This guide explains how to install the Active Directory (AD) module for PowerShell Core 6.0 and Windows PowerShell. For Windows PowerShell, the tutorial describes how to install the AD module for Windows 7, Windows 8, Windows 8.1, Windows 10, Windows Server 2008 R2, Windows Server 2012 R2, and Windows Server 2016.
- Author and member of the year 2019 – Why DevOps still doesn't rule the IT world - Wed, Jan 1 2020
- Results of the 4sysops member and author competition in 2018 - Tue, Jan 8 2019
- Why Microsoft is using Windows customers as guinea pigs - Reply to Tim Warner - Tue, Dec 18 2018
- Windows 7
- Windows Server 2008 R2
- Windows 8, Windows 8.1, Windows 10
- Windows Server 2012, Windows Server 2012 R2, Windows Server 2016
- Install the AD module on PowerShell Core 6.x on a Windows computer
- All versions: Import the ActiveDirectory module remotely
- PowerShell Core and Windows PowerShell modules
The installation of the AD module varies significantly for the different Windows and PowerShell versions. At the time of this writing, the AD module that comes with RAST does not work with PowerShell Core 6.0. However, this guide explains how you can manage Active Directory from PowerShell Core even on macOS and Linux.
Windows 7 ^
On a Windows 7 computer, you can follow this procedure to install the Active Directory module:
- Download the Remote Server Administration Tools (RSAT) for Windows 7.
- Open the Control Panel, start typing features, and then click Turn Windows features on or off.
- Scroll down to Remote Server Administration Tools and enable the Active Directory Module for Windows PowerShell in Remote Server Administration Tools > Role Administration Tools > AD DS and AD LDS Tools.
- Run Import-Module ActiveDirectory on a PowerShell console.
If the Windows 7 machine only has PowerShell 2.0 installed, you have to add the Import-Module ActiveDirectory command to your profile because PowerShell doesn't load modules automatically. For instance, you can import the module in %UserProfile%\My Documents\WindowsPowerShell\profile.ps1. Makes sure you've set your execution policy to either RemoteSigned or Unrestricted: Set-ExecutionPolicy RemoteSigned.
Another option is to open the module from the Administrative Tools folder in the Control Panel.
Windows Server 2008 R2 ^
If your Windows Server 2008 R2 machine is a domain controller, the PowerShell Active Directory Module is already installed. You only have to install the module on member servers. The procedure on Windows Server 2008 R2 is similar to that on Windows 7. (Note that the module is not available for Windows Server 2008.)
One difference is that you don't have to download RSAT because the tools are already available on Windows Server 2008 R2.
- In Server Manager, click Add features, and then:
- Select Active Directory module for Windows PowerShell in Remote Server Administration Tools > Role Administration Tools > AD DS and AD LDS Tools.
Alternatively, you can install the module from a PowerShell console:
Import-Module ServerManagerAdd-WindowsFeature RSAT-AD-PowerShell
After copying the module to your computer, you have to import it:
Or you can right-click the PowerShell icon on the taskbar and select Import system modules.
As on Windows 7, if you want to make the import permanent, you have to add the above import command to your PowerShell profile. Notice this description assumes you haven't updated PowerShell 2 on your Windows Server 2008 R2 machine (see the description about Windows 7).
Windows 8, Windows 8.1, Windows 10 ^
Things are a lot easier in Windows 8, Windows 8.1, and Windows 10. All you have to do is download and install RSAT (Windows 8, Windows 8.1, Windows 10). The installation enables all tools by default, and you also don't have to import the module. You can use the AD module right away after you install RSAT.
Windows Server 2012, Windows Server 2012 R2, Windows Server 2016 ^
As on Windows Server 2008 R2, the AD module is already installed on domain controllers on Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016. On member servers, you can add the module as a feature in Server Manager.
- Start Server Manager.
- Click Manage > Add Roles and Features.
- Click Next until you reach Features.
