How to install AD DS and create forest via PS?

Here is another small tip to create a new forest on a clean Windows Server 2012 R2, it installs AD DS, DNS and necessary administrative tools, and creates your forest, DNS entries etc.

Import-Module ServerManager
Install-WindowsFeature AD-Domain-Services
Import-Module ADDSDeployment
Install-ADDSForest -DomainName lab.infralib.com -DomainNetbiosName lab -SafeModeAdministratorPassword (ConvertTo-SecureString -String "YourPasswordHere" -AsPlainText -Force) -NoDnsOnNetwork -InstallDns -DomainMode Win2008R2 -ForestMode Win2008R2 -NoRebootOnCompletion -Confirm:$false
Add-WindowsFeature RSAT-AD-Tools
Restart-Computer

Very useful information about AD DS Deployment Cmdlets can be found at http://technet.microsoft.com/en-us/library/hh974720.aspx / http://technet.microsoft.com/en-us/library/hh472162.aspx

WDS Auto-Add ve AD'de Prestaging verilerini temizlemek

WDS Auto-Add veritabanini temizlemek
WDS Auto-Add veritabanindaki onaylanmis bilgisayarlari her 30 gunde bir temizler. Isterseniz bu sureyi WDSUTIL /Set-Server /AutoAddPolicy /RetentionPeriod /Approved:Days komutu ile degistirebilirsiniz.  (http://technet.microsoft.com/en-us/library/cc754289(WS.10).aspx)

Ornegin 7 gune ayarlamak icin :
WDSUTIL /Set-Server /AutoAddPolicy /RetentionPeriod /Approved:7

Eger isterseniz  wdsutil /delete-AutoAddDevices /DeviceType:ApprovedDevices komutu ule tum onaylanmis bilgisayarlari Auto-Add veritabanindan temizleyebilirsiniz.  (http://technet.microsoft.com/en-us/library/cc770832(WS.10).aspx).

Ancak WDS Auto-Add veritabaninda yapilan temizlik Active Directory'deki bilgisayar hesabinda bulunan RemoteInstall/NetBootGUID degerini temizlemez, degeri elle silebilirsiniz.

AD'deki prestaging verilerini temizlemek
Eger prestaged bilgisayarlara ait RemoteInstall/GUID degerlerini Active Directory'den temizlemek isterseniz asagidaki powershell komutlarindan yararlanabilirsiniz. Kendim bu ihtiyacimi giderirken uzerinden gectigim adimlari oldugu gibi paylasiyorum, kavranmasini kolaylastiracagini umuyorum.

Bir bilgisayarin NetbootGUID degerini gormek icin

Get-ADComputer -Identity ComputerName -Properties NetbootGuid

Bir bilgisayarin NetbootGUID degerini temizlemek icin

Set-ADComputer -Identity ComputerName -clear NetbootGUID

Tum bilgisayarlarin NetboodGUID degerlerini gormek icin

Get-ADComputer -Filter {NetbootGUID -like "*"} -Properties NetbootGUID

Tum bilgisayarlarin NetboodGUID degerlerini ek degerlerle listelemek icin

Get-ADComputer -Filter {NetbootGUID -like "*"} -Properties NetbootGUID,created | Format-List -Property name,distinguishedName,created,NetbootGUID

Yaratilma degeri bir haftadan eski ve NetbootGUID degerine sahip tum bilgisayarlari listelemek icin

Get-ADComputer -Filter {NetbootGUID -like "*"} -Properties NetbootGUID,Created | ? {$_.Created -le ((get-date).addDays(-7))} | Format-List -Property name,distinguishedName,created,NetbootGUID

Yaratilma degeri bir haftadan eski ve NetbootGUID degerine sahip tum bilgisayarlara ait NetbootGUID degerini temizlemek

Get-ADComputer -Filter {NetbootGUID -like "*"} -Properties name,NetbootGUID,Created | ? {$_.Created -le ((get-date).addDays(-7))} | Set-ADComputer -clear NetbootGUID

Yaratilma degeri bir haftadan eski ve NetbootGUID degerine sahip tum bilgisayarlara ait NetbootGUID degerini temizlemek (Daha kisa  : Created degerini almamiz yeterli tarih denklemi icin.)

