Friday, June 11, 2010

Windows PowerShell

The Windows Powershell from Microsoft is a free extensible automation engine from Microsoft, consisting of a command-line shell and associated scripting language.

It is an automation engine that relies on the Microsoft .NET Framework and involves the execution of cmdlets which are basically speicialized .NET classes which implement specific operations.

It can however be used to perform a variety of functions on the Windows Platform. It can also be used to query data from Active Directory and to perform common day-to-day aspects of AD management.

One advantge of using Powershell is that it makes it easy for IT admins to derive greater value out of their efforts in scripting so they can automate (at least parts of) common day-to-day IT management and reporting tasks. It also lets IT admins leverage the work of other admins as these scripts can be shared with the community.

The disadvantage of PowerShell is that it relies largely on the development of scripts and even though it makes it easier to derive greater value from scripts, it certainly leaves the possibility of human error. It also takes additional effort to generate reports that are in a presentable fashion and decent enough for submission for any audit or as regulatory compliance evidence.


  1. Hi Jesse,

    I happened to come across your blog, so thought I'd leave a note.

    I've been wanting to blog for a while now, and have a little blog of my own as well over as Active Directory Forestry, but I just can't seem to find the time.

    We've been very busy helping clients understand how to analyze and audit security permissions in Active Directory because it is so important to Active Directory security.

    We came across a valuable Active Directory Audit Tool and its been very helpful as we perform many an Active Directory Audit for our clients. Thought I mention it.

    If you have some time, do stop by. I would love to hear from you.


  2. Hi Jesse,

    I think of Active Directory Security as being critical to business these days and Active Directory Auditing is very important.

    Personally, I've found that the need to audit what is being audited in Active Directory is equally important as well.

    I recently came across a cool Active Directory ACL Export/Dump Tool and have been using it for these audits.

    I thought you might find my experience with How to audit / find out what is being audited in Active Directory helpful so thought of sharing it with you.


  3. Nice blog. I put together a high-level list of what to audit in Active Directory, and thought I wold share it with you.