Contact Commands

Directory Manager provides the following cmdlets to perform contact-related tasks, such as:

• Get-Contact – Retrieves a contact that matches the given criteria.
• New-Contact – Creates a new contact.
• Remove-Contact – Removes a contact from the directory.
• Set-Contact – Modifies a contact in the directory.

Dynasty Commands

This section covers the following cmdlets for managing Dynasties.

• New-Dynasty – Creates a new Dynasty.
• Set-Dynasty – Modifies a Dynasty or its children.

General Commands

You can use the following Management Shell cmdlets to perform tasks such as:

• Get-Computer – Provides information about a computer object.
• Get-ConnectedStoreInformation – Provides information about the connected identity store.
• Get-ConnectedUser – Provides information about the connected user.
• Get-GroupIdInformation – Provides information about GroupID.
• Get-ImanamiCommand – Provides basic information about GroupID Management Shell cmdlets.
• Get-ReplicationStatus – Provides the replication status of objects in an identity store.
• Get-TombStoneObject – Displays information about tombstone objects.
• Invoke-Replication – Starts the replication process for all the identity stores or for a specific identity store.
• New-Container – Creates a new organizational unit.
• Remove-Container – Removes an empty organizational unit.
• Restore-TombStoneObject – Restores tombstone objects from the directory.
• Send-Notification – Sends notifications to a group or a user.

Identity Store Commands

This section covers cmdlets for performing identity store-related tasks such as:

• Clear-MessagingServer – Removes a configured messaging server.
• Clear-Notifications – Removes notification settings of an identity store.
• Clear-SmtpServer – Removes a configured SMTP server of an identity store.
• Get-AvailableMessagingServers – Retrieves messaging servers for the configured messaging provider.
• Get-Client – Lists information about the Directory Manager clients.
• Get-IdentityStore – Retrieves information about an identity store.
• Get-IdentityStoreRoles – Retrieves information about the security roles in an identity store
• Get-LogSettings – Provides information about the global log settings of an identity store.
• Get-RolePermissionNames – Lists the permissions assigned to the logged-in user.
• Get-SchemaAttributes – Lists schema attributes available for an identity store.
• Get-SmsGateways – Provides information of the configured SMS gateways.
• Get-UserRole – Displays role information of a user in an identity store.
• New-IdentityStore – Creates a new identity store.
• Remove-IdentityStore – Removes an identity store from Directory Manager.
• Send-TestNotification – Sends a test notification.
• Set-IdentityStore – Modifies an identity store configuration.
• Set-IdentityStoreRole – Modifies properties of a security role in an identity store.
• Set-MessagingServer – Configures a messaging server in an identity store.
• Set-Notifications – Modifies notification settings of an identity store.
• Set-SmtpServer – Configures an SMTP server of an identity store.

See Also

• Directory Manager Management Shell
• All Commands
• Parameters

Identity Store Connection Commands

This section covers cmdlets for establishing a connection with an identity store.

• Connect-IdentityStore – Connects to an identity store using the authentication mode mentioned.
• Get-Token – Gets a token from the Directory Manager Security service.

Mailbox Commands

This section covers cmdlets for performing mailbox-specific tasks such as:

• Get-Mailbox – Retrieves a mailbox.
• New-Mailbox – Creates a new mailbox.
• Remove-Mailbox – Deletes a mailbox.
• Set-Mailbox – Modifies a mailbox.

Mail-Enable/Disable Groups Commands

This section covers cmdlets for enabling and disabling groups for email.

• Disable-DistributionGroup – disables a group's email capability.
• Enable-DistributionGroup – enable a group's email capability.

Membership Commands

This section covers cmdlets for managing the memberships of both managed and unmanaged groups.

• Add-GroupMember – adds objects to the membership of a group.
• Get-GroupMember – retrieves members of a group.
• Get-Object – retrieves objects.
• Remove-GroupMember – removes recipients from a group's membership.
• Set-Object – modifies an object.

Directory Manager Management Shell

Directory Manager Management Shell is a command-line interface for managing objects like users, contacts, mailboxes, groups, smart groups, dynasties and for performing other administrative tasks in an Active Directory and Microsoft Entra ID based identity stores.

Built with PowerShell Core technology, Directory Manager Management Shell provides a platform to perform many of the tasks you can perform with Directory Manager as well as tasks that the console does not support.

This documentation is a reference for the Directory Manager PowerShell commands. It provides detail on their function, syntax, parameters, and gives ready-to-use examples that you can modify and test in your own environment.

The documentation is intended for advanced users familiar with the use of the Windows Command prompt and PowerShell Core.

Identity Store-based Model

Directory Manager 11.1 has extensible identity store based model. It supports the following data stores for creating an identity store:

• Active Directory
• Microsoft Entra ID
• Generic LDAP
• Google Workspace

NOTE: The commandlets covered in this section are for Active Directory and Microsoft Entra ID based identity stores.

Access Directory Manager Management Shell

Before using Directory Manager Management Shell, you must connect it to an identity store.

Follow the steps to access Management Shell.

Step 1 – On the Windows Start menu, search for Directory ManagerManagement Shell 11.1. Click it to launch Directory Manager Management Shell 11.1.

Step 2 – On the Netwrix Netwrix Directory Manager Authenticate page, select an identity store to connect to.

NOTE: If your required identity store is not listed, contact the Directory Manager administrator.

Step 3 – In the Username and Password boxes, provide the user name and password of your identity store account and click Sign In.

