Learning PowerShell: Hands-On with Active Directory, Networking, and More

[Registration Now Closed]

June 8-9, 2016 – Coronado (San Diego, CA); 9am-5pm each day
Coronado Community Center – 1845 Strand Way, Coronado, CA 92118
30% discount for MISAC members! $799 for MISAC members, $999 for non-members

Hotel Information

The following nearby hotels are recommended, though we do not have negotiated discounts with them:

There are also multiple hotels in “Hotel Circle” a little further out from the training site.

(Course Description provided by Mark Minasi)

Maybe you’ve heard that PowerShell’s useful, but haven’t had the time to look into it, or did look into it and found it dry. In this class, however, Mark Minasi takes a different approach to teaching PowerShell. This class isn’t about PowerShell, it’s about using some tools to get your work done easily and more quickly. It just happens that you’ll learn PowerShell in passing as you learn those tools!

Course Objectives

Why take this course? Several reasons:

  • If you’re administering an Active Directory, you probably have more and more things to look after, and less and less time to do it. The answer to the problem (other than just quitting and going back to school to become a lawyer like your mother told you to do) is automation:  Useful custom reports that get generated automatically and appear in your mailbox.  Short utilities that find problems in your AD and fix them. Knowledge of a bag of automate-able tools so easy to work with that you’ll never say, “aw, heck, why try to automate that, I can get it done in 20 minutes of clicking” again.
  • If you haven’t yet adopted an automation tool, it’s probably because your previous experience with automation tools is that they are (ahem) all too often arcane, spottily-documented, and feature steep learning curves. Mark Minasi–the author of the two-decade-spanning Mastering Windows Server series of books–knows that, as he’s been working with computer-based automation tools for a long time. Mark believes that PowerShell is, however, an exception, a tool that you can get familiar with in just one day. Furthermore, after that one day, you can use PowerShell to automate Active Directory even if you’re still running Server 2003.
  • You’re looking for hands-on experience with PowerShell.
  • You want to learn how to extend PowerShell with easy-to-build, useful “modules.”
  • In this course, you’ll mostly work with Active Directory and PowerShell, but we’ll take it further, covering networking and application (Office) control.
  • And okay, maybe there’s one more reason:  as Microsoft’s “gone PowerShell,” there are an increasing number of important Windows administration tasks that you simply can’t get done with anything but PowerShell.

Key Seminar Benefits

  • If you have “I really ought to learn PowerShell one of these days” on your things to do list, attending this seminar is the quickest and easiest way to accomplish that goal
  • See dozens of examples that illustrate PowerShell’s usefulness to admins
  • Learn the quick path to figuring out how to find the right PowerShell tool for the job (which is a pretty useful skill, given that there are over 2,000 PowerShell commands)
  • Know how to turn PowerShell commands (“cmdlets,” in PowerShell talk) into useful tools
  • Understand enough about .NET and COM “objects” to use PowerShell to explore and control them… and (for example) make your computer talk to you
  • Discover how to find AD accounts with particular problems using PowerShell
  • Apply your new PowerShell knowledge to server configuration and networking tasks
  • Find out how to use PowerShell on your AD whether you’re using Server 2003, Server 2012, or anything in-between
  • Create your own new PowerShell cmdlet in a simple PowerShell “module”
  • Build an AD report and tell Server to create it and email it to you every day
  • Use PowerShell to make your AD more consistent, which better prepares your AD to use 2012’s new claims-based file permissions
  • Quickly learn how to create, delete, undelete and modify user accounts with PowerShell
  • Understand PowerShell’s “pipeline,” the essential tool that lets you “glue” two or more cmdlets together to create a productive “one-liner”
  • Use PowerShell’s remote control tools to get more done in less time
  • Grasp how the ForEach and IF commands open the door to some truly flexible, powerful tools
  • Build simple scripts and make them modules
  • See how to use PowerShell to examine your network stack

Course Outline

1. PowerShell: the Value Proposition
It’s all well and good to promise increases in productivity, but let’s get specific: how exactly can PowerShell make your life easier?

