Local powershell script to pull AdObject without installing RSAT
-
You could try using the ADSI object... check out https://social.technet.microsoft.com/wiki/contents/articles/4231.working-with-active-directory-using-powershell-adsi-adapter.aspx
That doesn't require any AD / RSAT to be installed.
-
You can apparently deploy the DLL needed for the Ad module
I found a very Simple and elegant way to make the AD Powershell Module Portable.
you will need 3 simple things
1.) the ActiveDirectory Module Directory from a system that has it already installed.
Standard path on a 64bit windows 7
C:WindowsSystem32WindowsPowerShellv1.0Modules
2.) Global Assembly Cache Utility Available from the Windows SDK
gacutil.exe
3.) the Microsoft.ActiveDirectory.Management dll assemblyfound on a system that already has the RSAT and powershell enabled. Microsoft.ActiveDirectory.Management.dllNow in order to make this work you need to install the dll using the gacutil program. commandline is as follows.
GACUTIL.exe -I Microsoft.ActiveDirectory.Management.dll
Once installed you must copy the entire directory from item 1 to the powershell module location.
Once copied you can then use the import command to import it and start using the cmdlets. below is my batch file I wrote to automate this for deployment during SCCM.
-
@dashrender said in Local powershell script to pull AdObject without installing RSAT:
You can apparently deploy the DLL needed for the Ad module
I found a very Simple and elegant way to make the AD Powershell Module Portable.
you will need 3 simple things
1.) the ActiveDirectory Module Directory from a system that has it already installed.
Standard path on a 64bit windows 7
C:WindowsSystem32WindowsPowerShellv1.0Modules
2.) Global Assembly Cache Utility Available from the Windows SDK
gacutil.exe
3.) the Microsoft.ActiveDirectory.Management dll assemblyfound on a system that already has the RSAT and powershell enabled. Microsoft.ActiveDirectory.Management.dllNow in order to make this work you need to install the dll using the gacutil program. commandline is as follows.
GACUTIL.exe -I Microsoft.ActiveDirectory.Management.dll
Once installed you must copy the entire directory from item 1 to the powershell module location.
Once copied you can then use the import command to import it and start using the cmdlets. below is my batch file I wrote to automate this for deployment during SCCM.
It required RSAT which is a No No from my manager.
-
To pull in the details you're looking for
get-aduser $logonuser -properties *
would literally pull in everything (or it should) assuming your domain controllers are modern enough.That should at least get the details, you'd have to pair it down from there. .
Should being the key. . . (would test to confirm)
-
@stess said in Local powershell script to pull AdObject without installing RSAT:
@dashrender said in Local powershell script to pull AdObject without installing RSAT:
You can apparently deploy the DLL needed for the Ad module
I found a very Simple and elegant way to make the AD Powershell Module Portable.
you will need 3 simple things
1.) the ActiveDirectory Module Directory from a system that has it already installed.
Standard path on a 64bit windows 7
C:WindowsSystem32WindowsPowerShellv1.0Modules
2.) Global Assembly Cache Utility Available from the Windows SDK
gacutil.exe
3.) the Microsoft.ActiveDirectory.Management dll assemblyfound on a system that already has the RSAT and powershell enabled. Microsoft.ActiveDirectory.Management.dllNow in order to make this work you need to install the dll using the gacutil program. commandline is as follows.
GACUTIL.exe -I Microsoft.ActiveDirectory.Management.dll
Once installed you must copy the entire directory from item 1 to the powershell module location.
Once copied you can then use the import command to import it and start using the cmdlets. below is my batch file I wrote to automate this for deployment during SCCM.
It required RSAT which is a No No from my manager.
no, it requires a part of RSAT, but not the full RSAT.
-
I'm not sure you're going to be able to run a command from the Windows 7 machine that will read AD without at minimum the module from RSAT - it's just not meant to work that way.
-
Is your manager concerned that if people see a new item in the start menu that they'll go poking around?
-
Check out @dafyre 's link
This might be another option too
https://gallery.technet.microsoft.com/scriptcenter/Using-SystemDirectoryServic-0adf7ef5 -
@dustinb3403 said in Local powershell script to pull AdObject without installing RSAT:
Is your manager concerned that if people see a new item in the start menu that they'll go poking around?
More or less..yes.
-
I also would be reluctant to install RSAT, it just seems like a lot of extra baggage for the task at hand
-
@stess said in Local powershell script to pull AdObject without installing RSAT:
@dustinb3403 said in Local powershell script to pull AdObject without installing RSAT:
Is your manager concerned that if people see a new item in the start menu that they'll go poking around?
More or less..yes.
Based on what I'm seeing though you cannot get the ad modules you need though, without installing RSAT... which seems insane to me.
-
But you may be able to do this.
Import-Module ServerManager Add-WindowsFeature RSAT-AD-PowerShell
Which I believe is without the start menu items.
Anyone have a windows 7 system to test with?
-
Yeah no... even that won't work.