NOTE: Click the Edit icon if you want to select another identity store to connect to.

The Management Shell window appears as follows:

It displays information about the connected identity store.

You can now run Directory Manager Management Shell commandlets.

Connect Directory Manager Management Shell Remotely

To enable remoting on a Directory Manager machine, the remote machine must have one of the following Operating Systems:

• Windows Server 2016 or 2019 or 2022
• Windows Server Nano (1809 or higher)
• Windows 11
• Windows 10 1607+

Windows network location of that machine must be Domain or Private ("Home" or "Work"). If the network location is Public, Directory Manager Management Shell cannot create the required firewall exception for WS-Management Communication.

The Windows Management Shell remoting features are supported by the WS-Management protocol and the Windows Remote Management (WinRM) service that implements WS-Management in Windows.

Also make sure the following is available at the remote machine:

• Windows Powershell 7.4.6
• Windows Remote Management 2.0

Follow the steps to enable remoting on a Directory Manager machine.

Step 1 – Click Start > Windows Powershell. Right-click Windows PowerShell and select Run as administrator.

Step 2 – At the command prompt, type:

enable-psremoting

NOTE: By default, on Windows Server 2016, Windows PowerShell remoting is enabled. Use this command to re-enable remoting on Windows Server 2016 if it becomes disabled.

You have to run this command only one time on each computer that will receive commands. You do not have to run it on computers that only send commands. Because the configuration starts listeners, it is prudent to run it only where it is needed.

To verify that remoting is configured correctly, run a test command:

new-PSSession –ComputerName <computer name>

This command creates a remote session on the local computer and returns an object that represents the session. The output should look as shown in the following snapshot:

Access Directory Manager Management Shell Remotely

Log on to the machine through which you want to remotely access the Directory Manager Management Shell and perform the following steps:

Step 1 – Right-click Start > PowerShell 7.4.6 using the Run as Administrator command to open it with Administrator privileges.

Step 2 – At the prompt, type the following script. It will display the new session created for the remote machine.

$username = "domain\username"
$pass = ConvertTo-SecureString "user password" -AsPlainText -Force
$Cred = New-Object System.Management.Automation.PSCredential ($username, $pass)
$s = New-PSSession -ComputerName "machine name" -Credential $Cred -ConfigurationName PowerShell.7
Invoke-Command -Session $s -ScriptBlock {$srcu = [reflection.assembly]::LoadFrom('C:\Program Files\PowerShell\7\System.Windows.Forms.dll'); $OnAssemblyResolve = [System.ResolveEventHandler] { param($sender, $e) if ($e.Name -like "System.Windows.Forms, Version=*") { return $srcu }return $null;};[System.AppDomain]::CurrentDomain.add_AssemblyResolve($OnAssemblyResolve);$reg=Get-ItemProperty -Path HKLM:SOFTWARE\Microsoft\PowerShell\1\PowerShellSnapIns\Imanami.Groups.Management.PowerShell.Admin11; $appbase=$reg.ApplicationBase;Import-Module -Name $appbase\directorymanagerManagementShell\bin\Imanami.directorymanager.Management.dll;Set-ModulePath -ModulePath $appbase\GroupIDManagementShell\bin}
Import-PSSession -Session $s -Type cmdlet -AllowClobber
Connect-IdentityStore -mode "2" -IdentityStoreID "identity store id" -Credential $Cred

Following line of the above script connects the current user to the identity store (having ID 1).

Connect-IdentityStore -mode "2" -IdentityStoreID "1" -Credential $Cred

Follow the steps to get the identity store ID from Directory Manager SQL database in which the desired identity store exists:

1. Login to SQL server (having Directory Manager database) with account having read permissions.

2. View the table “Svc.Identitystore” top 100 rows. See the following snapshot for details:

   

Once the script has run, a remote session will be created. You can now run all Directory Manager cmdlets through PowerShell 7.4.6 without the need of signing into the Directory Manager server.

Scheduling Commands

This section covers the cmdlets that perform scheduling-related operations.

• Get-Schedule – retrieves scheduled jobs.
• Get-TargetSchedules – retrieves the scheduled jobs operating on a group or OU.
• Invoke-Schedule – executes a scheduled job.
• New-Schedule – creates a new schedule.
• Remove-Schedule – removes a schedule from an identity store.
• Set-Schedule – modifies a schedule.
• Stop-Schedule – stops a running schedule.

Smart Group Commands

This section covers cmdlets for managing Smart Groups.

• ConvertTo-StaticGroup – Converts a Smart Group or a Dynasty to a static group.
• Get-SmartGroup – Retrieves Smart Groups and Dynasties that match the given criteria.
• New-SmartGroup – Creates a new Smart Group (managed group) in the directory.
• Set-SmartGroup – Modifies a Smart Group in the directory.
• Update-Group – Modifies the membership of a Smart Group or Dynasty according to the results returned by the LDAP query.
• Upgrade-Group – Upgrades managed (Smart Groups and Dynasties) and non-managed groups from GroupID 9 and 10 to GroupID 11.

User Lifecycle Commands

This section covers the cmdlets for performing user lifecycle tasks such as:

• Extend-User – Activates a user account for a specific number of days
• Get-Status – Provides the status of a user as per the profile validation criteria.
• Reinstate-User – Activates or disables a user.
• Terminate-DirectReports – Terminates direct reports of a user.
• Transfer-DirectReports – Transfers direct reports of a user.