Local powershell script to pull AdObject without installing RSAT
-
Hi all,
I am looking for a way to pull ADObject directly from logon script running Windows 7. We have a value that needs to be update frequently (once a week or so). Currently we have 2 scripts. First script runs on the server to output values to CSV files. Second script runs locally on logon script to change the value based on CSV file.
Last week we made some changes on the file server and the logon script broke due to file path invalid. This is not a big deal as we quickly fix the problem, but we want to get away from relying on file server. Basically, we want logon script to pull ADObject directly from Active Directory.
Our problem is we do not want to install RSAT (Remote Server Administration Tools) on the local machine. Second is the command will run as logged user. Any idea on how to overcome this problem?
We looked at WMI-Object as it does pull some basic information, but the information we want is in Telephony tab under IPphone.
All ideas and suggestions are welcome. Cheers
EDIT: I asked about this in the past (post). The answer I was given was to install RSAT. My manager preferred not to install RSAT for any reason (I'm tired to argue with him). So I am looking for alternative option.
-
Why can't you simply use the powershell module for AD administration?
-
@dustinb3403 said in Local powershell script to pull AdObject without installing RSAT:
Why can't you simply use the powershell module for AD administration?
Isn't to use powershell for AD you need to import AD module first? And to import AD module I need RSAT. Am I missing something? I guess I don't understand what you meant.
-
Is this a Windows 7 pc that would be running this powershell script?
-
Doh.. it is.
Yeah no you have to install rsat there to use it.
-
@dustinb3403 said in Local powershell script to pull AdObject without installing RSAT:
Is this a Windows 7 pc that would be running this powershell script?
Yes. Win 7 Pro. PS Logon script
-
@dustinb3403 said in Local powershell script to pull AdObject without installing RSAT:
Doh.. it is.
Yeah no you have to install rsat there to use it.
Say what? you don't get the AD module unless you install RSAT? that sucks!
-
@stess said in Local powershell script to pull AdObject without installing RSAT:
@dustinb3403 said in Local powershell script to pull AdObject without installing RSAT:
Is this a Windows 7 pc that would be running this powershell script?
Yes. Win 7 Pro. PS Logon script
So you're wanting every user's machine in the company to run this script when they log into their PC?
-
@dashrender said in Local powershell script to pull AdObject without installing RSAT:
@stess said in Local powershell script to pull AdObject without installing RSAT:
@dustinb3403 said in Local powershell script to pull AdObject without installing RSAT:
Is this a Windows 7 pc that would be running this powershell script?
Yes. Win 7 Pro. PS Logon script
So you're wanting every user's machine in the company to run this script when they log into their PC?
Yes. Basically, we want to run this script to pull a value from their AD user object and add the value to existing config file for one of the program we use. It does not have to get Get-ADobject as long as we can grab the value and change it. I am looking into Get-WMIObject but so far it is not working as we want it to.
EDIT: We use AD to store this value because I feel it's a good centralized place.
-
@stess said in Local powershell script to pull AdObject without installing RSAT:
@dashrender said in Local powershell script to pull AdObject without installing RSAT:
@stess said in Local powershell script to pull AdObject without installing RSAT:
@dustinb3403 said in Local powershell script to pull AdObject without installing RSAT:
Is this a Windows 7 pc that would be running this powershell script?
Yes. Win 7 Pro. PS Logon script
So you're wanting every user's machine in the company to run this script when they log into their PC?
Yes. Basically, we want to run this script to pull a value from their AD user object and add the value to existing config file for one of the program we use. It does not have to get Get-ADobject as long as we can grab the value and change it. I am looking into Get-WMIObject but so far it is not working as we want it to.
EDIT: We use AD to store this value because I feel it's a good centralized place.
What AD value is your script pulling, we may be able to find the GET-WMI comparable. . (may)
-
@dashrender said in Local powershell script to pull AdObject without installing RSAT:
@dustinb3403 said in Local powershell script to pull AdObject without installing RSAT:
Doh.. it is.
Yeah no you have to install rsat there to use it.
Say what? you don't get the AD module unless you install RSAT? that sucks!
If you're on windows 7, yeah.
-
@stess said in Local powershell script to pull AdObject without installing RSAT:
@dashrender said in Local powershell script to pull AdObject without installing RSAT:
@stess said in Local powershell script to pull AdObject without installing RSAT:
@dustinb3403 said in Local powershell script to pull AdObject without installing RSAT:
Is this a Windows 7 pc that would be running this powershell script?
Yes. Win 7 Pro. PS Logon script
So you're wanting every user's machine in the company to run this script when they log into their PC?
Yes. Basically, we want to run this script to pull a value from their AD user object and add the value to existing config file for one of the program we use. It does not have to get Get-ADobject as long as we can grab the value and change it. I am looking into Get-WMIObject but so far it is not working as we want it to.
EDIT: We use AD to store this value because I feel it's a good centralized place.
Are users allowed to change their own ADObjects?
-
What version of Powershell do your users have?
-
@dustinb3403 said in Local powershell script to pull AdObject without installing RSAT:
@stess said in Local powershell script to pull AdObject without installing RSAT:
@dashrender said in Local powershell script to pull AdObject without installing RSAT:
@stess said in Local powershell script to pull AdObject without installing RSAT:
@dustinb3403 said in Local powershell script to pull AdObject without installing RSAT:
Is this a Windows 7 pc that would be running this powershell script?
Yes. Win 7 Pro. PS Logon script
So you're wanting every user's machine in the company to run this script when they log into their PC?
