New features in Active Directory Domain Services in Windows Server 2012, Part 4: New PowerShell Cmdlets

With Windows PowerShell Scripting being one of the requirements in the current Common Engineering Criteria (CEC), all Microsoft server products need to comply with having Windows PowerShell scripting support. In Windows Server 2012, Active Directory Domain Services expands beyond the 76 Active Directory Management PowerShell Cmdlets and 15 Active Directory Provider PowerShell Cmdlets found in Windows Server 2008 R2.

What's New

Windows Server 2008 R2

With Windows Server 2008 R2, Microsoft introduced the Active Directory Cmdlets. These PowerShell Cmdlets communicate through the Active Directory Web Service (ADWS):

Windows Server 2012

In Windows Server 2012, Active Directory PowerShell has been extended with various new PowerShell Cmdlets. These new Cmdlets extend beyond the areas of Account Management, Topology Management and Directory Object Management.

In Windows Server 2012 you'll have 59 more PowerShell Cmdlets to your disposal from the Active Directory Module to manage your Active Directory Topology and Objects, with a specific focus on Active Directory Sites and Services, Active Directory replication, Dynamic Access Control and Domain Controller cloning:

• Add-ADCentralAccessPolicyMember 
• Add-ADResourcePropertyListMember 
• Clear-ADClaimTransformLink 
• Get-ADCentralAccessPolicy
• Get-ADCentralAccessRule 
• Get-ADClaimTransformPolicy 
• Get-ADClaimType
• Get-ADDCCloningExcludedApplicationList
• Get-ADReplicationAttributeMetadata
• Get-ADReplicationConnection
• Get-ADReplicationFailure
• Get-ADReplicationPartnerMetadata
• Get-ADReplicationQueueOperation
• Get-ADReplicationSite
• Get-ADReplicationSiteLink
• Get-ADReplicationSiteLinkBridge
• Get-ADReplicationSubnet
• Get-ADReplicationUpToDatenessVectorTable 
• Get-ADResourceProperty
• Get-ADResourcePropertyList
• Get-ADResourcePropertyValueType
• Get-ADTrust
• New-ADCentralAccessPolicy
• New-ADCentralAccessRule
• New-ADClaimTransformPolicy
• New-ADClaimType
• New-ADDCCloneConfigFile
• New-ADReplicationSite
• New-ADReplicationSiteLink
• New-ADReplicationSiteLinkBridge
• New-ADReplicationSubnet
• New-ADResourceProperty
• New-ADResourcePropertyList
• Remove-ADCentralAccessPolicy
• Remove-ADCentralAccessPolicyMember
• Remove-ADCentralAccessRule
• Remove-ADClaimTransformPolicy
• Remove-ADClaimType
• Remove-ADReplicationSite
• Remove-ADReplicationSiteLink
• Remove-ADReplicationSiteLinkBridge
• Remove-ADReplicationSubnet
• Remove-ADResourceProperty
• Remove-ADResourcePropertyList
• Remove-ADResourcePropertyListMember
• Set-ADCentralAccessPolicy
• Set-ADCentralAccessRule
• Set-ADClaimTransformLink
• Set-ADClaimTransformPolicy
• Set-ADClaimType
• Set-ADReplicationConnection
• Set-ADReplicationSite
• Set-ADReplicationSiteLink
• Set-ADReplicationSiteLinkBridge
• Set-ADReplicationSubnet
• Set-ADResourceProperty
• Set-ADResourcePropertyList
• Sync-ADObject
• Test-ADServiceAccount

In addition, you'll have 9 PowerShell Cmdlets to deploy Active Directory Domain Services with Windows Server 2012:

• Add-ADDSReadOnlyDomainControllerAccount
• Install-ADDSDomain
• Install-ADDSDomainController
• Install-ADDSForest
• Test-ADDSDomainControllerInstallation
• Test-ADDSDomainControllerUninstallation
• Test-ADDSDomainInstallation
• Test-ADDSForestInstallation
• Test-ADDSReadOnlyDomainControllerAccountCreation
• Uninstall-ADDSDomainController

You've already seen one of these PowerShell Cmdlets in action in Part 2 of this series when we promoted a server to a Domain Controller from the command-line and other Cmdlets are used under the hood by the automated Active Directory preparation feature.

Requirements

To gain access to the PowerShell commands, you need to use either:

• Implement a Windows Server 2012 Domain Controller with the Active Directory Module for Windows PowerShell feature installed. (It is installed by default when you install the Active Directory Domain Services role.)
• Implement a Windows Server 2012-based member server with the Active Directory Module for Windows PowerShell feature installed. This feature is buried deep in the Remote Server Administration Tools, then Role Administration Tools and AD DS and AD LDS Tools.
• Implement a Windows 8-based domain-joined workstation with the Remote Server Administration Tools (RSAT) package installed and Active Directory Module for Windows PowerShell feature installed. This feature is buried deep in the Remote Server Administration Tools, then Role Administration Tools and AD DS and AD LDS Tools.

To point the PowerShell commands to a Domain Controller, this Domain Controller needs to run the Active Directory Web Services (ADWS). This functionality is available on both Server Core and Full Installations of Windows Server 2008 R2. For Windows Server 2003 and full installations of Windows Server 2008, the Active Directory Management Gateway Service (Active Directory Web Service for Windows Server 2003 and Windows Server 2008) can be installed.