Using Quest Active Directory Cmdlets for PowerShell

Almost 10 years ago Quest Software released a free set of cmdlets to simplify interaction with Active Directory. This set of cmdlets provides quite flexible options for administering Active Directory, managing AD objects, AD ACLs, password settings, and security.

Up to version 1.5.1 Quest Active Directory cmdlets were provided for free. Later, Dell acquired the Quest company and began selling licenses for the later versions. Later, the product was renamed to Active Roles and you can download it here: However, the majority of administrators know this PowerShell module as Quest Active Directory Cmdlets for Powershell.

Despite the fact that you can’t download the Active Roles module from the official website for free, it’s easy to find an archive with the old free version of QAD cmdlets (1.5.1) on the Internet – Quest_ActiveRolesManagementShellforActiveDirectoryx64_151.msi.

In this article we’ll take a look at the installation and usage of the Quest Active Directory module Cmdlets for Powershell to administer the AD domain.


To install this PoSh module on your computer, you must have .Net Framework 3.5 installed. Installing the module is quite simple – run the MSI file and follow the instructions of the installer.


After the installation is completed, you need to import the module into the PoSh session with the command:

Add-PSSnapin Quest.ActiveRoles.ADManagement

You can display the list of available cmdlets for the Quest module with the command:

get-command *qad*

quest ad cmdlets

An example of cmdlets from a module:

  • Get-QADUser
  • Set-QADUser
  • New-QADUser
  • New-QADGroup
  • Add-QADGroupMember
  • Remove-QADGroupMember
  • Connect-QADService
  • Disconnect-QADService

First of all, let’s connect to the domain controller:

$pwd = read-host "Enter domain user password" -AsSecureString

Connect-QADService -service '' -ConnectionAccount 'theitbros\user1' -ConnectionPassword $pwd

List the users and computers accounts in the domain:



quest powershell

You can get the information about a certain user and AD parameter. Format-List is required to display all the received properties:

Get-QADUser -Name JKelly -IncludeAllProperties | Format-List *

Let’s check if the user account is disabled:

(Get-QADUSer -Name "JKelly").AccountIsDisabled

You can also get a list of accounts in the group and save it to a csv file:

(Get-QADGroup "Domain Admins").members | Get-MemberName | Export-Csv "C:\PS\AdminGroupMembers.csv"

For example, create a new user account:

New-QADUser -name 'TJones' -ParentContainer 'OU=Users,OU=USA,DC=theitbros,DC=com' -UserPassword ‘P@ssw0rd!!’

Now let’s list the users who have not registered in the domain within 2 months and save the list to the HTML file:

$2months = (Get-Date).AddMonths(-2)
Get-QADUser -IncludedProperties LastLogon | where { $_.lastLogon -le
$2months} | Select DisplayName, LastLogon, AccountIsDisabled | ?{-not
$_.AccountIsDisabled} | ConvertTo-Html | Out-File c:\ps\inactiveusers.html

Accordingly, to disable, enable or unlock you can use: Disable-QADUser, Enable-QADUser and Unlock-QADUser. Cmdlets starting with Set are used to set and change parameters, they are often used in scripts.

Get-QADUser -Department Sales | Set-QADUser -ObjectAttributes @{"Department"="New Sales";"Description"="Sales dept"}

Disable all accounts that were not registered within 2 months:

Get-QADUser -IncludedProperties LastLogon | where { $_.lastLogon -le $2months} | where {-not $_.AccountIsDisabled} | Disable-QADUser

Of course, in Quest AD there is a big drawback: this module is not a part of the OS and is not supported by Microsoft, for its operation it is necessary to install the appropriate provider. These cmdlets were released by Quest before Microsoft had its own module for interacting with the AD – ActiveDirectory module for Windows PowerShell, which was introduced in Windows Server 2008 R2/Windows 7. Most of the functionality available in Quest AD cmdlets is now also available in the Active Directory module for Windows, so Quest AD cmdlets are used less and less.

I enjoy technology and developing websites. Since 2012 I'm running a few of my own websites, and share useful content on gadgets, PC administration and website promotion.
Latest posts by Cyril Kardashevsky (see all)

One comment

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.