In one of the previous posts we showed how to use the Set-ADComputer cmdlet in a GPO logon script to save the current logged in user info to the properties of each AD computer object. One of the comments noted that to do it, you would have to install RSAT with Active Directory for Windows PowerShell on all user computers and that may be time consuming. I decided to try and find out whether you can use the PowerShell ActiveDirectory Module cmdlets without installing RSAT on user computers. And I did it!
Suppose, we have a server running Windows Server 2012 R2, on which RSAT and RSAT-AD-PowerShell module are installed. Our task is to copy the RSAT-AD-PowerShell files to a user workstation and import them in order to run different AD module cmdlets. I deliberately use a computer running Windows 10 LTSC (based on 1809 build) as a workstation to show that earlier RSAT-AD-PowerShell versions are supported in newer OS versions.
First of all, let’s copy all AD module files from Windows Server 2012 R2 to Windows 10. Create a folder C:\PS\ADPoSh and copy all the contents of C:\Windows\System32\WindowsPowerShell\v1.0\Modules\ActiveDirectory to it.
Then copy the following files from C:\Windows\WinSxS folder:
You can find these libraries by searching the WinSxS folder. In my example, the full paths in Windows Server 2012 R2 were as follows:
Then copy the C:\PS\ADPoSh folder (in my case, its size was about 1.3MB) to a Windows 10 computer where RSAT AD module for Windows PowerShell is not installed.
Let’s try to import the copied Active Directory module to the current PowerShell session:
If the error ‘Unable to contact the server. This may be because this server does not exist, it is currently down, or it does not have the Active Directory Web Services running‘ occurs, make sure that Active Directory Web Services (ADWS) on the closest domain controller is running and the TCP port 9389 is not blocked by firewall.
You can find a DC with ADWS role in your domain using the command:
Get-ADDomainController -Discover -Service “ADWS”
You can check the accessibility of the ADWS service using the Test-NetConnection cmdlet:
Test-NetConnection DC01 -port 9389
To run the cmdlets against the specific domain controller, use the –Server parameter:
Get-ADUser John.Smith –server dc01.contoso.com
You can use the PowerShell AD module cmdlets till you close your PowerShell session. You can copy the AD module files to all domain computers using GPO.