ActiveDirectory module installation

Ask your PowerShell-related questions, including questions on cmdlet development!
Forum rules
Do not post any licensing information in this forum.

Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
This topic is 1 year and 1 month old and has exceeded the time allowed for comments. Please begin a new topic or use the search feature to find a similar but newer topic.
Locked
User avatar
Domtar
Posts: 133
Last visit: Mon Mar 11, 2024 5:38 am
Has voted: 2 times

ActiveDirectory module installation

Post by Domtar »

hi all,

someone has a script to install this ActiveDirectory module without installing RSAT? google is no help here.

thanks!
jvierra
Posts: 15439
Last visit: Tue Nov 21, 2023 6:37 pm
Answers: 30
Has voted: 4 times
Been upvoted: 33 times

Re: ActiveDirectory module installation

Post by jvierra »

I see no way to install the "Administrative" tools without installing RSAT. RSAT is for admins and not for all users. To allow fine detailed access to AD use the AD types. Note that RSAT is for administration and not for user access to AD.

THe following shows you what is available without RSAT installed. https://learn.microsoft.com/en-us/dotne ... mework-4.8

If you Search for any particular class, you will find hundreds of examples of how to use the class to solve issues in user code when users are not admins. The classes have almost complete access to everything for true admins.
User avatar
Domtar
Posts: 133
Last visit: Mon Mar 11, 2024 5:38 am
Has voted: 2 times

Re: ActiveDirectory module installation

Post by Domtar »

i know that RSAT is not for users, which is why i'm trying to install the module.

but we need to run scripts on our computers that grab some info from AD and LDAP commands are mostly useless for what we need.

here's an example to illustrate what we need:

we have several single user computers that are locked down and a generic user auto-login to those. those comps have next to nothing permitted on them but some users need to connect to sharepoint. for that, my script will simulate the "run as another user" function with a start-process -credential $creds

when the user enters his credentials, i want my script to check a few things:

AD user is not disabled
AD user is not locked
user's password is not expired
and so on ...

i am unable to get the "is the password expired" property from LDAP which is why i'd like to use get-aduser to grab all the properties i need.

thanks!
jvierra
Posts: 15439
Last visit: Tue Nov 21, 2023 6:37 pm
Answers: 30
Has voted: 4 times
Been upvoted: 33 times

Re: ActiveDirectory module installation

Post by jvierra »

Get-AdUser is no part of RSAT. You want the Active Directory module. That is an independent install. Search for how to install it under differing conditions. There are a number of methods that you can choose from.
User avatar
Domtar
Posts: 133
Last visit: Mon Mar 11, 2024 5:38 am
Has voted: 2 times

Re: ActiveDirectory module installation

Post by Domtar »

all i can find is how to manually install that module on a computer. which is not what we need. we have about 5000 computers where this needs to be installed.

any suggestion on how to install that module?

thanks!
jvierra
Posts: 15439
Last visit: Tue Nov 21, 2023 6:37 pm
Answers: 30
Has voted: 4 times
Been upvoted: 33 times

Re: ActiveDirectory module installation

Post by jvierra »

Group Policy can install almost any MSI. System level installs can be done by other MS deployment methods. If you have an MCSE in your company, then ask that person what deployment methods are available.

I still recommend using the AD classes directly or using ADSI. No modules need to be installed for these to work.
User avatar
brianclark
Posts: 23
Last visit: Wed Feb 22, 2023 5:19 pm

Re: ActiveDirectory module installation

Post by brianclark »

To install the AD module on Servers;

Code: Select all

Install-WindowsFeature -Name "RSAT-AD-PowerShell" –IncludeAllSubFeature
To install the AD Module on Windows10/11 Computers

Code: Select all

Add-WindowsCapability -Name Rsat.ActiveDirectory.DS-LDS.Tools~~~~0.0.1.0 -Online
There are also articles out there on how to deploy the Active Directory Module without installing RSAT on any of the machines.
https://woshub.com/using-powershell-act ... ling-rsat/

I have used all three to various degrees of success. Good luck.
This topic is 1 year and 1 month old and has exceeded the time allowed for comments. Please begin a new topic or use the search feature to find a similar but newer topic.
Locked