Get-ADComputer -Filter {NetbootGUID -like "*"} -Properties Created | ? {$_.Created -le ((get-date).addDays(-7))} | Set-ADComputer -clear NetbootGUID

Komutlar hakkinda daha fazla bilgi icin
Set-ADComputer : http://technet.microsoft.com/en-us/library/ee617263.aspx
Get-ADComputer : http://technet.microsoft.com/en-us/library/ee617192.aspx

Purging WDS database and clearing prestaging values from AD computers

Purging Auto-Add Database in WDS WDS purges approved computers from Auto-Add database every 30 days by default.
You can also change the retention period for approved computers record by running WDSUTIL /Set-Server /AutoAddPolicy /RetentionPeriod /Approved:Days command. (http://technet.microsoft.com/en-us/library/cc754289(WS.10).aspx)

To change the length of time approved computers are held in the Auto-Add database to 7 days.
WDSUTIL /Set-Server /AutoAddPolicy /RetentionPeriod /Approved:7

If you wan't to manually purge approved computers in Auto-Add database you can run wdsutil /delete-AutoAddDevices /DeviceType:ApprovedDevices command, or to delete all (approved, pending, rejected) you can visit this URL (http://technet.microsoft.com/en-us/library/cc770832(WS.10).aspx).

But this process doesn't clear computer's RemoteInstall/NetBootGUID property from Active Directory, so you might need to clear this value in AD.
Clear prestaging data in AD
If you also need to clear RemoteInstall GUID property from all prestaged machines in AD as WDSUtil only clears it's own Auto-Add database, you can use powershell commands below to do that.

• To see a computer's NetbootGUID
  

  Get-ADComputer -Identity ComputerName -Properties NetbootGuid

  
  


• To clear a computer's NetbootGUID
  

  Set-ADComputer -Identity ComputerName -clear NetbootGUID

  
  


• To list all computers have NetboodGUID value
  

  Get-ADComputer -Filter {NetbootGUID -like "*"} -Properties NetbootGUID

  
  


• To list all computers have NetboodGUID value by formatted output
  

  Get-ADComputer -Filter {NetbootGUID -like "*"} -Properties NetbootGUID,created | Format-List -Property name,distinguishedName,created,NetbootGUID

  
  


• To list all computers older than a week and have NetboodGUID value by formatted output
  

  Get-ADComputer -Filter {NetbootGUID -like "*"} -Properties NetbootGUID,Created | ? {$_.Created -le ((get-date).addDays(-7))} | Format-List -Property name,distinguishedName,created,NetbootGUID

  
  


• To clear NetbootGUID from all computers older than a week and have NetbootGUID value
  

  Get-ADComputer -Filter {NetbootGUID -like "*"} -Properties name,NetbootGUID,Created | ? {$_.Created -le ((get-date).addDays(-7))} | Set-ADComputer -clear NetbootGUID

  
  


• To clear NetbootGUID from all computers older than a week and have NetbootGUID value (Shorter : we only need Created property for date equation)
  

  Get-ADComputer -Filter {NetbootGUID -like "*"} -Properties Created | ? {$_.Created -le ((get-date).addDays(-7))} | Set-ADComputer -clear NetbootGUID

  
  

To get more detail about
Set-ADComputer : http://technet.microsoft.com/en-us/library/ee617263.aspx
Get-ADComputer : http://technet.microsoft.com/en-us/library/ee617192.aspx

Bir OU icindeki tum kullanicilarin sifresini degistirme

Active Directory niz de ki bir Organizational Unit icerisindeki tum kullanicilarin sifrelerini degistirmek istiyorsaniz bu islemi asagidaki scripti kullanarak rahatca yapabilirsiniz.
oContainer satirindaki LDAP adresini kendi OU nuzu gosterecek sekilde yapmayi unutmayiniz.

Ornegin domain adiniz firmam.com olsun Kullanicilar adinda bir OU nuz olsun ve bunun altinda Muhasebe adinda bir OU nuz var bu OU icindeki kullanicilarin sifrelerini degistirmek istiyorsunuz bu durumda asagidaki satiri "LDAP://OU=Muhasebe,OU=Kullanicilar,DC=Firmam,DC=com" seklinde degistirmeniz gerekecektir, deneme yapmaniz icin gecici bir OU ve icinde bir kullanici yaratip test etmenizi ayrica tavsiye ederim.

Dim oContainer
Set oContainer=GetObject("LDAP://OU=Ouname,DC=Domain,DC=com")
ModifyUsers oContainer
Set oContainer = Nothing
WScript.Echo "Finished"

Sub ModifyUsers(oObject)
Dim oUser
oObject.Filter = Array("user")
For Each oUser in oObject
oUser.SetPassword "YeniSifre1"
oUser.SetInfo
Next
End Sub