Accessing information stored in Active Directory

The Centrify Access Module for PowerShell cmdlets connect to Active Directory to access all of the Centrify-specific information stored there. You can, therefore, write PowerShell scripts to automate procedures that you would otherwise have to perform using Access Manager.

The cmdlets rely on the underlying interfaces provided by Microsoft Active Directory Service Interfaces (ADSI) and the Centrify Windows API. The ADSI layer provides low‑level functions that permit applications to read and write data in Active Directory. The cmdlets provide a task and object-based level of abstraction for retrieving and manipulating Centrify-specific information so that you do not need to know the details of how the data is stored or how to use any of the underlying ADSI functions directly.

The following figure illustrates how the Centrify Access Module for PowerShell provides a layer of abstraction between the data stored in Active Directory and your scripting environment.

The Active Directory schema defines how all of the objects and attributes in the database are stored. When you add Centrify objects to the Active Directory database, how that data is stored depends on the Active Directory schema you have installed. The Centrify Access Module for PowerShell, however, provides a logical view of the data, eliminating the need to know the details of how data is stored in different schemas when performing common administrative tasks. The cmdlets also provide a simple and Centrify-focused method for accessing UNIX objects that must be operated on.

Using the cmdlets, you can write scripts that automatically create and manage zones or update user, group, or computer properties. In most cases, the cmdlets enable you to perform exactly the same tasks from the command line that you would otherwise perform interactively using Access Manager.