Using Quest Active Directory Cmdlets for PowerShell

Quest Software offered a free collection of cmdlets to simplify Active Directory interaction almost ten years ago. This suite of cmdlets gives you a lot of flexibility when it comes to handling Active Directory objects, ACLs, passwords, and security.

Quest Active Directory cmdlets were free up until version 1.5.1. Dell later purchased Quest and began selling licenses for the newer versions. The software was later renamed Active Roles, and it may be downloaded at The majority of administrators, on the other hand, are familiar with this PowerShell module as Quest Active Directory Cmdlets for Powershell.

Despite the fact that the Active Roles module is not available for free on the official website, an archive with the old free version of QAD cmdlets (1.5.1) – Quest ActiveRolesManagementShellforActiveDirectoryx64 151.msi – is easily found on the Internet.

We’ll look at how to install and use the Quest Active Directory module Cmdlets for Powershell to administer the AD domain in this article.

You must have to install the PoSh module on your computer.

Installed the Net Framework 3.5 framework. Running the MSI file and following the installer’s instructions is all that is required to install the module.

After the installation is completed, you need to import the module into the PoSh session with the command:

Add-PSSnapin Quest.ActiveRoles.ADManagement

You can display the list of available cmdlets for the Quest module with the command:

get-command *qad*

An example of cmdlets from a module:

First of all, let’s connect to the domain controller:

$pwd = read-host "Enter domain user password" -AsSecureString
Connect-QADService -service '' -ConnectionAccount 'solutionviews\user1' -ConnectionPassword $pwd

List the users and computers accounts in the domain:


You can get information about a certain user and AD parameter. Format-List is required to display all the received properties:

Get-QADUser -Name JKelly -IncludeAllProperties | Format-List *

Let’s check if the user account is disabled:

(Get-QADUSer -Name "JKelly").AccountIsDisabled

You can also get a list of accounts in the group and save it to a csv file:

(Get-QADGroup "Domain Admins").members | Get-MemberName | Export-Csv "C:\PS\AdminGroupMembers.csv"

For example, create a new user account:

New-QADUser -name 'TJones' -ParentContainer 'OU=Users,OU=USA,DC=solutionviews,DC=com' -UserPassword ‘P@ssw0rd!!’

Now let’s list the users who have not registered in the domain within 2 months and save the list to the HTML file:

$2months = (Get-Date).AddMonths(-2)
Get-QADUser -IncludedProperties LastLogon | where { $_.lastLogon -le
$2months} | Select DisplayName, LastLogon, AccountIsDisabled | ?{-not
$_.AccountIsDisabled} | ConvertTo-Html | Out-File c:\ps\inactiveusers.html

Accordingly, to disable, enable or unlock you can use: Disable-QADUser, Enable-QADUser and Unlock-QADUser. Cmdlets starting with Set are used to set and change parameters, they are often used in scripts.

Get-QADUser -Department Sales | Set-QADUser -ObjectAttributes @{"Department"="New Sales";"Description"="Sales dept"}

Disable all accounts that were not registered within 2 months:

Get-QADUser -IncludedProperties LastLogon | where { $_.lastLogon -le $2months} | where {-not $_.AccountIsDisabled} | Disable-QADUser

Of course, there is a significant disadvantage to Quest AD: this module is not part of the OS and is not supported by Microsoft; therefore, it is necessary to install the right provider in order for it to function. These cmdlets were supplied by Quest before Microsoft produced their own ActiveDirectory module for Windows PowerShell, which was introduced in Windows Server 2008 R2/Windows 7. Because most of the functionality accessible in Quest AD cmdlets is now also available in the Active Directory module for Windows, Quest AD cmdlets are becoming increasingly obsolete.

Leave a Reply

Your email address will not be published. Required fields are marked *

Enter Captcha Here :