In one of the previous articles we showed how to use the Set-ADComputer cmdlet in a GPO logon script to save the current logged in user info to the properties of each AD computer object. One of the commentators reasonably noted that to do it, you would have to install RSAT with Active Directory for Windows PowerShell on all user computers that may be time consuming. I decided to try and find out whether you can use the PowerShell ActiveDirectory Module cmdlets without installing RSAT on user computers. And I did it!
Suppose, we have a server running Windows Server 2012 R2, on which RSAT and RSAT-AD-PowerShell module are installed. Our task is to copy the RSAT-AD-PowerShell files to a user workstation and import them in order to run different AD module cmdlets. I deliberately use the computer running Windows 10 LTSC (based on 1809 build) as a workstation to show that earlier RSAT-AD-PowerShell versions are supported in newer OS versions.
First of all, let’s copy all AD module files from Windows Server 2012 R2 to Windows 10. Create a folder C:\PS\ADPoSh and copy all the contents of C:\Windows\System32\WindowsPowerShell\v1.0\Modules\ActiveDirectory to it.
Then copy the following files from C:\Windows\WinSxS folder:
- Microsoft.ActiveDirectory.Management.dll
- Microsoft.ActiveDirectory.Management.resources.dll
"C:\Windows\WinSxS\amd64_microsoft.activedirectory.management_31bf3856ad364e35_6.3.9600.16503_none_09aa35cd49da6068\Microsoft.ActiveDirectory.Management.dll"
"C:\Windows\WinSxS\amd64_microsoft.activedir..anagement.resources_31bf3856ad364e35_6.3.9600.16384_en-us_efefcf68718a71bc\Microsoft.ActiveDirectory.Management.resources.dll"
Then copy the C:\PS\ADPoSh folder (in my case, its size was about 1.3MB) to a Windows 10 computer where RSAT AD module for Windows PowerShell is not installed.
Let’s try to import the copied Active Directory module to the current PowerShell session:
Import-Module "C:\PS\ADPoSh\Microsoft.ActiveDirectory.Management.dll"
Import-Module "C:\PS\ADPoSh\Microsoft.ActiveDirectory.Management.resources.dll"
The module has been successfully imported, and you can use any AD module cmdlet to manage and get information from your AD domain (e. g., Get-ADUser, Get-ADComputer, Get-ADGroup, etc.).
You can find a DC with ADWS role in your domain using the command:
Get-ADDomainController -Discover -Service “ADWS”
You can check the accessibility of the ADWS service using the Test-NetConnection cmdlet:
Test-NetConnection DC01 -port 9389
To run the cmdlets against the specific domain controller, use the –Server parameter:
Get-ADUser jbrion –server dc01.woshub.com
You can use the PowerShell AD module cmdlets till you close your PowerShell session. You can copy the AD module files to all domain computers using GPO.
15 comments
Hi,
I tried this method but import of Microsoft.ActiveDirectory.Management.resources.dll always failed with error:
import-module : Could not load file or assembly ‘Microsoft.ActiveDirectory.Management.resources, Version=10.0.0.0,
Culture=en, PublicKeyToken=31bf3856ad364e35’ or one of its dependencies. Strong name validation failed. (Exception
from HRESULT: 0x8013141A)
I tried all x64 dll modules that was found in WinSXS but without success. Any idea what is wrong?
First module Microsoft.ActiveDirectory.Management.dll can be imported without problem.
I have the same issue. Any luck so far?
List the files in your ADPoSh directory:
ls C:\ps\ADPoSh\
In my case the Microsoft.ActiveDirectory.Management.dll file size is about 1.1 Mb.
From which version of Windows did you copy the module files?
Has anyone solved this? I am seeing the same problem with the resources dll. The other one loads just fine
Thanks for sharing this article, This works fine but doesnt list all the properties. For example get-aduser abc -server DC -pr *
This should shows all properties. This doesnt work, please confirm if it works fine at your end.
Thanks again. Keep up the good work!
Yes, I confirm this problem.
You can try to list the available properties like this:
PS C:\Windows\System32> (get-aduser username -server 192.168.1.11 -Pr * -Credential woshub\admin).PropertyNamesDid you figure this out? I get all the PropertyNames I want, but none of the values. If I run on a machine where the RSAT is installed, I get the values just fine.
I know this post is old, but try this:
[System.Reflection.Assembly]::LoadFile(‘C:\\Microsoft.ActiveDirectory.Management.dll’)
[System.Reflection.Assembly]::LoadFile(‘C:\\Microsoft.ActiveDirectory.Management.resources.dll’)
Hmmm, between the “C:\” and the “\Microsoft…” there should have been a ” included, but it got stripped out somehow.
Wow, nevermind. Anyway, the the path has to be an absolute path to the file.
[System.Reflection.Assembly]::LoadFile(‘C:\absolute path to file\Microsoft.ActiveDirectory.Management.dll’)
[System.Reflection.Assembly]::LoadFile(‘C:\absolute path to file\Microsoft.ActiveDirectory.Management.resources.dll’)
I am still new to PS, so I am wondering what this does? I have the same issue as others above where I get limited values for properties. I can expand the propertynames that returns but no values come with that.
I tried that. Same error:
Exception calling “LoadFile” with “1” argument(s): “Strong name validation failed. (Exception from HRESULT: 0x8013141A)”
At line:1 char:1
+ [System.Reflection.Assembly]::LoadFile(‘file-path-name-here’)
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : SecurityException
You don’t need to import the DDL files, just import the ActiveDirectory module directly. e.g. change to the folder and do import-module activedirectory.
you need to add 1 more line to make it work:
Import-Module “C:\Temp\a\Microsoft.ActiveDirectory.Management.dll”
Import-Module “C:\Temp\a\Microsoft.ActiveDirectory.Management.resources.dll”
import-module .\ActiveDirectory.psd1
Get-ADUser -server servername -identity ‘user’ -Properties *