Introduction to Essentials 2007



Quest ActiveRoles Management Shell for Active Directory Introduction (HOLSW80)

Objectives

In this lab you will walk through the configuration and use of ActiveRoles Server and PowerGUI. ActiveRoles Server is a Active Directory Management and Provisioning product designed for medium and large sized enterprises and this lab will demonstrate some of the key capabilities including bulk provisioning of new users accounts with PowerShell and ActiveRoles, Bulk population of Groups with PowerShell and ActiveRoles, and software deployment, update management and monitoring

Prerequisite

Before working on this lab, you should be familiar with the basic concepts PowerShell and Active Directory Management.

Lab Setup

To complete this lab you will be one Virtual Server image

VM Name: AD cmdlets & PowerGUI

Server 2k3dc1.2k3.dom -10.3.0.1

o Windows 2003 Server Enterprise

o Domain Controller

o DNS

o SQL 2005 Express Advanced

o Microsoft PowerShell

o Quest ActiveRoles Server

o PowerGUI

Estimated time to complete this lab: 20 minutes for all exercises.

Before You Begin

Before you begin the lab, you should make yourself familiar with the lab computers and setup. If you have not used Microsoft® Virtual PC 2004 images before please review the Virtual PC 2004 Overview below.

Microsoft® Virtual PC 2007 Overview

This lab makes use of Virtual PC 2007, which is an application that allows you to run multiple virtual computers on the same physical hardware. During the lab you will be running one or more Virtual PC images on a lab host computer.

During this lab the there may be multiple Virtual PC images running. Some may be running in full screen mode while others maybe run in windowed mode.  Here are some tips in navigating from the host desktop to each of your Virtual PC images:

Input focus for your mouse and keyboard passes to the Virtual PC when you click inside a Virtual PC window.

To move the input focus from a windowed Virtual PC to the desktop or another window move the mouse pointer outside the Virtual PC’s window and click on the relevant window or desktop location.

To logon () to a Virtual PC image use the ALT key to the right of the SPACEBAR + Delete. The ALT key to the right of the SPACEBAR is also known as the “Host Key” so the logon () command is “Host Key+Del”.

Note: Pressing while keyboard focus is on a Virtual PC will cause the Virtual PC’s host computer to capture the event rather than the Virtual PC.

To log on to the AD cmdlets & PowerGUI lab, the following credentials should be used:

• Domain: 2k3

• Username: Administrator

• Password: P@ssword

Getting Started

PowerShell, ActiveRoles Server and PowerGUI have been installed for you. Use the virtual image provided to work through the following exercises.

Exercise 1

Using Quest ActiveRoles AD Management CMDLETS to perform AD Management Tasks

(Estimated Time to complete this Exercise: 10 minutes)

In this exercise, you will use the Quest ActiveRoles AD Management CMDLETS to perfom administrative tasks within Active Directory.

Note

Complete this exercise on the AD cmdlets & PowerGUI Virtual Machine image.

1. Logon with the following credentials.

User name: Administrator

Password: P@ssword

2. Double click the ActiveRoles Server icon on the desktop to launch the Quest ActiveRoles Server application.

3. Expand the Active Directory node

4. Expand the 2k3.dom domain and select the Music OU.

Review the list of users displayed on the right.

[pic]

5. Minimize the ActiveRoles Server application window for later use.

6. Double click the ActiveRoles Management Shell for Active Directory shortcut on the desktop to launch PowerShell.

[pic]

Note: It is important to use the ActiveRoles Management Shell for AD (beta) shortcut on the desktop as it automatically loads the AD CMDLETS loaded. Launching PowerShell using the default shortcut in the Start menu (that was created during PowerShell installation itself) would require that you also use the command add-pssnapin Quest.ActiveRoles.ADManagement to make the AD CMDLETS available during that session. The desktop shortcut is provided in this case to reduce the number of steps in this exercise.

7. In the ActiveRoles Management Shell for AD (beta) window type:

cd c:\ and press enter.

This will reduce the size of the path shown on the command line.

Executing the Get-QADUser, Set-QADUser Get-QADGroup and Set-QADGroupMember directly against Active Directory

8. Type: Get-QADUser and press enter.

You will see a list of users returned on the screen.

9. Type: Get-QADUser –Company Beatles and press enter.

You will see a filtered list of users objects where the company name = Beatles.

10. Pipe the results of the Get-QADUser CMDLET to the Set-QADUser CMDLET to update the location attribute in Active Direcotry.

Type: Get-QADUser -Company Beatles | Set-QADUser -l Liverpool and press enter.

11. Restore the ActiveRoles Server application window.

12. Double click the John Lennon user object and select the Address tab – verify the location (city) attribute was set to Liverpool.

