How to Install Active Directory Powershell Module and Import
How to Install Active Directory Powershell Module and Import. A prerequisite for every Windows PowerShell Active Directory (AD) task and command is to import the PowerShell Active Directory module. This commonly used module allows administrators to query and change Active Directory with PowerShell.
This article will dive into installing the PowerShell Active Directory module on a workstation or server with a Windows operating system. We will then cover how to connect to AD with PowerShell and the various ways we can authenticate to AD by importing the Active Directory module.
Install Active Directory PowerShell Module
Before we begin, we should first be aware of the Remote Server Administration Tools or the RSAT package. If we use a machine, workstation, or server variant of Windows, we will need to install the RSAT package. The RSAT package is used for managing Windows operating system installed machines remotely.
One example of a component where the RSAT package is a prerequisite is the PowerShell Active Directory Module. When we run active directory commands, without RSAT, we will get the thrown error “The term Get-AD is unrecognized as the name of a function, cmdlet, script file, or operable program”. So we must first install the prerequisites before proceeding.
Installing RSAT on a Workstation
To install the RSAT package on our workstation, we must first determine the Windows Build currently running in our workstation. To check the build of Windows 10 that is installed on our machine, follow these steps:
- First, right-click the Start menu and select Run. Alternatively, you can press Ctrl+R.
2. Once the Run window appears, type winver and hit the Enter key or press OK
3. A new window will appear that should display the Windows 10 build that is installed.
Now that we have determined our Windows Build version, we can proceed to choose the proper way of installing the RSAT package in our workstation.
Installing the RSAT Package on Windows 10 Build 1809 or Later
Starting October 2018, the RSAT package is readily available as a Feature on Demand on every Education, Enterprise, and Professional edition of Windows 10. To get RSAT running, tap the Windows key, type manage optional features in the search box and select Manage Optional Features from the menu.
The settings app will list all the optional features installed on our Windows 10 machine.
Click the + button of the Add a feature menu and scroll down through the list for the RSAT tools and add them. Alternatively, we can also install the RSAT package through PowerShell with the following command below:
Add-WindowsCapability -Name Rsat.ActiveDirectory.DS-LDS.Tools~~~~0.0.1.0 -Online
Installing RSAT Pre-Windows 10 Build 1809
If we are running an earlier version of Windows 10, we can still install RSAT, but the sequence of steps is different.
If we have an earlier build of Windows 10 (for example, if we have automatic updates turned off), we will need to install RSAT manually by downloading it from the Microsoft website. Here is how to download the RSAT suite:
- First, click on the Remote Server Administration Tools for Windows 10 page.
- Click on Download.
- Once the download is finished, open the .msu file.
- Follow the wizard to install.
- Type in `control` to bring up the Control Panel in the search box.
- Select Programs, then Programs and Features.
- Select Turn Windows features on or off.
- Choose Remote Server Administration Tools, and then select Role Administration Tools.
- Next, select AD DS and AD LDS Tools.
- Check the box beside AD DS Tools and choose OK.
We have now installed and enabled Active Directory Users and Computers in Windows 10. We should now be able to see it in Control Panel.
- Open Control Panel.
- Navigate to Administrative Tools.
- Select Active Directory Users and Computers.
We should now be able to perform most of the usual daily tasks we need on remote servers when using a workstation.
Installing RSAT on a Server
As with most server-based installations, we can also do the installation via the command line. Just three dism commands will install RSAT:
dism /online /enable-feature /featurename:RSATClient-Roles-AD
dism /online /enable-feature /featurename:RSATClient-Roles-AD-DS
dism /online /enable-feature /featurename:RSATClient-Roles-AD-DS-SnapIns
These steps will install the RSAT package and integrate Active Directory Users and Computers into Windows Server, ready for us to use. However, we can also use PowerShell to install the RSAT package on the server with the following commands below:
Import-Module ServerManager
Install-WindowsFeature -Name "RSAT-AD-PowerShell" -IncludeAllSubFeature
Common RSAT Installation Problems
RSAT installations will usually run smoothly with no issues, but there are occasional problems sometimes. For example, the RSAT installer uses Windows Update to install and integrate RSAT into Windows. Therefore, if we have Windows Firewall turned off, it may not work correctly.
If we have installed RSAT and it does not show up or will not install correctly, turn on Windows Firewall in the Services window, perform the installation, and turn it off again. Many Windows Update-related installations commonly cause this issue. If we have other Windows Update-related issues, check here for some common issues and solutions.
Import Active Directory PowerShell AD Module
PowerShell will likely auto-import the module when installed. But if we would like to ensure it loads correctly, we can also use the Import-Module command. To import the Windows PowerShell Active Directory module, run Import-Module ActiveDirectory.
Import-Module ActiveDirectory
If the module is installed correctly, we will receive no errors when running the syntax above.
Connecting and Authenticating
Once the Active Directory module is set up, we can use the Active Directory PowerShell cmdlets. Next, we will discuss connecting to a specific Domain Controller or DC in the article’s next section.
Connecting to an AD DC
The AD cmdlets will find a DC for us by default. However, if we need to connect to a different domain controller, we can use the Server parameter. PowerShell will attempt to find a DC to connect to by default if the Server parameter has not been supplied. The DC is determined by trying the following:
- Use the Server property of the objects passed in on the pipeline.
- If in use, use the server associated with the AD PowerShell provider drive.
- Use the domain of the client’s computer.
We can connect to a specific domain controller by providing a value for the Server parameter. We can specify several different Active Directory Domain Services objects in various formats, such as:
- FQDN or NETBIOS name of the domain such as test.com.
- FQDN or NETBIOS name of the server acting as the DC, such as server.test.com.
- A fully-qualified domain controller and an open LDAP port such as server.domain.com:3268.
Connecting to AD with Alternate Credentials
By default, the AD PowerShell cmdlets will use a two-step process for determining the user account when connecting to an Active Directory.
- Use the credentials associated with the drive if the command is run from the PowerShell AD Provider.
- Utilizing the credentials of the logged-on user.
The Credential parameter allows us to pass in a PSCredential object. For example, if we provide a username, the command line will prompt us for a password, and PowerShell will use these credentials. We can see an example below of using the Get-ADUser cmdlet using an alternate credential.
$credential = Get-Credential
Get-Aduser -Filter * -Credential $credential
We also have two possible authentication types. These types are Basic and Negotiate as the default parameter. Basic authentication is only possible provided our connection is an SSL connection.
Get-ADUser -Filter * -Credential $credential -AuthType Negotiate|Basic
Install Active Directory PowerShell Module Conclusion
Importing the Windows PowerShell Active Directory module is a straightforward and standard process. We must first install the Remote Server Administration Tools as a prerequisite. Then, using the instructions provided in this article, we should be able to import the AD module and use Active Directory commands accordingly.
