Quest PowerShell - QAD Snap-in

Quest PowerShell - QAD Snap-in

A company called Quest, provides extra commands for PowerShell, some people call this Quest PowerShell, however I call them QAD cmdlets.  What ever the name, QAD (Quest Active Directory provides nifty 'shortcuts' for PowerShell.  The idea is to install the activeroles snap-in, which contains Active Directory cmdlets to supplement the native PowerShell commands.

In a nutshell, native PowerShell commands require a great deal of work to enumerate and manipulate Active Directory objects.  Quest PowerShell provides a package of sophisticated cmdlets, consequently, we are spared having to write code which connects to Active Directory.  QAD cmdlets make scripting User, Computer and Group objects as easy as scripting file, services or eventlog objects with native PowerShell cmdlets.

Topics for Quest PowerShell

• Pre-requisites for Quest PowerShell 
• Install the QAD Snap-in
• Get started with QAD commands
• Example 1 List QAD Commands
• Example 2a QAD Examples
• Example 2c How to List a User's Property
• Guy's LDAP Learning Technique
• Summary of PowerShell and QAD Cmdlets

Pre-requisites, particularly for the QAD snap-in

Before we can get my examples to work you need to meet these pre-requisites.

1. Download and install PowerShell and .Net Framework. 
   Go to Microsoft's site and choose the flavour to suit your operating system.
2. Download, then install the QAD Snap-ins from this site:
   http://www.quest.com/activeroles-server/arms.aspx
3. Register the snap-in. (Key point)
   add-PSSnapin quest.activeroles.admanagement
4. Gain access to Active Directory.  Best would be to logon at a domain controller in a test domain.

Install the QAD Snap-in

Think of Quest's free QAD snap-ins, as extra cmdlets.  Once you add this 'package' you need to issue a PowerShell instruction which makes the cmdlets available to the command line.

Unless you have a working knowledge of PowerShell, installing the snap-in (some call them snapins) will seem strange.  I am assuming that you have downloaded the QAD package and are ready to install its cmdlets.

Instructions to add the Quest PowerShell snap-in

1. Launch PowerShell.
2. We have a 'path' problem.  I don't know the drive and folder where you downloaded quest.activeroles.admanagement.
3. Fortunately, we have the solution.  Edit set-Location to refer to YOUR path for the snap-in.

Get started with QAD commands

If you have used standard PowerShell cmdlets (verb-Noun), then the QAD examples use exactly the same methods.  The verbs, 'get' or 'set' are identical; all that is new is the nouns.   Each noun begins with QAD followed by a word such as User, Computer or even Object.  We will begin by applying classic PowerShell research tools to the QAD cmdlets, for example get-command.  Please note that Quest PowerShell even includes help about the parameters, furthermore, this help is in the same format as that for native cmdlets. [get-Help and get-Member]

Example 1 List QAD Commands

Here is a simple method that you can apply to any new PowerShell project.  This technique will list all QAD commands.  Get-Command is the key PowerShell cmdlet for our investigation.  I tried appending plain QAD* however, but this did not work.  What I needed was 'Where' statement to filter the results.

Pre-requisite  Remember that you need Active Directory otherwise the commands won't return any results.  To reduce errors caused by authentication or firewall settings, I execute all these commands on a domain controller.  Most of these QAD examples are just one line.  Short, but so sweet.

Note 1:   From your results of executing the above command, observe the structure of the names.  What you get is QADxyz; where xyz could be an Active Directory User, Computer, or Group.

Note 2:   A quick check; are these QAD objects singular, or plural?  A valuable piece of knowledge is that PowerShell consistently uses only singular nouns, furthermore, Quest honours this convention and each QAD noun is a singular word.

Example 1a get-QAD*

My purpose in Example 1a is to modify the command to list only Active Directory objects that we can 'get' or check their properties and values.

Note 1:  Observe the classic Active Directory objects such as (QAD)User and (QAD)Group.

Note 1:  Remember that QAD follows the PowerShell format of verb-Noun.

Note 2:  In real life scripting, 'set' is a more exciting command then 'get'.  However, 'set' really would change the properties of active directory objects, so be careful.  This is why we are only listing the command here, and not making any changes to Active Directory

Example 2a QAD Examples

Here are QAD examples which feature PowerShell's get-help command.  I am pleased to report that QAD commands support my favourite research tool: get-Help xyz -full.

Example 2b QADUser in action

At last, here is a command which interacts with Active Directory, in this QAD example we are going to list users beginning with the letter 'g'.

Challenge 1:  You could try a*, because there should be a user called Administrator.

Challenge 1: Substitute QADComputer for QADUser

Challenge 2:  Experiment with QADObject, for example try:
get-QADObject -type 'organizationalUnit'

Example 2c How to List a User's Property

As with many of my scripts, there are two learning threads in this example, a real-life objective (Listing user properties) and also learning PowerShell techniques (Piping and word-wrap).

Pre-requisite

Find and amend the variable $OU.  Edit the value to reflect Your Domain and Your OU.

Note 1:  The unusual backtick symbol (`) means, wrap the command to the next line.

Note 2:  The pipe symbol (|) is PowerShell's signature tune; it means push the output of the first clause (get-QADUser) into this next command (format-Table).

Challenges: If I were you I would take a timeout to add values to your user's property sheet, e.g. LastName, Description, also manager and location.

The second part of my challenge is to put into practice what we learned with get-help QADUser, namely to add different fields from my example 2b, for example, Company or Office.

Guy's LDAP Learning Technique

Here is simple but effective technique to learn the LDAP names which you may then include in your script. 

The key point is to change a value of a field in Active Directory Users and Computers and then see if you can find the very same string in ADSI Edit.  If so, then you have learned the equivalence between the GUI menu, and the LDAP property.  For example, go to the Last name of your test user, enter 'Thomas', now search through ADSI Edit until you find 'Thomas'.  The conclusion is that, Last name: corresponds to 'sn'.

There is an alternative, and that is to get a list of LDAP properties, which you keep by your side when scripting.

Conclusion of Quest PowerShell

QAD examples will help you discover a whole new world of Active Directory objects.  My mission has been to get you started.  Once you have installed the snap-in, it is up to you to plan, then create scripts to manage your Users and Computers.  If you get stuck, remember PowerShell's get-help; then append the QAD verb-Noun with the -full switch. 

Summary of PowerShell and QAD Cmdlets

A company called Quest, kindly provide extra commands for PowerShell.  To install these cmdlets, download a package from the Quest website, and then use PowerShell to add this 'snap-in' to make the commands available for your scripting.

You can script Active Directory objects such as computers or groups by using PowerShell's native cmdlets.  However the QAD snap-in makes the task a joy rather than a chore.  Perhaps I have a short memory, but listing users with native PowerShell seems even more difficult than VBScript.

See more PowerShell QAD tasks

• PowerShell Home   • Quest QAD   • QADUser   • QADGroup   • QADComputer  • Export-CSV   • Import CSV

Please write in if you see errors of any kind.  Please report any factual mistakes, grammatical errors or broken links, I will be happy to not only to correct the fault, but also to give you credit.

 *