[pic]

13. Close the dialog box and minimize the ActiveRoles Server application window.

14. In the ActiveRoles Management Shell for AD (beta) window type:

Get-QADUser -Company Beatles | ft Name, City and press enter.

This will display a list of the users with city column displayed.

15. Type: Get-QADGroup –Name b* and press enter.

A list of groups beginning with the letter b will appear.

16. Type Add-QADGroupMember 2k3.dom/Music/Beatles –Member ‘John Lennon’ and press enter.

17. Type Get-QADGroupMember 2k3\Beatles and press enter.

You will see John Lennon has been added to the Beatles Group.

Continue to next exercise…

Exercise 2

Configure an ActiveRoles AutoProvision Policy then use PowerShell to perform bulk user account creation

(Estimated Time to complete this Exercise: 20 minutes)

Bulk provisioning of accounts without ActiveRoles Server (commands executed directly against AD)

1. Within the ActiveRoles Management Shel for Active Directoryl (beta) window

Type: cls and press enter to clear the screen

2. Carefully type:

import-csv 'C:\provision1.csv' | %{new-qadUser -organizationalUnit '2k3.dom/Demo' -name ($_.'First Name' + '.' + $_.'Last Name') -samAccountName $_.'Logon name' -city $_.city -title $_.'Job title' -department $_.department}

then press enter.

A list of user accounts that were created is returned.

3. Restore the ActiveRoles Server Window.

4. Select the Demo OU and refresh the window by pressing [F5].

[pic]

Bulk provisioning of accounts leveraging provisioning policy of ActiveRoles Server

5. Expand the Configuration node and select Policy Objects.

[pic]

6. Double click the Demo Provisioning Policy to open it.

7. At the top of the Policy dialog, click the Policies tab.

[pic]

8. Double click the Controls Selection of Mailbox Store where Microsoft Exchange Mailbox is created Policy entry.

[pic]

9. At the top of the dialog box click the Allowed Mailbox Stores tab.

[pic]

10. Check the Store 3 (2k3dc1) mailbox store so that all three stores are selected.

[pic]

11. At the bottom of the dialog verify that By using the round-robin method option is selected then click OK.

[pic]

Note: During bulk creation of user accounts through ActiveRoles Server, the mailbox store for each new user will be automatically selected based on the next available store selected in this policy. This will distribute the newly created mailboxes over the three mail stores as long as Round-robin or the Containing Least Number of mailboxes option has been selected at the bottom of the dialog box

Add a new Policy to populate the Description attribute

12. In the Demo Provisioning Policy dialog box click Add.

13. Select Property Generation and Validation policy type then click Next.

[pic]

14. Click the Select button.

15. Select the Description attribute and click OK.

[pic]

16. On the bottom of the Add Provisioning Policy Wizard click Next.

17. Check the Description must be (generates default value) option.

[pic]

18. At the bottom of the wizard click the link

19. Type: Provisioned with PowerShell and ActiveRoles Server then click OK.

20. In the wizard click Next, then click Next then click Finish.

21. Click OK to close the Demo User Provisioning Policy dialog.

22. Select the Demo OU.

23. Minimize ActiveRoles Server.

24. In the ActiveRoles Management Shell for Active Directory (beta) window type:

Connect-QADService –proxy

then press enter.

25. Carefully type:

import-csv 'C:\provision2.csv' | %{new-qadUser -organizationalUnit '2k3.dom/Demo' -name ($_.'First Name' + '.' + $_.'Last Name') -samAccountName $_.'Logon name' -city $_.city -title $_.'Job title' -department $_.department}

and press enter.

26. Restore the ActiveRoles Server Window.

27. Press [F5] to refresh the view of the Demo OU

28. Change the size of the columns so that the Department and Exchange Mailbox Store columns are visible.

[pic]

29. Click the Display Name column so that the list is sorted showing the user accounts where the ActiveRoles provisioning policy generated a Display Name.

Important: It is important to recognize that not only was the Display name generated, but the account was enabled and the exchange mailbox distribution policy used Round-Robin to create mailboxes across several different mail stores. (Had this demo involved different Mail Servers the mailboxes could have also been distributed across the stores on those servers as well.

30. Double click Anke.Brittany and verify the description was generated.

[pic]

31. Close the user property dialog box.

Exercise 3

Tour the Automation features of ActiveRoles Server

(Estimated Time to complete this Exercise: 5 minutes)

32. In the configuration node expand Managed Units and Select the Marketing Managed Unit.

[pic]

Important: Managed Units are query based views or collections of objects that can be used to delegate control to day-to-day administrators or help desk staff without granting them control over more than is required.

33. In the configuration node expand Access Templates> Active Directory.

[pic]

34. Important: Access Templates are pre-defined or Administrator definable roles that make delegation of control easy within ActiveRoles Server.

Thank you for completing this lab.

................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download