Photo by Markus Spiske / Unsplash
Install PowerShell Active Directory module

Install PowerShell Active Directory module

Published on 08 Oct 2018

Bastien Perez
Bastien Perez

Clap

To run PowerShell command for Active Directory (Get-ADUser, Get-ADComputer, Get-ADGroup, New-ADUser, etc.), the PowerShell module must be on the computer (workstation or server). There are two methods:

  1. with the Active Directory PowerShell module installation. It depends on your Windows version
  2. with module import via PSSession. This method is not very popular but can be very useful when you can’t install the PowerShell module. This method is described in the end of this article

Method 1: AD PowerShell module installation

Prerequisites

This module needs .NET Framework 3.5. For the recent Windows versions, you can enable it with :

dism /online /Enable-Feature /FeatureName:"NetFx3" 

Windows 1810 and above

For client versions from Windows 10 October 2018 (Windows 1810), install Remote Server Administration Tool (RSAT) AD with Add-WindowsCapability via PowerShell as admin :

Get-WindowsCapability -Name Rsat.ActiveDirectory* -Online | Add-WindowsCapability -Online

If you get error 0x800f0954, install .NET Framework 3.5

Windows 1803 and below

For Windows Windows 7/8/8.1, Windows 10 1803 and below, you need to install the RSAT according to your Windows version (french link) and restart your computer. Or you can install it with DISM

dism /Online /Enable-Feature /FeatureName:RemoteServerAdministrationTools-Roles-AD-Powershell

Windows Server 2012/2012R2/2016/2019

On Windows Server, the installation is made with the following PowerShell command:

# 2012 R2 - 2016 - 2019
Install-WindowsFeature RSAT-AD-PowerShell

# 2012
Add-WindowsFeature RSAT-AD-PowerShell

Load the Active Directory module

Finally, after the AD module installation, if you run any AD CMDlet, PowerShell will automatically load the AD module. But in older PowerShell version, you need to load the module:

Import-Module ActiveDirectory

Method 2: Import module without installation

To use this method, you need the rights to execute Enter-PSSession on a computer with the AD PowerShell module installed. It can be either a domain controller or a member server/PC:

$computerWithADPshellInstalled = 'XXXX'
$session = New-PSSession -ComputerName $computerWithADPshellInstalled -Credential (Get-Credential)

# -Force to override if remote module was already imported
Export-PSSession -Session $session -Module ActiveDirectory -OutputModule RemoteActiveDirectory -Force

Remove-PSSession $session

You only have to make this once. Indeed a .psm1 file containing the command to run PSRemoting session (against the PC/server in the following command) will be located in the Modules folder.

You can Import the Module with:

Import-Module RemoteActiveDirectory

It will load a PSSession to the computer. The script asks for credentials if you use a different account than the current one during the previous Enter-PSSession.

Keep in mind the following:

  • remote computer must be up when you execute the remote CMDlets
  • the CMDlet execution is a little longer than when the module is directly installed on the computer.

Comments

banner-Bastien Perez
Bastien Perez

Freelance Microsoft 365 - Active Directory - Modern Workplace

France