Automate Active Directory Migration Tool using Windows PowerShell « blog.powershell.no Active Directory Migration Tool (ADMT) provides the ability to restructure Active Directory domain structures. It allows you to migrate users, groups and computers between domains, both intra-forest and inter-forest. Features includes password migration, SID migration and security translation among several others. ADMT provides three options on how to use it, where the first and maybe most used is the GUI: It`s wizard driven and pretty straightforward to use. In my opinion this is a pretty good example on how inconsistent various command line tools are compared to PowerShell. The third option is scripting. Based on this I`ve written a sample PowerShell script, Invoke-ADMTUserMigration, to migrate user accounts and passwords using Windows PowerShell. Note that since ADMT is a 32-bit application the script must be run from an x86 instance of Windows PowerShell. When this is done, I also would recommend to split the migration in batches as recommended in the migration guide. Resources
Service overview and network port requirements for the Windows Server system This article discusses the required network ports, protocols, and services that are used by Microsoft client and server operating systems, server-based programs, and their subcomponents in the Microsoft Windows Server system. Administrators and support professionals may use this Microsoft Knowledge Base article as a roadmap to determine which ports and protocols Microsoft operating systems and programs require for network connectivity in a segmented network. You should not use the port information in this article to configure Windows Firewall. For information about how to configure Windows Firewall, see the following Microsoft website: The Windows Server system includes a comprehensive and integrated infrastructure to meet the requirements of developers and information technology (IT) professionals. Overview This article includes information about the system services roles and the server roles for the Microsoft products that are listed in the "Applies to" section. System services ports
Active Directory and Active Directory Domain Services Port Requirements Updated: March 28, 2014 Applies To: Windows Server 2000, Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2, Windows Server 2008, Windows Server 2008 Foundation, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Vista In a domain that consists of Windows Server® 2003–based domain controllers, the default dynamic port range is 1025 through 5000. Windows Server 2008 R2 and Windows Server 2008, in compliance with Internet Assigned Numbers Authority (IANA) recommendations, increased the dynamic port range for connections. The new default start port is 49152, and the new default end port is 65535. When you see “TCP Dynamic” in the Protocol and Port column in the following table, it refers to ports 1025 through 5000, the default port range for Windows Server 2003, and ports 49152 through 65535, the default port range beginning with Windows Server 2008.
Active Directory Attribute List Using c# Overview of Migration Cmdlets Windows Server Migration Tools includes five Windows PowerShell cmdlets that let you migrate some server roles, features, operating system settings, shares, and other data from computers that are running Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, or Windows Server® 2008 R2, or to computers that are running Windows Server 2008 R2. This topic identifies and describes the Windows PowerShell cmdlets that are part of Windows Server Migration Tools. For a complete list of operating systems that are supported by Windows Server Migration Tools, see Windows Server Migration Tools and Guides in this Help. Windows PowerShell Cmdlets (pronounced command-lets) are built-in commands included with Windows PowerShell 2.0, installed by default as part of Windows Server 2008 R2. Running Windows PowerShell as an administrator Starting Windows Server Migration Tools You can start Windows Server Migration Tools by using one of the following two procedures.
Best Practices Analyzer for File Services: Configuration Published: April 27, 2010 Updated: April 27, 2010 Applies To: Windows Server 2008 R2, Windows Server 2012 Topics in this section can help you bring File Services running on Windows Server 2008 R2 into compliance with configuration best practices. Configuration rules are applied to identify settings that might require modification for File Services to perform optimally. For more information about Best Practices Analyzer and scans, see Best Practices Analyzer.
Active Directory Certificate Services Overview Published: February 8, 2012 Updated: June 24, 2013 Applies To: Windows Server 2012, Windows Server 2012 R2 This document provides an overview of Active Directory Certificate Services (AD CS) in Windows Server® 2012. AD CS is the Server Role that allows you to build a public key infrastructure (PKI) and provide public key cryptography, digital certificates, and digital signature capabilities for your organization. Did you mean… AD CS provides customizable services for issuing and managing digital certificates used in software security systems that employ public key technologies. The digital certificates that AD CS provides can be used to encrypt and digitally sign electronic documents and messages. Confidentiality through encryption Integrity through digital signatures Authentication by associating certificate keys with computer, user, or device accounts on a computer network The installation of AD CS role services can be performed through the Server Manager.
