If you are planning to run a Powershell script with Active Directory commandlets on a Win 7 machine or any other machine that DOES NOT have AD role then you need to do some preliminary steps as listed below.
By default one can not import Active Directory module in Powershell in Windows 7. You need to do either of the below:
By doing this you will get the Active directory module to be used in the Power shell scripting.
In this article I have explained the steps for Windows 7.
After the installation of the KB958830 go to Windows Feature and enabled the highlighted items as below.
Remote Server Administration Tools > Role Administration Tools > AD DS and AD LDS Tools > Active Directory Module for Windows PowerShell
Now you are ready to run AD commandlets as below
I have followed all the steps above for my Windows 7 machine
PS C:\> import-module ActiveDirectory
Import-Module : Cannot find drive. A drive with the name ‘ C’ does not exist.
At line:1 char:14
+ import-module <<<< ActiveDirectory
+ CategoryInfo : ObjectNotFound: ( C:String) [Import-Module], DriveNotFoundException
+ FullyQualifiedErrorId : DriveNotFound,Microsoft.PowerShell.Commands.ImportModuleCommand
Microsoft Scripting Guy Ed Wilson here. Last week’s Windows PowerShell workshop in Seattle was a lot of fun. The students were really engaged and asked some great questions. My friend from Philadelphia, Pennsylvania, is out there this week doing an Exchange workshop. Anyway, during the class, I decided it would be a good idea to use Windows PowerShell remoting to perform Active Directory administration. In this way, I avoided the need to install the Remote Server Administration Tools (RSAT) on the client machine.
The first thing to do is to enter a remote Windows PowerShell session. To do this I use the Enter-PSSession cmdlet. I specify the computername and the credentials for the remote session. The credentials is an account that has the administrator rights on the remote machine. This command is shown here:
Enter-PSSession -ComputerName dc1 –credential nwtraders\administrator
If I the account I am using for my client computer also has administrator rights on the remote machine, I can leave off the credential parameter. After I have entered the session, I generally set my working location to the root of the drive so that I have more space for my commands. I then import the ActiveDirectory module. These commands appear are shown here:
The commands and the associated output are shown in the following image. Note how I use the aliases for the commands because it makes it easier to type.
Now I will create a new user in Active Directory. I think I will name the user ed. The command to create a new user is simple; it is New-ADUser and the user name. The command to create a disabled user account in the users container in the default domain is shown here:
new-aduser -name ed
When the preceding command that creates a new user has completed, nothing is returned to the Windows PowerShell console. To check to ensure the user is created, use the Get-ADUser cmdlet to retrieve the user object:
When I am certain my new user is created, I decide to create an organizational unit (OU) to store the user account. The command to create a new OU off the root of the domain is shown here:
Just as with the previously used New-ADUser cmdlet, nothing is returned to the Windows PowerShell console. If I use the Get-ADOrganizationalUnit cmdlet, I must use a different methodology. A simple Get-ADOrganizationalUnit command returns an error; therefore, I use an LDAPFilter parameter to find the OU. The command using the LDAPFilter parameter to find my newly created OU is shown here:
Get-ADOrganizationalUnit –LDAPFilter "(name=scripting)"
The commands and associated output to create the user, get the user, create the OU, and get the OU are shown in the following figure.
Thanks RameshRK, it worked beautifully (on Windows 7 x64) and helped me understand my AD groups.
this wont work @ win7 x86
PS C:\Users\funio> Import-Module activedirectory
Import-Module : The specified module 'activedirectory' was not loaded because no valid module file was found in any mod
i have the same problem @ Server 2008 STD (old EBS 2008)
In order to install the Active Directory Module for Windows PowerShell you need to
1) Download the RSAT tools for Windows 7.
2) Navigate to Control Panel > Programs and Features > Turn Windows Features On or Off and select Active Directory Module for Windows PowerShell
Is there anyway to make the module always available for use when I start powershell?
Needed this also, and just tried example from Mr. Wilson. Everything went well until I in-put the password, (which I know is correct) and received the following error text:
Enter-PSSession : Connecting to remote server failed with the following error message : The WinRM client cannot process the request. If the authentication scheme is different from Kerberos, or if the client computer is not joined to a domain, then HTTPS transport must be used or the destination machine must be added to the TrustedHosts configuration setting. Use winrm.cmd to configure TrustedHosts. Note that computers in the TrustedHosts list might not be authenticated. You can get more information about that by running the following command: winrm help config. For more information, see the about_Remote_Troubleshooting Help topic. At line:1 char:16
+ Enter-PSSession <<<< -ComputerName DukeDC -credential PRE.net\Pyxis-Support
+ CategoryInfo : InvalidArgument: (DukeDC:String) [Enter-PSSession], PSRemotingTransportException
+ FullyQualifiedErrorId : CreateRemoteRunspaceFailed
I have tried searching for what I am missing here, but am coming up blank. Any insight will be appreciated.
%windir%\system32\WindowsPowerShell\v1.0\powershell.exe -noexit -command import-module ActiveDirectory
enable psremoting on the remote host first.
PS C:>enable-psremoting -force
I found a very Simple and elegant way to make the AD Powershell Module Portable.
you will need 3 simple things
1.) the ActiveDirectory Module Directory from a system that has it already installed.
Standard path on a 64bit windows 7
2.) Global Assembly Cache Utility
Available from the Windows SDK
3.) the Microsoft.ActiveDirectory.Management dll assembly
found on a system that already has the RSAT and powershell enabled. Microsoft.ActiveDirectory.Management.dll
Now in order to make this work you need to install the dll using the gacutil program. commandline is as follows.
GACUTIL.exe -I Microsoft.ActiveDirectory.Management.dll
Once installed you must copy the entire directory from item 1 to the powershell module location.
Once copied you can then use the import command to import it and start using the cmdlets. below is my batch file I wrote to automate this for deployment during SCCM.
We want our help desk to be able to clone security groups assigned to our computers for application deployment so that when they image a replacement computer the new computer will automatically get the previously assigned applications. Also see below for that powershell script as well. Hope this helps the community.
REM SET Working Directory
@cd /d "%~dp0"
REM Copy Module
if not exist C:\Windows\System32\WindowsPowerShell\v1.0\Modules\ActiveDirectory mkdir C:\Windows\System32\WindowsPowerShell\v1.0\Modules\ActiveDirectory
xcopy /y /e .\ActiveDirectory\*.* C:\Windows\System32\WindowsPowerShell\v1.0\Modules\ActiveDirectory
REM Install Microsoft Active Directory Assembly
gacutil.exe -i Microsoft.ActiveDirectory.Management.dll
REM Set Powershell Execution Policy
powershell set-executionpolicy remotesigned
Just wanted to thank you for the tips and script. Worked like a champ (though my desktops are taking way longer to load the module than I would like).
Just a couple of notes:
1. I was able to get the GACUtil from the Visual Studio install under C:\Program Files\Microsoft SDKs\Windows\v8.0A\bin . Keep in mind that this file is not supposed to be distributed per the licensing agreement so you can't give it out to others.
2. I had to do a search under C:\Windows to find the DLL and I found both x64 and x86, though they appear to be the same file.
You still need an active directory 2008 as the 2003 does not support this feature