Import module from remote comptuer

This topic contains 10 replies, has 3 voices, and was last updated by  Daniel Krebs 3 years, 9 months ago.

  • Author
  • #18536

    David Jones

    I'm trying to use remoting to use 2012 ActiveDirectory module from a windows 7 machine with WMF 4.0 installed. I have enabled CredSSP on the member server that has ActiveDirectory module and set it up on the workstation I'm testing from.
    On the server:

    Enable-WSManCredSSP –Role server

    On the test workstation:

    Enable-WSManCredSSP –Role client –DelegateComputer

    And then I try to import the module.

    PS H:\> $cred = Get-Credential domain/user
    PS H:\> $session = New-PSSession -ComputerName -Authentication Credssp -Credential $cred
    PS H:\> import-module -PSSession $session -Name ActiveDirectory
    import-module : Failed to generate proxies for remote module 'ActiveDirectory'.  The specified path, file name, or
    both are too long. The fully qualified file name must be less than 260 characters, and the directory name must be less
    than 248 characters.
    At line:1 char:1
    + import-module -PSSession $session -Name ActiveDirectory
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : NotSpecified: (:) [Import-Module], InvalidOperationException
        + FullyQualifiedErrorId : CmdletProviderInvocationException,Microsoft.PowerShell.Commands.ImportModuleCommand

    I"m at a loss on this one.

    The reason I'm doing this with a member server is we don't have the user that will eventual run the script to have access to the DC.

  • #18539

    Daniel Krebs


    I think we need to understand what you're actually trying to achieve in the end. Which tasks do you want to perform against Active Directory from the workstations? Please provide a full list to give us a better picture of your scenario.


  • #18541


    There is a JumpStart webcast about this topic @

    Getting Started with PowerShell 3.0 Jump Start
    Module 09 | Introducing scripting and toolmaking

    Starting: [13:33] | PowerShell remote CMDLETs

    Maybe this gives you a more deeper insight.



  • #18542

    David Jones

    Basically We have a scheduled script that sets logon hours based on a CSV file provided by HR. However the names provided are not always the same as what is in AD. So I need the HR person to be able to run

    get-aduser -filter {GivenName -like $FirstName -and SN -like $LastName}

    as part of a script to validate the CSV data.
    they are on windows 7 with WMF 4.0 installed.

  • #18564

    David Jones

    @christian Francke

    That video was a life saver. I have it working via credssp.

    using Import-PSSession i was able to import the module and use it from the member server.

    Now I would like to be able to do it withe Kerberos Constrained deligation. Any takers on how to do that?

    I tried to setup WSMAN to the DC on the member server's AD object. but I still get this error

    Unable to contact the server. This may be because this server does not exist, it is currently down, or it does not
    have the Active Directory Web Services running.
        + CategoryInfo          : ResourceUnavailable: (pds-admin75:ADComputer) [Get-ADComputer], ADServerDownException
        + FullyQualifiedErrorId : ActiveDirectoryServer:0,Microsoft.ActiveDirectory.Management.Commands.GetADComputer
        + PSComputerName        :
  • #18581

    Daniel Krebs


    Have you considered to install the Remote Server Administration Tools (RSAT) and enable the AD PowerShell module on the HR Windows 7 machines?

  • #18638

    David Jones

    It's my understanding that Microsoft does not recommend using the down version RSAT with a newer Domain. I know this function in question is a read but i'm trying to stick to the tools that match the DC.

  • #18639

    David Jones

    Strange It looks like it's working now.

    PS C:\WINDOWS> $s = New-PSSession -ComputerName ps-script01
    PS C:\WINDOWS> import-pssession -Session $s -Module ActiveDirectory -Prefix Remote
    ModuleType Version    Name                                ExportedCommands
    --------- ------    -----                               ----------------
    Script     1.0        tmp_4jss0rk1.4sz                    {Add-RemoteADCentralAccessPolicyMember, Add-RemoteADComput.

    I'm betting the changes in AD did not take effect last week due to the life time of the Kerberose tickets.

    Does any one know how / where to clear Kerberos tickets?

  • #18640

    Daniel Krebs

    You can run the command line utility "klist" which comes bundled with Windows. Since Windows 7 if I'm correct.

    klist purge

    To show your tickets just run


  • #18641

    David Jones

    I came across that, and last Friday I tried to purge on the member server. Am I supposed to run that on the workstation to? I cant imagine wanting to run it on the DC with a flat purge.

  • #18642

    Daniel Krebs

    klist only affects the session of the current user as far as I know. You need to purge on the workstation or from where you're connecting to the PowerShell remoting endpoint.

You must be logged in to reply to this topic.