Windows OS Hub
  • Windows Server
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2012
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Group Policies
  • Windows Clients
    • Windows 10
    • Windows 8
    • Windows 7
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
  • PowerShell
  • Exchange
  • Home
  • About

Windows OS Hub

  • Windows Server
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2012
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Group Policies
  • Windows Clients
    • Windows 10
    • Windows 8
    • Windows 7
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
  • PowerShell
  • Exchange

 Windows OS Hub / Active Directory / Deploy PowerShell Active Directory Module without Installing RSAT

March 13, 2020 Active DirectoryPowerShellWindows 10

Deploy PowerShell Active Directory Module without Installing RSAT

In one of the previous articles we showed how to use the Set-ADComputer cmdlet in a GPO logon script to save  the current logged in user info to the properties of each AD computer object. One of the commentators reasonably noted that to do it, you would have to install RSAT with Active Directory for Windows PowerShell on all user computers that may be time consuming. I decided to try and find out whether you can use the PowerShell ActiveDirectory Module cmdlets without installing RSAT on user computers. And I did it!

Suppose, we have a server running Windows Server 2012 R2, on which RSAT and RSAT-AD-PowerShell module are installed. Our task is to copy the RSAT-AD-PowerShell files to a user workstation and import them in order to run different AD module cmdlets. I deliberately use the computer running Windows 10 LTSC (based on 1809 build) as a workstation to show that earlier RSAT-AD-PowerShell versions are supported in newer OS versions.

First of all, let’s copy all AD module files from Windows Server 2012 R2 to Windows 10. Create a folder C:\PS\ADPoSh and copy all the contents of C:\Windows\System32\WindowsPowerShell\v1.0\Modules\ActiveDirectory to it.

Then copy the following files from C:\Windows\WinSxS folder:

  • Microsoft.ActiveDirectory.Management.dll
  • Microsoft.ActiveDirectory.Management.resources.dll
You can find these libraries by searching the WinSxS folder. In my example, the full paths in Windows Server 2012 R2 were as follows:

"C:\Windows\WinSxS\amd64_microsoft.activedirectory.management_31bf3856ad364e35_6.3.9600.16503_none_09aa35cd49da6068\Microsoft.ActiveDirectory.Management.dll"
"C:\Windows\WinSxS\amd64_microsoft.activedir..anagement.resources_31bf3856ad364e35_6.3.9600.16384_en-us_efefcf68718a71bc\Microsoft.ActiveDirectory.Management.resources.dll"

Microsoft.ActiveDirectory.Management.dll - copy active directory for powershell module files

Then copy the C:\PS\ADPoSh folder (in my case, its size was about 1.3MB) to a Windows 10 computer where RSAT AD module for Windows PowerShell is not installed.

Let’s try to import the copied Active Directory module to the current PowerShell session:

Import-Module "C:\PS\ADPoSh\Microsoft.ActiveDirectory.Management.dll"
Import-Module "C:\PS\ADPoSh\Microsoft.ActiveDirectory.Management.resources.dll"

Import-Module Microsoft.ActiveDirectory.Management.dll

The module has been successfully imported, and you can use any AD module cmdlet to manage and get information from your AD domain (e. g., Get-ADUser, Get-ADComputer, Get-ADGroup, etc.).

using get-aduser on windows 10 without installing rsat

If the error ‘Unable to contact the server. This may be because this server does not exist, it is currently down, or it does not have the Active Directory Web Services running‘ occurs, make sure that Active Directory Web Services (ADWS) on the closest domain controller is running and the TCP port 9389 is not blocked by firewall.

You can find a DC with ADWS role in your domain using the command:

Get-ADDomainController -Discover -Service “ADWS”

Get-ADDomainController discover Active Directory Web Services role

You can check the accessibility of the ADWS service using the Test-NetConnection cmdlet:

Test-NetConnection DC01 -port 9389

To run the cmdlets against the specific domain controller, use the –Server parameter:

Get-ADUser jbrion –server dc01.woshub.com

You can use the PowerShell AD module cmdlets till you close your PowerShell session. You can copy the AD module files to all domain computers using GPO.

