Hello it’s LaNae again. Now that Windows 2008 R2 is available we get to use the coolness of PowerShell with AD LDS. When you install the AD LDS role on a Windows 2008 R2 server it will also install the AD PowerShell module.

Unfortunately the documentation in the help files for each cmdlet does not give an example of what the syntax would be for AD LDS. You can find a list of the cmdlets in the “What’s New in AD DS: Active Directory Module for Windows PowerShell” located at


Active Directory Cmdlets used with AD LDS

Below you will find a list of Active Directory cmdlets as well as the syntax that can be used to manage AD LDS instances.

Enable-ADOptionalFeature: Enable an optional feature.

Example: Enable-ADOptionalFeature “Recycle Bin Feature” –server servername:port –scope ForestorConfigurationSet –target “CN=Configuration,CN={GUID}”

Get-ADObject: Gets one or more AD LDS objects.

Example: Get-ADObject -filter ‘objectclass -eq "user"’ -searchbase 'partition DN' -server servername:port - properties DistinguishedName | FT Name, DistinguishedName –A


Get-ADOrganizationalUnit: Gets one or more AD LDS OUs

Example: Get-ADOrganizationalUnit -Filter {Name -Like '*'} -searchbase "partition DN" -server 'servername:port' - AuthType Negotiate | FT Name, DistinguishedName –A


Get-ADUser: Gets one or more AD LDS users

Example: Get-ADUser -Filter 'Name -like "*"' -searchbase "partition DN” -server 'servername:port'


Get-ADGroup: Gets one or more AD LDS groups

Example: Get-ADGroup' -Filter 'Name -like "*"' -searchbase "DN of partition to search" -server 'servername:port'


Get-ADGroupMember: Gets the members of an AD LDS group

Example: Get-ADGroupMember -identity 'DN of group' -server 'servername:port' -partition "DN of partition where group resides" | FT Name,DistinguishedName -A


New-ADGroup: Creates a new AD LDS group

Example: New-ADGroup -Name "groupname" -server 'servername:port' -GroupCategory Security -GroupScope Global -DisplayName "group display name" -path "DN where new group will reside"


New-ADUser: Creates a new AD LDS user

Example: New-ADUser -name "username" -Displayname "Display Name" -server 'servername:port' -path "DN of where the new user will reside"


ADD-ADGroupMember: Adds an AD LDS user to a group

Example: Add-ADGroupMember -identity "DN of group" -member "DN of user" -partition "DN of partition where group resides"


New-ADOrganizationalUnit: Creates a new AD LDS OU

Example: New-ADOrganizationalUnit -name "OU Name" -server 'servername:port' -path "DN of OU location"


Remove-ADGroup: Removes an AD LDS group

Example: Remove-ADGroup 'SID of Group' -server 'servername:portnumber' -partition "partition where group resides"


Remove-ADGroupMember: Removes an AD LDS user from a group.

Example: Remove-ADGroupMember -identity "DN of group" -member "DN of user" -server 'servername:port' -partition "DN of partition where group resides"


Remove-ADOrganizationalUnit: Deletes an OU in AD LDS

Example: Remove-ADOrganizationalUnit -identity "DN of OU" -recursive -server 'servername:port' -partition "DN of partition where OU resides"


Remove-ADUser: Deletes a user from AD LDS

Example: Remove-ADUser -identity "DN of user" -server 'servername:port' -partition "DN of partition where user resides"


-LaNae Wade