The very first Active Directory (AD) instance I set up was based on Windows Server 2003. It is a completely different approach from today's AD installations. In Windows Server 2003, there were a lot of prerequisites tasks, such as installing a DNS role, setting up DNS zones, adding the domain prefix, and so on. Even these tasks are directly related to Active Directory Domain Services (AD DS), and I had to configure them separately prior to running the DCPORMO.exe command. But today, the AD installation process is very straightforward. With basic knowledge and resources, anyone can get the domain controller installed with a few clicks. Not only AD DS, Microsoft has made server role installations and configurations easy over the years. The main reason behind all these enhancements was to save time for engineers. Not only installations and configuration, repetitive tasks in infrastructure also take a majority of an engineer's time. In order to save time on repetitive administrative tasks, people started looking at automation technologies. In earlier days, we used DOS commands, VBScripts, and batch files to automate administrative tasks. But there were problems with that. Applications, server roles, and services had limitations on working with these automation technologies. Not every function available in the GUI supported the usage of commands or scripts. This lack of support and lack of flexibility was holding back engineers from automating tasks.

To bring automation to the next level, Microsoft promised to release a more flexible, more powerful, more integrated scripting language. PowerShell 1.0 was the initial release and was available to the public from November 2006. During the last decade, there have been a few versions released and now at version 5, it is arguably the most powerful scripting language on Windows systems. As with any other server role, AD DS also fully supported being managed via PowerShell. From the beginning of this book, I used PowerShell to install, configure, and manage AD DS roles. In this chapter, I will explain how we can use PowerShell to further improve the AD DS environment management.

The cmdlets and scripts used in this chapter were written and tested on an environment that has the following:

• Windows Server 2016
• AD domain and forest functional level set to Windows Server 2016
• PowerShell 5.0 (https://msdn.microsoft.com/en-us/powershell/scripting/whats-new/what-s-new-in-windows-powershell-50)

Therefore some of these are not supported on an environment that has older PowerShell versions and domain, forest functional levels.

In this chapter, we will cover the following topics:

• PowerShell scripts and commands that can be used to manage AD objects
• PowerShell scripts and commands that can be used to manage and troubleshoot AD replication
• Implementation and configuration guide for Just Enough Administration (JEA)