Yes. Basically, we want to run this script to pull a value from their AD user object and add the value to existing config file for one of the program we use. It does not have to get Get-ADobject as long as we can grab the value and change it. I am looking into Get-WMIObject but so far it is not working as we want it to.
EDIT: We use AD to store this value because I feel it's a good centralized place.
What AD value is your script pulling, we may be able to find the GET-WMI comparable. . (may)
Telephony > IP Phone
@dashrender said in Local powershell script to pull AdObject without installing RSAT:
@stess said in Local powershell script to pull AdObject without installing RSAT:
@dashrender said in Local powershell script to pull AdObject without installing RSAT:
@stess said in Local powershell script to pull AdObject without installing RSAT:
@dustinb3403 said in Local powershell script to pull AdObject without installing RSAT:
Is this a Windows 7 pc that would be running this powershell script?
Yes. Win 7 Pro. PS Logon script
So you're wanting every user's machine in the company to run this script when they log into their PC?
Yes. Basically, we want to run this script to pull a value from their AD user object and add the value to existing config file for one of the program we use. It does not have to get Get-ADobject as long as we can grab the value and change it. I am looking into Get-WMIObject but so far it is not working as we want it to.
EDIT: We use AD to store this value because I feel it's a good centralized place.
Are users allowed to change their own ADObjects?
I can't even get AD commands to run without AD module > which required RSAT > which my manager said he doesn't want it installed for "reasons".
@dashrender said in Local powershell script to pull AdObject without installing RSAT:
What version of Powershell do your users have?
Version 2.0
-
That information is simply readable, by anyone with RSAT.
Having RSAT installed, doesn't mean people would be able to change or reset passwords or anything else from there.
But in terms of powershell, with Windows 7 system you will be required to install RSAT.
-
@dustinb3403 said in Local powershell script to pull AdObject without installing RSAT:
That information is simply readable, by anyone with RSAT.
Having RSAT installed, doesn't mean people would be able to change or reset passwords or anything else from there.
But in terms of powershell, with Windows 7 system you will be required to install RSAT.
Yes. But I cannot goes against my manager's decision (above my pay grade + I don't want headache from arguing with him)
Alternatively, I could export the data into powershell script itself. Instead of reading from CSV, it reads data from within itself. Not sure how this will goes or is it possible
-
@stess said in Local powershell script to pull AdObject without installing RSAT:
@dustinb3403 said in Local powershell script to pull AdObject without installing RSAT:
That information is simply readable, by anyone with RSAT.
Having RSAT installed, doesn't mean people would be able to change or reset passwords or anything else from there.
But in terms of powershell, with Windows 7 system you will be required to install RSAT.
Yes. But I cannot goes against my manager's decision (above my pay grade + I don't want headache from arguing with him)
Alternatively, I could export the data into powershell script itself. Instead of reading from CSV, it reads data from within itself. Not sure how this will goes or is it possible
Using powershell (old powershell on an old OS) is the issue here.
Can you provide your script so we can see what you have going on.
-
@dustinb3403 said in Local powershell script to pull AdObject without installing RSAT:
@stess said in Local powershell script to pull AdObject without installing RSAT:
@dustinb3403 said in Local powershell script to pull AdObject without installing RSAT:
That information is simply readable, by anyone with RSAT.
Having RSAT installed, doesn't mean people would be able to change or reset passwords or anything else from there.
But in terms of powershell, with Windows 7 system you will be required to install RSAT.
Yes. But I cannot goes against my manager's decision (above my pay grade + I don't want headache from arguing with him)
Alternatively, I could export the data into powershell script itself. Instead of reading from CSV, it reads data from within itself. Not sure how this will goes or is it possible
Using powershell (old powershell on an old OS) is the issue here.
Can you provide your script so we can see what you have going on.
$csvPath = "\svfs\fileshares\IT\Tools\ipphone export-csv.csv"
$logonuser = whoami
$csv = Import-Csv -Path $csvPath
$xmlPath = "C:\ProgramData\NEC-i\PC Phone\Settings.xml"
$necXML = New-Object XML
[xml]$necXML = Get-Content $xmlPathforeach ($csvread in $csv) {
$csvusername = $csvread.username
$csvextension = $csvread.ipphone
if ($csvusername -eq $logonuser){
$necXML.CygSettings.UserName = "$csvextension"
$necXML.CygSettings.CtiExtension = "$csvextension"
$necXML.CygSettings.Password = "1234"
$necXML.CygSettings.ServerIP = "NEC"
$necXML.Save($xmlPath)
}
} -
You could try using the ADSI object... check out https://social.technet.microsoft.com/wiki/contents/articles/4231.working-with-active-directory-using-powershell-adsi-adapter.aspx
That doesn't require any AD / RSAT to be installed.
-
You can apparently deploy the DLL needed for the Ad module
I found a very Simple and elegant way to make the AD Powershell Module Portable.
you will need 3 simple things
1.) the ActiveDirectory Module Directory from a system that has it already installed.
Standard path on a 64bit windows 7
C:WindowsSystem32WindowsPowerShellv1.0Modules
2.) Global Assembly Cache Utility Available from the Windows SDK
gacutil.exe
3.) the Microsoft.ActiveDirectory.Management dll assemblyfound on a system that already has the RSAT and powershell enabled. Microsoft.ActiveDirectory.Management.dllNow in order to make this work you need to install the dll using the gacutil program. commandline is as follows.
GACUTIL.exe -I Microsoft.ActiveDirectory.Management.dll
Once installed you must copy the entire directory from item 1 to the powershell module location.
Once copied you can then use the import command to import it and start using the cmdlets. below is my batch file I wrote to automate this for deployment during SCCM.
