Hello again,
I ran into trouble!
I created a Form meant for end-users, which is searching the AD for print queues and the user can also connect a shared printer to his PC.
After finishing the tool, I was very proud that it was running flawless.
I am using at the beginning the command: Import-Module ActiveDirectory in order to have access to Get-ADObject cmdlet.
But when I copied the tool to another PC: SURPRISE! I have been struck by reality! The ActiveDirectory Module comes only with the RSAT tools, which makes my tool useless on the PCs of endusers.
Now my question: is there any way to import the AD Module or maybe only the Get-AdObject cmdlet to the PCs of the end-users? It is impossible to install RSAT on all PCs only to run this little tool.
Connecting remotely to another PSSession is also not an option, since the connection might be very slow to the other PC.
I saw that the Powershell Modules are stored under C:\Windows\System32\WindowsPowerShell\v1.0\Modules, but simply copying them to the other PC is not helping. I am still not able to import the AD Module
Any other ideas how to make the Get-ADObject cmdlet available to end-user PCs?
The AD module is not redistributable aside from installation via RSAT tools as far as I am aware. However, the AD module is not the only way to get information from Active Directory using PowerShell. PowerShell has native support for ADSI, and that support has been there since version 1. If the only AD module command you are using is Get-ADObject, you could write a function in your tool called Get-ADObject (or better yet, call it Get-ADSIObject so that you don’t run into a naming conflict at some point) that would facilitate using ADSI to get information from Active Directory.
Here is a good article to get you started:
You can also use implicit remoting to load the AD module on client machines that don’t have RSAT by creating a PSSession on a machine that does (preferably an IT management server, and not a Domain Controller). Here’s some sample code I created for just this purpose:
function Get-ActiveDirectorySession {
param(
[string]$Server = ‘ITManagmentPC.yourdomain.local’
)
$session = New-PSSession -ComputerName $Server
Invoke-Command -Session $session -ScriptBlock {Import-Module ActiveDirectory}
return $session
}
Then at the beginning of your script you can do something like this:
if (Get-Module -ListAvailable ActiveDirectory)
{
Import-Module ActiveDirectory
}
else {
Import-PSSession -Session (Get-ActiveDirectorySession) -Module ActiveDirectory | Out-Null
}
This gives you the AD cmdlets on machines that do not have RSAT installed. Of course, you need PSRemoting installed, and the appropriate permissions to create PSSessions on the target management PC, but it’s pretty slick once that it sorted out.