To totally unlock this section you need to Log-in
This guide explains how to install the Active Directory (AD) module for PowerShell Core 6.0 and Windows PowerShell. For Windows PowerShell, the document describes how to install the AD module for Windows 7, Windows 8, Windows 8.1, Windows 10, Windows Server 2008 R2, Windows Server 2012 R2, and Windows Server 2016.
The installation of the AD module varies significantly for the different Windows and PowerShell versions. At the time of this writing, the AD module that comes with RSAT does not work with PowerShell Core 6.0. However, this guide explains how you can manage Active Directory from PowerShell Core even on macOS and Linux.
On a Windows 7 computer, you can follow this procedure to install the Active Directory module:
- Download the Remote Server Administration Tools (RSAT) for Windows 7.
- Open the Control Panel, start typing features, and then click Turn Windows features on or off.
- Scroll down to Remote Server Administration Tools and enable the Active Directory Module for Windows PowerShell in Remote Server
- Administration Tools > Role Administration Tools > AD DS and AD LDS Tools.
- Run Import-Module ActiveDirectory on a PowerShell console.
If the Windows 7 machine only has PowerShell 2.0 installed, you have to add the Import-Module ActiveDirectory command to your profile because PowerShell doesn’t load modules automatically.
For instance, you can import the module in %UserProfile%\My Documents\WindowsPowerShell\profile.ps1. Makes sure you’ve set your execution policy to either RemoteSigned or Unrestricted by using the command Set-ExecutionPolicy RemoteSigned.
Another option is to open the module from the Administrative Tools folder in the Control Panel:
Windows Server 2008 R2
If your Windows Server 2008 R2 machine is a domain controller, the PowerShell Active Directory Module is already installed. You only have to install the module on member servers. The procedure on Windows Server 2008 R2 is similar to that on Windows 7.
The module is not available for Windows Server 2008.
One difference is that you don’t have to download RSAT because the tools are already available on Windows Server 2008 R2.
In Server Manager, click Add features, and then:
- Select Active Directory module for Windows PowerShell in Remote Server Administration Tools > Role Administration Tools > AD DS and AD LDS Tools.
- Alternatively, you can install the module from a PowerShell console:
|Import-Module ServerManagerAdd-WindowsFeature RSAT-AD-PowerShell|
After copying the module to your computer, you have to import it:
Or you can right-click the PowerShell icon on the taskbar and select Import system modules:
As on Windows 7, if you want to make the import permanent, you have to add the above import command to your PowerShell profile. Notice this description assumes you haven’t updated PowerShell 2.0 on your Windows Server 2008 R2 machine.
Windows 8, Windows 8.1, Windows 10
Things are a lot easier in Windows 8, Windows 8.1, and Windows 10.
All you have to do is download and install RSAT (Windows 8, Windows 8.1, Windows 10). The installation enables all tools by default, and you also don’t have to import the module. You can use the AD module right away after you install RSAT.
Windows Server 2012, Windows Server 2012 R2, Windows Server 2016
As on Windows Server 2008 R2, the AD module is already installed on domain controllers on Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016. On member servers, you can add the module as a feature in Server Manager.
- Start Server Manager.
- Click Manage > Add Roles and Features.
- Click Next until you reach Features.
- Enable Active Directory module for Windows PowerShell in Remote Server Administration Tools > Role Administration Tools > AD DS and AD LDS Tools.
Alternatively, you can install the module from a PowerShell console:
There’s no need to import the Server Manager module first, as on Windows Server 2008 R2. You also don’t have to import the AD module after the installation.
If you want to verify successful installation of the module, you can just run the Get-ADuser cmdlet and wait few seconds for the output.
Install the AD module on PowerShell Core 6.0
Currently, the AD module for Windows PowerShell does not work with PowerShell Core 6.0. If you try to import the module, you’ll receive this error message:
|import-module : Could not load type ‘System.Management.Automation.PSSnapIn’ from assembly ‘System.Management.Automation, Version=18.104.22.168, Culture=neutral, PublicKeyToken=31bf3856ad364e35’.|
The reason is that the module requires the .NET Framework, and PowerShell Core uses .NET Core, which is only subset of the .NET Framework.
It is unknown when Microsoft will deliver a version of the AD module that will work with PowerShell Core 6. However, you have three options to work with the AD module on PowerShell Core.
Create an interactive remote session
The simplest option is to create an interactive remote session to your domain controller with the Enter-PSsession cmdlet:
You can then work right away with the AD cmdlets. This option is good if you only occasionally manage AD on a PowerShell console and if you don’t have to execute local scripts.
Import the AD module from a remote session
The second option uses implicit remoting and allows you to run the AD cmdlets from a local session. However, you execute the AD cmdlets remotely on a domain controller. In practice, you won’t notice much of difference in locally installed cmdlets. To import the AD module on PowerShell Core 6.0, execute these commands:
$S = New-PSSession -ComputerName MyDomainConroller
Import-Module -PSsession $S -Name ActiveDirectory
The first command creates a PowerShell session (PSsession) on the domain controller (replace MyDomainController with the name of your DC) and establishes a persistent connection. Next, we import the ActiveDirectory module from this remote PSsession into our local session.
You can now use all AD module cmdlets on your local PowerShell Core console. Just keep in mind the commands always execute remotely.
If you often work with AD, you can add the above commands to your profile, for instance in Documents\PowerShell\Profile.ps1.
Export the remote AD module to a local module
Alternatively, you can export the AD cmdlets from a remote session to a local module:
$S = New-PSSession -ComputerName MyDomainController
Export-PSsession -Session $S -Module ActiveDirectory -OutputModule RemoteAD
Remove-PSSession -Session $S
These commands will create a local module in your Documents folder under PowerShell\Modules\RemoteAD. However, like with the above solution, you will be working with implicit remoting, and all cmdlets will execute remotely. The local RemoteAD module only links to the cmdlets on the domain controller.
If you want to use the RemoteAD module on other machines with PowerShell Core, simply copy the RemoteAD folder to the PowerShell Core module folder on the second machine.
The difference with the “import solution” is that in the “export solution“, PowerShell only establishes a connection to the domain controller when you use an AD cmdlet the first time.
You also don’t have to add the above commands to your profile because PowerShell will load the local RemoteAD module automatically. However, the downside to this option is you might have to repeat the procedure after updating the AD module on the domain controller.
PowerShell Core and Windows PowerShell modules
Note that you can use Windows PowerShell together with PowerShell Core on the same machine and work with the different AD modules in both shells. If you installed RSAT, the AD module for Windows PowerShell will reside in this folder:
If you used the export solution, the RemoteAD module will be in this folder:
PowerShell Core does not import modules in WindowsPowerShell folders, and Windows PowerShell does not load PowerShell Core modules, which are always in PowerShell folders. Thus, you don’t have to worry about conflicts between the different AD modules in PowerShell Core and Windows PowerShell.