Syntaxes MSDN Library Develop Desktop App Technologies Syntaxes The following syntaxes are defined by Active Directory. Did you find this helpful? Tell us more... (1500 characters remaining) Thank you for your feedback Show: © 2014 Microsoft. Windows PowerShell: Splatting | TechNet Magazine Bundling parameters before sending them along to a command can save you time, but only if you’re using the latest version of Windows PowerShell. Where else but in the IT industry could you use a word like “splatting” in a serious, professional context? Windshield repair, perhaps, but not many other places. In Windows PowerShell terms, splatting is a way of bundling parameters to send to a command. The Old Way Normally, you’d run commands by providing parameters to them right on the command line. Get-WmiObject –computername SERVER-R2 –class Win32_LogicalDisk –filter "DriveType=3" –credential "Administrator" You can still do that in version 2.0 of the shell, of course. Get-WmiObject –comp SERVER-R2 –cla Win32_LogicalDisk –filt "DriveType=3" –cred "Administrator" There are still positional parameters, of course. Get-WmiObject Win32_LogicalDisk –comp SERVER-R2 –filt "DriveType=3" –cred "Administrator" Gwmi Win32_LogicalDisk –comp SERVER-R2 –filt "DriveType=3" –cred "Administrator" The New Way
Troubleshoot Windows Server 2008 Updated: January 9, 2009 Applies To: Windows Server 2008 The Windows Server 2008 Technical Library provides several types of troubleshooting information: Server fundamentals documentation provides information about day-to-day server operations, including how to monitor and manage the server and how to improve system performance. The documentation for the following server fundamentals and server roles contains specific troubleshooting information. The Monitoring Events documentation describes how to use Event Viewer. The Events and Errors documentation provides detailed procedural troubleshooting information for individual Windows Server 2008 events, as well as for some Windows Vista events. You can access this content directly from a link in Event Viewer as well as here in the Windows Server 2008 Technical Library. The Command Reference documentation describes the command-line tools that are available with Windows Server 2008.
Active Directory Federation Services Overview Published: February 24, 2012 Updated: November 1, 2013 Applies To: Windows Server 2012 R2 This topic provides an overview of Active Directory Federation Services (AD FS) in Windows Server® 2012 and Windows Server® 2012 R2. AD FS provides simplified, secured identity federation and Web single sign-on (SSO) capabilities for end users who want to access applications within an AD FS-secured enterprise, in federation partner organizations, or in the cloud. In Windows Server® 2012 R2, AD FS includes a federation service role service that acts as an identity provider (authenticates users to provide security tokens to applications that trust AD FS) or as a federation provider (consumes tokens from other identity providers and then provides security tokens to applications that trust AD FS). The function of providing extranet access to applications and services that are secured by AD FS is now performed by a new Remote Access role service called Web Application Proxy.
Links and References How to find answers to your ADSI scripting questions. ADSI script troubleshooting tips. Issues to consider when transitioning from VBScript to PowerShell. Spreadsheets documenting Active Directory attributes. Discussion of Integer8 Attributes, including an inaccuracy discovered in the HighPart and LowPart methods used to deal with these values in VBScript. Tips on using ADO to search Active Directory, including operators that can be used, and example filters to retrieve information on objects meeting your criteria. Frequently Asked Questions about the NameTranslate object. Comparing the relative performance of the IADsNameTranslate interface and ADO for converting NT format names (sAMAccountName values) into Distinguished Names. Comparing the relative performance of PowerShell and VBScript to retrieve values from Active Directory. Comparing the account expiration date shown in ADUC with the AccountExpirationDate property method and the accountExpires attribute.
Windows PoweShell: Think Commands, Not Scripts | TechNet Magazine Don’t be intimidated by the term “scripting,” because you can do a lot with Windows PowerShell using simple commands. Perception has been one of the biggest struggles Windows PowerShell has had in terms of administrator acceptance. There’s a lingering perception that the shell is a “scripting language,” akin to VBScript. While a lot of admins love what they can do with a scripting language, plenty more are turned off by the perception of complexity and a steep learning curve. It’s a shame. Just a Script The following function will accept computer names from the command line, either as strings or in the “ComputerName” property of an input object; it will also retrieve the BIOS and OS information from each computer using Windows Management Instrumentation (WMI): Note that the parentheses force the shell to execute expressions—such as getting the BuildNumber property from the object in the $os variable—and return the result of that expression as the third parameter value of Add-Member.