6 comments
1
Facebook Twitter Google + Pinterest
previous post
How to Run Disk Cleanup (Cleanmgr.exe) on Windows Server 2016/2012 R2/2008 R2?
next post
Transferring/Seizing FSMO Roles to Another Domain Controller

Related Reading

How to Sign a PowerShell Script (PS1) with...

February 25, 2021

How to Shadow (Remote Control) a User’s RDP...

February 22, 2021

Configuring PowerShell Script Execution Policy

February 18, 2021

Configuring Proxy Settings on Windows Using Group Policy...

February 17, 2021

Updating Group Policy Settings on Windows Domain Computers

February 16, 2021

6 comments

Andrew March 23, 2020 - 8:17 am

Hi,
I tried this method but import of Microsoft.ActiveDirectory.Management.resources.dll always failed with error:

import-module : Could not load file or assembly ‘Microsoft.ActiveDirectory.Management.resources, Version=10.0.0.0,
Culture=en, PublicKeyToken=31bf3856ad364e35’ or one of its dependencies. Strong name validation failed. (Exception
from HRESULT: 0x8013141A)

I tried all x64 dll modules that was found in WinSXS but without success. Any idea what is wrong?

First module Microsoft.ActiveDirectory.Management.dll can be imported without problem.

Reply
Th March 28, 2020 - 2:04 pm

I have the same issue. Any luck so far?

Reply
admin March 31, 2020 - 9:00 am

List the files in your ADPoSh directory:
ls C:\ps\ADPoSh\
In my case the Microsoft.ActiveDirectory.Management.dll file size is about 1.1 Mb.

From which version of Windows did you copy the module files?

Reply
Mike July 31, 2020 - 10:33 pm

Has anyone solved this? I am seeing the same problem with the resources dll. The other one loads just fine

Reply
Viny May 17, 2020 - 2:15 pm

Thanks for sharing this article, This works fine but doesnt list all the properties. For example get-aduser abc -server DC -pr *

This should shows all properties. This doesnt work, please confirm if it works fine at your end.

Thanks again. Keep up the good work!

Reply
admin May 21, 2020 - 7:25 am

Yes, I confirm this problem.
You can try to list the available properties like this:
PS C:\Windows\System32> (get-aduser username -server 192.168.1.11 -Pr * -Credential woshub\admin).PropertyNames

Reply

Leave a Comment Cancel Reply

Categories

  • Active Directory
  • Group Policies
  • Exchange
  • Windows 10
  • Windows 8
  • Windows 7
  • Windows Server 2016
  • Windows Server 2012 R2
  • Windows Server 2008 R2
  • PowerShell
  • VMWare
  • MS Office

Recent Posts

  • How to Sign a PowerShell Script (PS1) with a Code Signing Certificate?

    February 25, 2021
  • Change the Default Port Number (TCP/1433) for a MS SQL Server Instance

    February 24, 2021
  • How to Shadow (Remote Control) a User’s RDP session on RDS Windows Server 2016/2019?

    February 22, 2021
  • Configuring PowerShell Script Execution Policy

    February 18, 2021
  • Configuring Proxy Settings on Windows Using Group Policy Preferences

    February 17, 2021
  • Updating Group Policy Settings on Windows Domain Computers

    February 16, 2021
  • Managing Administrative Shares (Admin$, IPC$, C$, D$) in Windows 10

    February 11, 2021
  • Packet Monitor (PktMon) – Built-in Packet Sniffer in Windows 10

    February 10, 2021
  • Fixing “Winload.efi is Missing or Contains Errors” in Windows 10

    February 5, 2021
  • How to Move (Clone) Windows to a New Hard Drive (HDD/SSD)?

    February 4, 2021

Follow us

woshub.com
  • Facebook
  • Twitter
  • RSS
Popular Posts
  • How to Configure Google Chrome Using Group Policy ADMX Templates?
  • Allow RDP Access to Domain Controller for Non-admin Users
  • Get-ADUser: Getting Active Directory Users Info via PowerShell
  • Get-ADComputer: Find Computer Details in Active Directory with PowerShell
  • How to Find the Source of Account Lockouts in Active Directory domain?
  • Configuring Proxy Settings on Windows Using Group Policy Preferences
  • Changing Desktop Background Wallpaper in Windows through GPO
Footer Logo

@2014 - 2018 - Windows OS Hub. All about operating systems for sysadmins


Back To Top