  1. AD administration today
  2. Solving big AD problems, pre 2009:  VBScript and ADSI
  3. Contrasting PowerShell and one-liners versus VBScripts
  4. Sidebar:  PowerShell’s the only way, sometimes
  5. Examples of complex AD tasks that PowerShell can make simple

2. PowerShell Basics
Next, let’s see how to get PowerShell started and what it’s going to require on our systems.

  1. Starting up PowerShell
  2. Making it AD-smart with a module
  3. New security and port requirements for AD PowerShell:  AD Web Service overview
  4. Making PowerShell work on Server 2003 and 2008 (it’s built into 2008 R2 and later)
  5. Tasks that fit PowerShell well and those that don’t
  6. A “slow motion” look at a one-liner in action
  7. Deciphering PowerShell cmdlet names
  8. How to cheat at PowerShell
  9. Solving AD problems with PowerShell:  the “filter” and the “hammer”

3. Querying AD: Meet the First Tool
Much of AD administration involves finding troubled accounts, retrieving details about a particular account or just taking domain statistics. You do that with a query tool of some kind, and PowerShell’s basically got four such tools. One of those tools, “get-aduser,” will be our first order of business. Learning your first PowerShell cmdlet’s always the hardest, but get-aduser’s so useful you won’t notice.

  1. Get-aduser explained
  2. Learning any cmdlet with PowerShell help
  3. Help bafflegab:  parameters, parameter sets, and positional parameters
  4. PowerShell made GUI-ish with show-command
  5. Updating Powershell help
  6. Querying AD
  7. Shortening PowerShell’s long cmdlets
  8. Building useful queries easily
  9. Searching different parts of AD:  OUs, global catalog and other forests
  10. Interrogating get-aduser:  making PowerShell cough up more than just the default stuff
  11. An application:  finding users who haven’t logged on in X days

4. Side-Trip: Making PowerShell Tools
“Doing an AD query” is just another way of saying “generate the information you’d need for a cool report.” In this section, we pause from our AD focus and look at how to take any AD query and make it into a useful report with a bit of formatting and delivery.

  1. Formatting PowerShell output:  format-list, format-table, out-gridview
  2. Ordering things with the sort-object cmdlet
  3. Saving output to text for later use
  4. How to assemble a few simple commands into a simple “one-liner”
  5. Email your report with send-mailmessage
  6. Prettier one-liners:  a very, very basic PowerShell script
  7. Reference section: package up your cool new report tool in a simple PowerShell module

5. Navigating PowerShell: Nouns First!
One of PowerShell’s great strengths is that it’s a way to poke around the inside of Windows to uncover the kind of information that you sometimes need to get a job done and, better, PowerShell lets you then change and reconfigure that information to your liking. In this section, you’ll learn a simple but effective way to find your way around any part of Windows in this second short digression from our AD exploration.

  1. Understanding the structure of Windows:  objects
  2. Object pieces: members, properties, methods
  3. Exploring objects with PowerShell:  a “nouns-first” approach
  4. Nouns-first example:  figure out who hasn’t logged on in the longest time
  5. Put objects under the x-ray with get-member
  6. Object types:  .NET, COM, CIM overview
  7. Explore a second, “COM” object: speech

6. More Query: Search-ADAccount
Get-ADUser is a quite flexible tool, but that flexibility can sometimes lead to some quite lengthy cmdlets. That’s why the AD folks at Microsoft created a more-focused search tool, “Search-ADAccount.” We’ll continue our tour of PowerShell query cmdlets with Search-ADAccount.

  1. Meet Search-ADAccount
  2. Focus:  user lockouts, disabled accounts, expired passwords and more
  3. Interrogating Search-ADAccount:  laying more pipeline
  4. Probing the pipeline:  using “where” with get-aduser to do more than search-adaccount can do
  5. Avoid inefficient searches!  A look at some do’s and don’ts
  6. How to time a search to find out if it’s efficient or not

7. Query Finale:  Querying Groups and Dead Users: Get-ADGroup and Get-ADObject
By now, we’re almost ready to move beyond queries, but sometimes you’ll want to find, say, everyone in a group “X” that has criterion “Y.” In other cases, you might need to know what user accounts have been deleted. We’ll answer those questions with two more cmdlets.

