Automate Active Directory Migration Tool using Windows PowerShell « blog.powershell.no Active Directory Migration Tool (ADMT) provides the ability to restructure Active Directory domain structures. It allows you to migrate users, groups and computers between domains, both intra-forest and inter-forest. Features includes password migration, SID migration and security translation among several others. ADMT provides three options on how to use it, where the first and maybe most used is the GUI: It`s wizard driven and pretty straightforward to use. In my opinion this is a pretty good example on how inconsistent various command line tools are compared to PowerShell. The third option is scripting. Based on this I`ve written a sample PowerShell script, Invoke-ADMTUserMigration, to migrate user accounts and passwords using Windows PowerShell. Note that since ADMT is a 32-bit application the script must be run from an x86 instance of Windows PowerShell. When this is done, I also would recommend to split the migration in batches as recommended in the migration guide. Resources
Service overview and network port requirements for the Windows Server system This article discusses the required network ports, protocols, and services that are used by Microsoft client and server operating systems, server-based programs, and their subcomponents in the Microsoft Windows Server system. Administrators and support professionals may use this Microsoft Knowledge Base article as a roadmap to determine which ports and protocols Microsoft operating systems and programs require for network connectivity in a segmented network. You should not use the port information in this article to configure Windows Firewall. For information about how to configure Windows Firewall, see the following Microsoft website: The Windows Server system includes a comprehensive and integrated infrastructure to meet the requirements of developers and information technology (IT) professionals. Overview This article includes information about the system services roles and the server roles for the Microsoft products that are listed in the "Applies to" section. System services ports
Active Directory and Active Directory Domain Services Port Requirements Updated: March 28, 2014 Applies To: Windows Server 2000, Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2, Windows Server 2008, Windows Server 2008 Foundation, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Vista In a domain that consists of Windows Server® 2003–based domain controllers, the default dynamic port range is 1025 through 5000. Windows Server 2008 R2 and Windows Server 2008, in compliance with Internet Assigned Numbers Authority (IANA) recommendations, increased the dynamic port range for connections. The new default start port is 49152, and the new default end port is 65535. When you see “TCP Dynamic” in the Protocol and Port column in the following table, it refers to ports 1025 through 5000, the default port range for Windows Server 2003, and ports 49152 through 65535, the default port range beginning with Windows Server 2008.
Overview of Migration Cmdlets Windows Server Migration Tools includes five Windows PowerShell cmdlets that let you migrate some server roles, features, operating system settings, shares, and other data from computers that are running Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, or Windows Server® 2008 R2, or to computers that are running Windows Server 2008 R2. This topic identifies and describes the Windows PowerShell cmdlets that are part of Windows Server Migration Tools. For a complete list of operating systems that are supported by Windows Server Migration Tools, see Windows Server Migration Tools and Guides in this Help. Windows PowerShell Cmdlets (pronounced command-lets) are built-in commands included with Windows PowerShell 2.0, installed by default as part of Windows Server 2008 R2. Running Windows PowerShell as an administrator Starting Windows Server Migration Tools You can start Windows Server Migration Tools by using one of the following two procedures.
Best Practices Analyzer for File Services: Configuration Published: April 27, 2010 Updated: April 27, 2010 Applies To: Windows Server 2008 R2, Windows Server 2012 Topics in this section can help you bring File Services running on Windows Server 2008 R2 into compliance with configuration best practices. Configuration rules are applied to identify settings that might require modification for File Services to perform optimally. For more information about Best Practices Analyzer and scans, see Best Practices Analyzer.
Active Directory Certificate Services Overview Published: February 8, 2012 Updated: June 24, 2013 Applies To: Windows Server 2012, Windows Server 2012 R2 This document provides an overview of Active Directory Certificate Services (AD CS) in Windows Server® 2012. AD CS is the Server Role that allows you to build a public key infrastructure (PKI) and provide public key cryptography, digital certificates, and digital signature capabilities for your organization. Did you mean… AD CS provides customizable services for issuing and managing digital certificates used in software security systems that employ public key technologies. The digital certificates that AD CS provides can be used to encrypt and digitally sign electronic documents and messages. Confidentiality through encryption Integrity through digital signatures Authentication by associating certificate keys with computer, user, or device accounts on a computer network The installation of AD CS role services can be performed through the Server Manager.