- Enable Active Directory module for Windows PowerShell in Remote Server Administration Tools > Role Administration Tools > AD DS and AD LDS Tools.
Alternatively, you can install the module from a PowerShell console:
There's no need to import the Server Manager module first, as on Windows Server 2008 R2. You also don't have to import the AD module after the installation.
If you want to verify the successful installation of the module, you can just run the Get-ADuser cmdlet.
Install the AD module on PowerShell Core 6.x on a Windows computer ^
- Install RSAT with the method matching to your operating system (see sections above).
- Install the WindowsCompatibility module.
1Install-Module -Name WindowsCompatibility
- Load the WindowsCompatibility module like usual with the Import-Module cmdlet
1Import-Module -Name WindowsCompatibility
- Load the ActiveDirectory module with the Import-WinModule cmdlet
1Import-WinModule -Name ActiveDirectory
All versions: Import the ActiveDirectory module remotely ^
Create an interactive remote session
The simplest option is to create an interactive remote session to your domain controller with the Enter-PSsession cmdlet:
You can then work right away with the AD cmdlets. This option is good if you only occasionally manage AD on a PowerShell console and if you don't have to execute local scripts.
Import the AD module from a remote session
The second option uses implicit remoting and allows you to run the AD cmdlets from a local session. However, you execute the AD cmdlets remotely on a domain controller. In practice, you won't notice much of difference in locally installed cmdlets. To import the AD module on PowerShell Core 6.0, execute these commands:
$S = New-PSSession -ComputerName MyDomainConroller
Import-Module -PSsession $S -Name ActiveDirectory
The first command creates a PowerShell session (PSsession) on the domain controller (replace MyDomainController with the name of your DC) and establishes a persistent connection. Next, we import the ActiveDirectory module from this remote PSsession into our local session.
You can now use all AD module cmdlets on your local PowerShell Core console. Just keep in mind the commands always execute remotely.
If you often work with AD, you can add the above commands to your profile, for instance in Documents\PowerShell\Profile.ps1.
Export the remote AD module to a local module
Alternatively, you can export the AD cmdlets from a remote session to a local module:
$S = New-PSSession -ComputerName MyDomainController
Export-PSsession -Session $S -Module ActiveDirectory -OutputModule RemoteAD
Remove-PSSession -Session $S
These commands will create a local module in your Documents folder under PowerShell\Modules\RemoteAD. However, like with the above solution, you will be working with implicit remoting, and all cmdlets will execute remotely. The local RemoteAD module only links to the cmdlets on the domain controller. If you want to use the RemoteAD module on other machines with PowerShell Core, simply copy the RemoteAD folder to the PowerShell Core module folder on the second machine.
The difference with the "import solution" is that in the "export solution," PowerShell only establishes a connection to the domain controller when you use an AD cmdlet the first time. You also don't have to add the above commands to your profile because PowerShell will load the local RemoteAD module automatically. However, the downside to this option is you might have to repeat the procedure after updating the AD module on the domain controller.
PowerShell Core and Windows PowerShell modules ^
Note that you can use Windows PowerShell together with PowerShell Core on the same machine and work with the different AD modules in both shells. If you installed RSAT, the AD module for Windows PowerShell will reside in this folder:
If you used the export solution, the RemoteAD module will be in this folder:
PowerShell Core does not import modules in WindowsPowerShell folders, and Windows PowerShell does not load PowerShell Core modules, which are always in PowerShell folders. Thus, you don't have to worry about conflicts between the different AD modules in PowerShell Core and Windows PowerShell.
Using the Active Directory module has become simpler with each PowerShell version up to Microsoft's release of PowerShell Core 6.0. However, working with implicit remoting and remote sessions has various advantages. One advantage is that you can use disconnected remote sessions. This allows you to start a script, shut down your client computer, and retrieve the results from the remote machine later. If you often work with remote sessions, you should become familiar with the different ways you can use PowerShell remote sessions. Once you get used to working with remoting, you probably won't miss the local AD module for PowerShell Core.