  1. Finding a group’s members
  2. Answering the more interesting question: to what groups does this user belong?
  3. Cmdlets to create, modify and manage groups
  4. Dead users walking: get-adobject

8. Hammer Time: Changing AD User Objects with PowerShell Cmdlets
Thus far, we’ve only looked at AD user objects, but now, it’s time to touch. By now, you’ll have seen that “once you’ve learned your first PowerShell cmdlet, you’ve learned ’em all,” and you’ll be surprised at how quickly you’ll understand and employ the next bunch. Time to change, estrange and re-arrange some user accounts!

  1. Set-ADUser, the all-purpose account changing tool
  2. Understanding Set-ADUser syntax’s “hash tables,” something PowerShell uses a lot
  3. Single-purpose tools:  unlock-adaccount, disable-adaccount, enable-adaccount
  4. User management in groups with add-adgroupmember, remove-adgroupmember
  5. Password management with PowerShell
  6. AD user deletes with remove-aduser
  7. AD user undeletes with restore-adobject
  8. Tell PowerShell to stop asking you if you’re sure: putting the kibosh on “confirm”

9. Assembling Hammers and Filters to Create Powerful One-Liners
Now we know how to create filters, like “what users in the Engineers group have Sally Watkins as a manager?,” and hammers, like “disable this account,” “unlock this account,” or whatever. Now we’ll put them together to create useful tools like “find all of the users who haven’t logged on in 75 days and disable them” or “find all of the accounts in the Chicago office and make them change their passwords on their next logon” or the like.

  1. Filter review
  2. Hammer review
  3. Some prebuilt examples
  4. Your input:  what tools would you build?  How could this be useful?
  5. A plan to build your own tools
  6. Example:  bulk AD creation from a CSV file

10. Solving More Complex AD Problems with ForEach and IF
Now we’ve seen how to build some great automated tools, but their scope is just a little limited. We can fix that with another PowerShell tool — For Each.

  1. Task: cleaning up an active directory
  2. Where the pipeline fails
  3. The answer: ForEach
  4. ForEach versus simple pipeline work
  5. How to create a ForEach loop and how to make it work
  6. Example: making all display names consistent
  7. Adding a dimension: decision-making with the IF operator

11. Building Modules
With the big automation tools in hand, we’ll see how to build simple scripts and then how to make them official PowerShell modules.

  1. From one-liner to script
  2. Basic script pieces
  3. Running scripts
  4. Understanding basic modules

12. Beyond AD
PowerShell opens the door to automating far more than AD. In our last section, we’ll look at two other apt PowerShell targets

  1. Server 2012 and Windows 8 networking cmdlets
  2. Simple application: an ipconfig replacement
  3. Taming a tool that doesn’t understand PowerShell:  Outlook
  4. Connecting to Outlook
  5. Choosing folders
  6. Controlling events
  7. Dealing with attachments
  8. Next steps

How Class Hands-On Works

You’ll run the exercises on your computer, running a VMWare Server 2012 virtual machine supplied by your instructor. You’ll need a laptop with at least 8 GB of RAM, a 64-bit processor that supports hardware virtualization — we recommend i3 minimum — and at least one USB 3.0 connector.

Course Materials and Course Format

The class works from PowerPoint presentations and hands-on exercises.  Every attendee gets a printed copy of the PowerPoints.  You’ll see PowerShell run through its paces in a series of interesting and explanatory demonstrations, then try them out for yourself.

Comments From Past Mark Minasi PowerShell Courses

  • “You got me started with PowerShell and in the past six months I’ve automated over a dozen processes at the Fortune 500 where I work. You’ve made me a hero… thanks!”
  • The last time I came to one of your classes, the PowerShell you taught me got me a new position at work. Can’t wait to see the results this time!
  • You’ve inspired me to learn more PowerShell! There is a LOT of it in 2012.
  • Mark, you are very good at what you do. Keep it up!
  • Although this wasn’t actually a PowerShell class, well, I’ve been to a multi-day PowerShell class, and you know what? That instructor was good… but you’re better!

(Back to top)