware virtualization -- we recommend i3 minimum
-- and at least one USB 3.0 connector. (You'll get more
specific instructions when you sign up.)
Course Materials and Course
Format
The class works from PowerPoint presentations and hands-on
exercises. Every attendee gets a printed copy of the
PowerPoints. You'll see PowerShell run through its paces in
a series of interesting and explanatory demonstrations, then try
them out for yourself.
Arranging a Course At Your
Location
We offer this class as a public seminar at locations around the
US; you can view the current schedule at www.minasi.com/pubsems.htm.
But
you needn't wait — Mark can come to your organization to teach it
on-site. On-site classes offer you the flexibility to lengthen or
shorten the class, add hands-on labs, modify the course's focus
and zero in on your group's specific needs. For more info,
please contact out office at (757) 426-1431 between noon and five
PM Eastern time or email assistant@minasi.com
to discuss scheduling and fees.
Attendee Comments on our
PowerShell-related classes:
- The last
time I came to one of your classes, the PowerShell you taught me
got me a new position at work. Can't wait to see the
results this time!
- You've
inspired me to learn more PowerShell! There is a LOT of it
in 2012.
- Mark,
you are very good at what you do. Keep it up!
- Although
this wasn't actually a PowerShell class, well, I've been to a
multi-day PowerShell class, and you know what? That
instructor was good... but you're better!
|