You must install RSAT for windows 7, and then you can disable the features from appwiz.cpl once it's installed.
No two ways about it.
-
@stess tell your manager to understand the technical limitations of an old ass operating system. And without either making changes to what is installed on the system or replacing the system entirely that this isn't possible.
-
@dustinb3403 said in Local powershell script to pull AdObject without installing RSAT:
@stess tell your manager to understand the technical limitations of an old ass operating system. And without either making changes to what is installed on the system or replacing the system entirely that this isn't possible.
There's nothing saying the same limitation doesn't exist for Windows 10. You're trying to use a feature of the AD module, the official way to get the module is via RSAT.
I already shows you how to extract the module and install it manually on a machine if you want to skip the whole RSAT install.
-
So... after checking out Dafyre's ADSI suggestion... ADSI managed to pull the properties attribute.
I still need to decipher what these codes mean. But thought I should share.Here's the script I found:
$searcher = [adsisearcher]'(&(objectCategory=User)(objectclass=person))'
$searcher.SearchRoot = [adsi]'LDAP://OU=Users,OU=Production,DC=Domain,DC=Local'
$searcher.SearchScope = 'OneLevel'
$searcher.FindAll() |
ForEach-Object{
[pscustomobject]@{
Name =$.properties['name'][0]
EmployeeID = $.properties['ipphone'][0]
}
}@dustinb3403 said in Local powershell script to pull AdObject without installing RSAT:
@stess tell your manager to understand the technical limitations of an old ass operating system. And without either making changes to what is installed on the system or replacing the system entirely that this isn't possible.
I agree. But I also understand it's no my ass that's on the line when IT screwed up... it's his ass. So, I don't feel like going against him much. I want him to run the department to his heart content. If anything happens my hands are clean. At least this is what I have in my mind.
-
@stess said in Local powershell script to pull AdObject without installing RSAT:
I agree. But I also understand it's no my ass that's on the line when IT screwed up... it's his ass. So, I don't feel like going against him much. I want him to run the department to his heart content. If anything happens my hands are clean. At least this is what I have in my mind.
Shit always rolls down hill.
-
@dustinb3403 said in Local powershell script to pull AdObject without installing RSAT:
@stess said in Local powershell script to pull AdObject without installing RSAT:
I agree. But I also understand it's no my ass that's on the line when IT screwed up... it's his ass. So, I don't feel like going against him much. I want him to run the department to his heart content. If anything happens my hands are clean. At least this is what I have in my mind.
Shit always rolls down hill.
LOL!! That's very true. I guess at least my conscience is clean.
-
@stess said in Local powershell script to pull AdObject without installing RSAT:
So... after checking out Dafyre's ADSI suggestion... ADSI managed to pull the properties attribute.
I still need to decipher what these codes mean. But thought I should share.Here's the script I found:
$searcher = [adsisearcher]'(&(objectCategory=User)(objectclass=person))'
$searcher.SearchRoot = [adsi]'LDAP://OU=Users,OU=Production,DC=Domain,DC=Local'
$searcher.SearchScope = 'OneLevel'
$searcher.FindAll() |
ForEach-Object{
[pscustomobject]@{
Name =$.properties['name'][0]
EmployeeID = $.properties['ipphone'][0]
}
}@dustinb3403 said in Local powershell script to pull AdObject without installing RSAT:
@stess tell your manager to understand the technical limitations of an old ass operating system. And without either making changes to what is installed on the system or replacing the system entirely that this isn't possible.
I agree. But I also understand it's no my ass that's on the line when IT screwed up... it's his ass. So, I don't feel like going against him much. I want him to run the department to his heart content. If anything happens my hands are clean. At least this is what I have in my mind.
sure, this totally makes sense. But you can't give him something that isn't possible by the same token...
-
@dashrender said in Local powershell script to pull AdObject without installing RSAT:
@stess said in Local powershell script to pull AdObject without installing RSAT:
So... after checking out Dafyre's ADSI suggestion... ADSI managed to pull the properties attribute.
I still need to decipher what these codes mean. But thought I should share.Here's the script I found:
$searcher = [adsisearcher]'(&(objectCategory=User)(objectclass=person))'
$searcher.SearchRoot = [adsi]'LDAP://OU=Users,OU=Production,DC=Domain,DC=Local'
$searcher.SearchScope = 'OneLevel'
$searcher.FindAll() |
ForEach-Object{
[pscustomobject]@{
Name =$.properties['name'][0]
EmployeeID = $.properties['ipphone'][0]
}
}@dustinb3403 said in Local powershell script to pull AdObject without installing RSAT:
@stess tell your manager to understand the technical limitations of an old ass operating system. And without either making changes to what is installed on the system or replacing the system entirely that this isn't possible.
I agree. But I also understand it's no my ass that's on the line when IT screwed up... it's his ass. So, I don't feel like going against him much. I want him to run the department to his heart content. If anything happens my hands are clean. At least this is what I have in my mind.
sure, this totally makes sense. But you can't give him something that isn't possible by the same token...
Same token?