Windows PowerShell: Splatting | TechNet Magazine Bundling parameters before sending them along to a command can save you time, but only if you’re using the latest version of Windows PowerShell. Where else but in the IT industry could you use a word like “splatting” in a serious, professional context? Windshield repair, perhaps, but not many other places. In Windows PowerShell terms, splatting is a way of bundling parameters to send to a command. The Old Way Normally, you’d run commands by providing parameters to them right on the command line. Get-WmiObject –computername SERVER-R2 –class Win32_LogicalDisk –filter "DriveType=3" –credential "Administrator" You can still do that in version 2.0 of the shell, of course. Get-WmiObject –comp SERVER-R2 –cla Win32_LogicalDisk –filt "DriveType=3" –cred "Administrator" There are still positional parameters, of course. Get-WmiObject Win32_LogicalDisk –comp SERVER-R2 –filt "DriveType=3" –cred "Administrator" Gwmi Win32_LogicalDisk –comp SERVER-R2 –filt "DriveType=3" –cred "Administrator" The New Way
Troubleshoot Windows Server 2008 Updated: January 9, 2009 Applies To: Windows Server 2008 The Windows Server 2008 Technical Library provides several types of troubleshooting information: Server fundamentals documentation provides information about day-to-day server operations, including how to monitor and manage the server and how to improve system performance. The documentation for the following server fundamentals and server roles contains specific troubleshooting information. The Monitoring Events documentation describes how to use Event Viewer. The Events and Errors documentation provides detailed procedural troubleshooting information for individual Windows Server 2008 events, as well as for some Windows Vista events. You can access this content directly from a link in Event Viewer as well as here in the Windows Server 2008 Technical Library. The Command Reference documentation describes the command-line tools that are available with Windows Server 2008.
Active Directory Federation Services Overview Published: February 24, 2012 Updated: November 1, 2013 Applies To: Windows Server 2012 R2 This topic provides an overview of Active Directory Federation Services (AD FS) in Windows Server® 2012 and Windows Server® 2012 R2. AD FS provides simplified, secured identity federation and Web single sign-on (SSO) capabilities for end users who want to access applications within an AD FS-secured enterprise, in federation partner organizations, or in the cloud. In Windows Server® 2012 R2, AD FS includes a federation service role service that acts as an identity provider (authenticates users to provide security tokens to applications that trust AD FS) or as a federation provider (consumes tokens from other identity providers and then provides security tokens to applications that trust AD FS). The function of providing extranet access to applications and services that are secured by AD FS is now performed by a new Remote Access role service called Web Application Proxy.
Windows PoweShell: Think Commands, Not Scripts | TechNet Magazine Don’t be intimidated by the term “scripting,” because you can do a lot with Windows PowerShell using simple commands. Perception has been one of the biggest struggles Windows PowerShell has had in terms of administrator acceptance. There’s a lingering perception that the shell is a “scripting language,” akin to VBScript. While a lot of admins love what they can do with a scripting language, plenty more are turned off by the perception of complexity and a steep learning curve. It’s a shame. Just a Script The following function will accept computer names from the command line, either as strings or in the “ComputerName” property of an input object; it will also retrieve the BIOS and OS information from each computer using Windows Management Instrumentation (WMI): Note that the parentheses force the shell to execute expressions—such as getting the BuildNumber property from the object in the $os variable—and return the result of that expression as the third parameter value of Add-Member.
Windows Server 2008 R2 Glossary Updated: June 10, 2009 Applies To: Windows Server 2008 R2 For more Windows Server terms, see either the Windows Server 2008 Glossary or the Windows Server 2003 Glossary 802.1X is an Institute of Electrical and Electronics Engineers (IEEE) standard. A network access server that adheres to both the Institute of Electrical and Electronics Engineers (IEEE) 802.1X and the Remote Authentication Dial-in User Service (RADIUS) standards, and that is deployed in networks to enforce 802.1X authenticated IEEE 802.3 wired Ethernet access. A network access server that adheres to both the Institute of Electrical and Electronics Engineers (IEEE) 802.1X and the Remote Authentication Dial-in User Service (RADIUS) standards, and that is deployed in networks to enforce 802.1X authenticated IEEE 802.11 wireless access.
Windows PoweShell: Make a Command into a Reusable Tool | TechNet Magazine You can repackage and reuse your efforts when it comes to Windows PowerShell commands and cmdlets. No matter how inexperienced you are with Windows PowerShell when you first start working with it, there’s always plenty of room for growth. You can start out running simple commands, work up to more-complicated commands, and eventually repackage those commands into something that looks and feels almost like a native cmdlet. These are called advanced functions, and are informally known as “script cmdlets.” Consider a situation where you may want to retrieve some critical inventory information from a computer. You need the Windows version, BIOS serial number, service pack version and processor architecture. The problem is that these commands generate three different result sets. Accept one or more computer names as strings from the pipeline, as in: Get-Content names.txt | Get-OSInfo | ConvertTo-HTML | Out-File info.html Accept one or more computer names on a –computername parameter, as in:
Windows PowerShell: Sharing Your Scripts - Made Easy | TechNet Magazine One limitation of Windows PowerShell v1 is that it didn’t do much to make script sharing easier. Sure, you could easily copy a .ps1 script file to another computer, or even zip it up and e-mail it to a colleague, but you could do that with VBScript more than a decade ago. If your script included reusable functions, however, whoever received it from you would have to know how to dot-source it, or would wind up actually having to modify it in order to execute those functions. All in all, it was an acceptable situation—even if it wasn’t ideal. The situation became less acceptable for scripts that were accompanied by custom format views or type extensions, because those additional files had to be manually loaded into the shell in order to be used by the script. With Windows PowerShell v2, however, we’ve moved to a nearly ideal situation, thanks to the introduction of modules. Self-Contained Chunks of Shell Goodness A module is simply a collection of files that relate to one another.