ConvertTo-HTML selects the properties
specified with the -Property parameter (i.e.,
Name, Department, and Title), adds the
title specified with -Title property (i.e., London
Staff), and produces the corresponding
HTML code. After the selected data is
converted into HTML, it’s saved in the C: LondonUsers.html file with the Out-File
cmdlet. For more information about the
ConvertTo-HTML and Out-File cmdlets, see
the PowerShell documentation.
Modifying User Properties
To modify user properties, you use the Set-
QADUser cmdlet. You can use many of the
attribute-specific attributes for Set-QADUser
that you use for Get-QADUser (see Table 1).
For example, to set Paris as the office location
for a user, you’d use a command such as
Set-QADUser 'Dmitry Sotnikov'
-City Paris
Bulk changes are just as easy. You can relocate
everyone from the London office to the
Paris office with the command
Get-QADUser -City London |
Set-QADUser -City Paris
To reset a password, you use Set-QADUser’s
-UserPassword parameter in a command
such as
Set-QADUser 'Dmitry Sotnikov'
-UserPassword '!@#Quh*$%'
Modifying User Accounts
There’s more to managing user accounts
than just reporting on and setting their
properties. Other common tasks include
enabling, unlocking, moving, and deleting
user accounts. To enable user accounts,
you use the Enable-QADUser cmdlet. For
example, the command
Get-QADUser -Disabled |
Enable-QADUser
first uses Get-QADUser’s -Disabled parameter
to find all the disabled accounts, after which it
uses Enable-QADUser to enable them.
To unlock accounts, you use the Unlock-
QADUser cmdlet. For example, the command
Get-QADUser -Locked -Title Manager |
Unlock-QADUser
first uses Get-QADUser’s -Locked and
-Title parameters to find the locked out
accounts of users whose title is manager,
then uses Unlock-QADUser to unlock those
accounts.
To move user accounts, you use the
Move-QADObject (and not Move-QADUser)
cmdlet. Move-QADObject is a generic cmdlet
that you can use to move any AD object to
a different container. For example, to reorganize
user accounts into organizational units
(OUs) based on geography, you might use a
command such as
Get-QADUser -City 'New York' |
Move-QADObject NewParentContainer
quest.com/staff/NewYork
This command begins by finding all the
users in the New York office, then pipes
the results to Move-QADObject, which
moves them to the specified container.
Note that the canonical name (quest.com/
staff/NewYork) is used to specify the target
container. You could use a DN (e.g., cn=
NewYork,ou=staff,dc=quest,dc=com)
instead, but canonical names are much
shorter and easier to type.
To delete user accounts, you use Remove-
QADObject, a generic cmdlet that lets you
delete any AD object. You simply specify the
object to delete, as in
Remove-QADObject 'Unlucky One'
Although you’ll be given a warning message
along with a prompt to confirm the delete
action, it’s highly recommended that you
use PowerShell’s -WhatIf parameter with
Remove-QADObject first. When you use
this parameter, PowerShell lists what objects
will be deleted but doesn’t actually delete
them. This is especially handy when you use
pipelines for input and you’re not certain
which accounts might get into the result set.
For example, suppose you want to use Get-
QADUser to retrieve any disabled accounts
whose name starts with the letter a in the
quest.com/recycled container and pipe the retrieved
objects to Remove-QADObject for
deletion. By using the -WhatIf parameter in
the command
Get-QADUser -Name a* -Disabled
-SearchRoot quest.com/recycled |
Remove-QADObject -WhatIf
you’ll know exactly which objects will be
deleted. Note that QADUser’s -SearchRoot
parameter limits the scope to the specified
container.
Continue on Page 3
Register
