Use Get-ADObject without installing RSAT

This topic contains 2 replies, has 3 voices, and was last updated by Profile photo of Jeffrey Smith Jeffrey Smith 3 years, 11 months ago.

  • Author
    Posts
  • #6859
    Profile photo of deiandrei
    deiandrei
    Participant

    Hello again,

    I ran into trouble!
    I created a Form meant for end-users, which is searching the AD for print queues and the user can also connect a shared printer to his PC.
    After finishing the tool, I was very proud that it was running flawless.
    I am using at the beginning the command: Import-Module ActiveDirectory in order to have access to Get-ADObject cmdlet.
    But when I copied the tool to another PC: SURPRISE! I have been struck by reality! The ActiveDirectory Module comes only with the RSAT tools, which makes my tool useless on the PCs of endusers.

    Now my question: is there any way to import the AD Module or maybe only the Get-AdObject cmdlet to the PCs of the end-users? It is impossible to install RSAT on all PCs only to run this little tool.
    Connecting remotely to another PSSession is also not an option, since the connection might be very slow to the other PC.

    I saw that the Powershell Modules are stored under C:\Windows\System32\WindowsPowerShell\v1.0\Modules, but simply copying them to the other PC is not helping. I am still not able to import the AD Module 🙁

    Any other ideas how to make the Get-ADObject cmdlet available to end-user PCs?

  • #6862
    Profile photo of Poshoholic
    Poshoholic
    Member

    The AD module is not redistributable aside from installation via RSAT tools as far as I am aware. However, the AD module is not the only way to get information from Active Directory using PowerShell. PowerShell has native support for ADSI, and that support has been there since version 1. If the only AD module command you are using is Get-ADObject, you could write a function in your tool called Get-ADObject (or better yet, call it Get-ADSIObject so that you don't run into a naming conflict at some point) that would facilitate using ADSI to get information from Active Directory.

    Here is a good article to get you started:
    http://social.technet.microsoft.com/wiki/contents/articles/4231.working-with-active-directory-using-powershell-adsi-adapter.aspx

  • #6919
    Profile photo of Jeffrey Smith
    Jeffrey Smith
    Participant

    You can also use implicit remoting to load the AD module on client machines that don’t have RSAT by creating a PSSession on a machine that does (preferably an IT management server, and not a Domain Controller). Here’s some sample code I created for just this purpose:
    function Get-ActiveDirectorySession {
    param(
    [string]$Server = ‘ITManagmentPC.yourdomain.local’
    )
    $session = New-PSSession -ComputerName $Server
    Invoke-Command -Session $session -ScriptBlock {Import-Module ActiveDirectory}
    return $session
    }

    Then at the beginning of your script you can do something like this:

    if (Get-Module -ListAvailable ActiveDirectory)
    {
    Import-Module ActiveDirectory
    }
    else {
    Import-PSSession -Session (Get-ActiveDirectorySession) -Module ActiveDirectory | Out-Null
    }

    This gives you the AD cmdlets on machines that do not have RSAT installed. Of course, you need PSRemoting installed, and the appropriate permissions to create PSSessions on the target management PC, but it’s pretty slick once that it sorted out.

You must be logged in to reply to this topic.