Today we’ll show you how to install and use the Windows PowerShell Active Directory Module. You can perform AD management tasks and use its cmdlets to get different information on domain users, computers, groups, and other objects. This PowerShell module in the server OS is installed as a separate feature. On the desktop OS versions (Windows 10, 8.1, 7) the module is a part of the Remote Server Administration Tools (RSAT). RSAT includes all necessary management tools, command-line utilities, and Windows PowerShell modules. You must download the RSAT package for your version of the OS from the Microsoft website (how to install RSAT on Windows 10?).
Install PowerShell Active Directory Module on Windows Server
The Active Directory module for Windows PowerShell first appeared on Windows Server 2008 R2. It is installed on the Windows Server after you installed ADDS role (Active Directory Domain Services). It also promotes a server to the domain controller. To use the cmdlets from the Active Directory module, at least one controller with Windows Server 2008 R2 or higher must exist in your domain. If your network has only DCs with Windows Server 2003 or 2008, you must download and install the Active Directory Management Gateway Service. The cmdlets from the Active Directory module interact with the web service that is a part of the domain controller with the ADDS role or ADMGS.
- You can install the Active Directory module for PowerShell on the domain controller, on any Windows server or workstation.
- In Windows Server 2019/2016/2012 R2, you can install the Active Directory module for Windows PowerShell. You can do it by using the Add Roles and Features Wizard from the Server Manager. It is enough to start the wizard and at the step when selecting features, you need to select the item Remote Server Administration Tools > Role Administration Tools > AD DS and AD LDS Tools > Active Directory module for Windows PowerShell.
- You can also install this module using PowerShell. Open the PowerShell console as an administrator and run the following commands:
Import-Module ServerManager Add-WindowsFeature -Name "RSAT-AD-PowerShell" –IncludeAllSubFeature
Installing the AD PowerShell Module on Windows 10
In Windows 10, Windows 8.1, and Windows 7, to install the RSAT-AD-PowerShell module, at first you must install the appropriate version of RSAT. You can install RSAT only in the Professional, Education, and Enterprise Windows editions. The installation of RSAT on Windows Home or Single Language is not available.
- You can install the RSAT module on Windows 7, 8.1, and Windows 10 up to 1803 built. For this you need to download and install a special MSU package;
- Then you need to enable the module (Control Panel > Programs > Turn Windows Features On or Off > Remote Server Administration Tools > Role Administration Tools > AD DS and AD LDS Tools > Active Directory module for Windows PowerShell).Or using PowerShell:
Enable-WindowsOptionalFeature -Online -FeatureName RSATClient-Roles-AD-Powershell
- On Windows 10 1809 and newer the RSAT became a part of Features on Demand (FoD). You can install AD RSAT Tools from the Settings menu (Settings > Apps > Manage Optional Features > Add features > RSAT: Active Directory Domain Services and Lightweight Directory Tools > Install). Or from the PowerShell console:
Add-WindowsCapability –online –Name “Rsat.ActiveDirectory.DS-LDS.Tools~~~~0.0.1.0”
Importing PowerShell Active Directory Module on Windows
- In Windows 7 and Windows Server 2008 R2 with PowerShell 2.0 installed, to start using the Active Directory module, you need to import it into the PowerShell session with the command:
- Also, you can export the module from a remote computer/server and import it into your PowerShell session:
$S = New-PSSession -ComputerName MyDomainController Export-PSsession -Session $S -Module ActiveDirectory -OutputModule RemoteAD Remove-PSSession -Session $S Import-Module RemoteAD
- On Windows Server 2016/2016/2012 R2 and Windows 8.1/Windows 10, the module imports into the session automatically.
- To confirm the AD PoSh module is loaded, run the command:
When the computer joins to the AD domain, by default a separate disk is created with the name AD:\. You can go to this disk using the CD command and use the familiar commands of working with the file system to navigate this disk. The paths are in X500 format.
PS C:\> cd AD:
PS AD:\> dir
PS AD:\> cd “DC=contoso,DC=com”
PS AD:\> dir
You can display the list of available cmdlets for working with Active Directory as follows:
Get-Command -Module ActiveDirectory
Different versions of Windows (RSAT) have a different number of cmdlets available:
- Windows Server 2008 R2 — 76 cmdlets;
- Windows Server 2012 — 135 cmdlets;
- Windows Server 2012 R2/2016 — 147 cmdlets.
Using RSAT-AD-PowerShell Module
Let’s look at a few examples of using the cmdlets of the RSAT-AD-PowerShell module.
- To get the list of AD domain controllers, run the command:
Get-ADDomainController –filter *| format-table
- You can create several AD users at once by importing the user list from the CSV file. Use it together with the New-ADUser cmdlet.
- Use the New-ADGroup cmdlet to create AD group. For example, to create a new group named ItalyUsers in the specific OU, run the command:
New-ADGroup -Path "OU=Groups,OU=Italy,DC=theitbros,DC=com" -Name "ItalyUsers" -GroupScope Global -GroupCategory Distribution
- To get the AD group info, use the Get-ADGroup cmdlet:
- Use the New-ADOrganizationalUnit cmdlet to create Active Directory Organizational Unit:
New-ADOrganizationalUnit -Name "France"
- Use the Unlock-ADAccount cmdlet to unlock user account in Active Directory domain:
Get-ADUser -Identity bjackson | Unlock-ADAccount
- Or you can use the Set-ADAccountPassword to change or reset the user’s password:
$newPass=Read-Host "Enter the new user password" -AsSecureString Set-ADAccountPassword bjackson -NewPassword $newPass
If the computer is not a part of the Active Directory domain, the following warning appears when you try importing the AD-PoSh module:
WARNING: Error initializing default drive: ‘Unable to find a default server with Active Directory Web Services running.’.
In this case, you need to specify the AD domain controller and user credentials to connect it.
First of all, you need to get the user’s credentials to access the domain. Any authenticated domain user can view almost all AD objects properties.
$cred = Get-Credential
For example, to get the user’s info from the DC named TOR-DC01 under saved credentials, use the command:
get-aduser postfixsrv –server tor-dc01 -Credential $cred
As you can see, you have received the AD account info.
So now you can use the PowerShell cmdlets to manage and query Active Directory.
- Installing Active Directory Users and Computers MMC Snap-in on Windows 10 - November 26, 2020
- Convert Thick Provision Lazy Zeroed Disk to Thin on VMware ESXi - November 25, 2020
- Fix: Connection to Microsoft Exchange is Unavailable in Outlook - November 20, 2020