PowerShell AD Module on Any Domain Host as Any User
Borrow a DLL
Normally, one must install RSAT (Remote Server Administration Tools) on a host to make remote calls to Active Directory from a client computer. And, one must normally be an administrative user to import the PowerShell Active Directory module.
The trick here is borrowing the Microsoft.ActiveDirectory.Management.dll
from a domain-joined host with RSAT installed.
Getting the DLL
The quickest and safest way to acquire the DLL would be to setup a Windows 10 or Windows 11 VM, and copy the DLL after installing RSAT.
Get-WindowsCapability -Name RSAT*ActiveDirectory* -Online | Add-WindowsCapability -Online
Path :
Online : True
RestartNeeded : False
I have seen it mentioned that the directory is found in C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.ActiveDirectory.Management
, however when I installed RSAT on my Windows 11 VM, it was in a different directory.
Finding the DLL
gci -Path 'C:\Windows' -Recurse -Filter 'Microsoft.ActiveDirectory.Management.dll' -EA SilentlyContinue | ? {$_.FullName -like '*GAC_64*' -or $_.FullName -like '*amd64*'} | select -Expand FullName
Import to PowerShell
Import-Module 'C:\Path\to\file.dll'
Using the Module
Check Available Commands
Get-Command -Module Microsoft.ActiveDirectory.Management