I am trying to get approval for a script to be automated, which utilizes both the:
Get-ADGroupand the
Get-ADUsercommandlets (part of the ActiveDirectory module for PowerShell). However, in order to get approval, I need to find an alternative to having the entire Remote Server Administration Tools (RSAT) enabled on the server the script is going to be run on.
Enabling RSAT through Server Management:
Is there any way to just enable specific Server Roles in order to avoid having to enable all of the tools present in RSAT? For instance, through looking into this, on Microsoft's ActiveDirectory module page, they seem to imply that the ActiveDirectory module might only utilize the Active Directory Domain Services (ADDS) AND/OR the Active Directory Lightweight Directory Services (ADLDS) server roles. Does anyone know if this is the case?
ActiveDirectory Module Page:
Server Roles selection on Server Management:
2 Answers
The Powershell modules have nothing to do with the AD services roles. In fact you absolutely DO NOT want these unless your server is a domain controller.
I have tried to determine the minimum subset of RSAT required to get the Powershell commandlets to work and I found that I needed the entire RSAT package or else it wouldn't work.
For Windows 10 Build 1809 and later (and I presume also in Server 2019) RSAT itself has become a Feature-On-Demand in Windows. But again: It isn't clear exactly which of the 10 or so Features exactly provides which MMC modules or the Powershell commandlets.
Microsoft should really provide proper documentation for this, but they don't.
The only thing I can say for certain: It is guaranteed to work if you install RSAT as a whole. And I never was able to get it to work with only a subset of RSAT.
Since the server that I am trying to run this on is a 2012 R2, I found out that what you need to do to ONLY have the ActiveDirectory PowerShell module enabled is to do the following:
On your Windows 2012 R2 server:
- If this is not already the case, go to the "Remove Roles and Features" wizard on the Server Manager console and remove (uncheck) ALL of the "Remote Server Administration Tools" in the "Features" tab. Afterwards, restart the server.
Run the following PowerShell script on the server:
Install-WindowsFeature RSAT-AD-PowerShell
