Local powershell script to pull AdObject without installing RSAT
-
Check out @dafyre 's link
This might be another option too
https://gallery.technet.microsoft.com/scriptcenter/Using-SystemDirectoryServic-0adf7ef5 -
@dustinb3403 said in Local powershell script to pull AdObject without installing RSAT:
Is your manager concerned that if people see a new item in the start menu that they'll go poking around?
More or less..yes.
-
I also would be reluctant to install RSAT, it just seems like a lot of extra baggage for the task at hand
-
@stess said in Local powershell script to pull AdObject without installing RSAT:
@dustinb3403 said in Local powershell script to pull AdObject without installing RSAT:
Is your manager concerned that if people see a new item in the start menu that they'll go poking around?
More or less..yes.
Based on what I'm seeing though you cannot get the ad modules you need though, without installing RSAT... which seems insane to me.
-
But you may be able to do this.
Import-Module ServerManager Add-WindowsFeature RSAT-AD-PowerShellWhich I believe is without the start menu items.
Anyone have a windows 7 system to test with?
-
Yeah no... even that won't work.
You must install RSAT for windows 7, and then you can disable the features from appwiz.cpl once it's installed.
No two ways about it.
-
@stess tell your manager to understand the technical limitations of an old ass operating system. And without either making changes to what is installed on the system or replacing the system entirely that this isn't possible.
-
@dustinb3403 said in Local powershell script to pull AdObject without installing RSAT:
@stess tell your manager to understand the technical limitations of an old ass operating system. And without either making changes to what is installed on the system or replacing the system entirely that this isn't possible.
There's nothing saying the same limitation doesn't exist for Windows 10. You're trying to use a feature of the AD module, the official way to get the module is via RSAT.
I already shows you how to extract the module and install it manually on a machine if you want to skip the whole RSAT install.
-
So... after checking out Dafyre's ADSI suggestion... ADSI managed to pull the properties attribute.
I still need to decipher what these codes mean. But thought I should share.Here's the script I found:
$searcher = [adsisearcher]'(&(objectCategory=User)(objectclass=person))'
$searcher.SearchRoot = [adsi]'LDAP://OU=Users,OU=Production,DC=Domain,DC=Local'
$searcher.SearchScope = 'OneLevel'
$searcher.FindAll() |
ForEach-Object{
[pscustomobject]@{
Name =$.properties['name'][0]
EmployeeID = $.properties['ipphone'][0]
}
}@dustinb3403 said in Local powershell script to pull AdObject without installing RSAT:
@stess tell your manager to understand the technical limitations of an old ass operating system. And without either making changes to what is installed on the system or replacing the system entirely that this isn't possible.
I agree. But I also understand it's no my ass that's on the line when IT screwed up... it's his ass. So, I don't feel like going against him much. I want him to run the department to his heart content. If anything happens my hands are clean. At least this is what I have in my mind.
-
@stess said in Local powershell script to pull AdObject without installing RSAT:
I agree. But I also understand it's no my ass that's on the line when IT screwed up... it's his ass. So, I don't feel like going against him much. I want him to run the department to his heart content. If anything happens my hands are clean. At least this is what I have in my mind.
Shit always rolls down hill.
-
@dustinb3403 said in Local powershell script to pull AdObject without installing RSAT:
@stess said in Local powershell script to pull AdObject without installing RSAT:
I agree. But I also understand it's no my ass that's on the line when IT screwed up... it's his ass. So, I don't feel like going against him much. I want him to run the department to his heart content. If anything happens my hands are clean. At least this is what I have in my mind.
Shit always rolls down hill.
LOL!! That's very true. I guess at least my conscience is clean.
-
@stess said in Local powershell script to pull AdObject without installing RSAT:
So... after checking out Dafyre's ADSI suggestion... ADSI managed to pull the properties attribute.
I still need to decipher what these codes mean. But thought I should share.Here's the script I found:
$searcher = [adsisearcher]'(&(objectCategory=User)(objectclass=person))'
$searcher.SearchRoot = [adsi]'LDAP://OU=Users,OU=Production,DC=Domain,DC=Local'
$searcher.SearchScope = 'OneLevel'
$searcher.FindAll() |
ForEach-Object{
[pscustomobject]@{
Name =$.properties['name'][0]
EmployeeID = $.properties['ipphone'][0]
}
}@dustinb3403 said in Local powershell script to pull AdObject without installing RSAT:
@stess tell your manager to understand the technical limitations of an old ass operating system. And without either making changes to what is installed on the system or replacing the system entirely that this isn't possible.
I agree. But I also understand it's no my ass that's on the line when IT screwed up... it's his ass. So, I don't feel like going against him much. I want him to run the department to his heart content. If anything happens my hands are clean. At least this is what I have in my mind.
sure, this totally makes sense. But you can't give him something that isn't possible by the same token...
-
@dashrender said in Local powershell script to pull AdObject without installing RSAT:
@stess said in Local powershell script to pull AdObject without installing RSAT:
So... after checking out Dafyre's ADSI suggestion... ADSI managed to pull the properties attribute.
I still need to decipher what these codes mean. But thought I should share.Here's the script I found:
$searcher = [adsisearcher]'(&(objectCategory=User)(objectclass=person))'
$searcher.SearchRoot = [adsi]'LDAP://OU=Users,OU=Production,DC=Domain,DC=Local'
$searcher.SearchScope = 'OneLevel'
$searcher.FindAll() |
ForEach-Object{
[pscustomobject]@{
Name =$.properties['name'][0]
EmployeeID = $.properties['ipphone'][0]
}
}@dustinb3403 said in Local powershell script to pull AdObject without installing RSAT:
@stess tell your manager to understand the technical limitations of an old ass operating system. And without either making changes to what is installed on the system or replacing the system entirely that this isn't possible.
I agree. But I also understand it's no my ass that's on the line when IT screwed up... it's his ass. So, I don't feel like going against him much. I want him to run the department to his heart content. If anything happens my hands are clean. At least this is what I have in my mind.
sure, this totally makes sense. But you can't give him something that isn't possible by the same token...
Same token?
-
@stess My users wouldn't notice if half their menu changed
-
You could try using psexec to call powershell to do this. .
Just a thought
-
@stess said in Local powershell script to pull AdObject without installing RSAT:
@dashrender said in Local powershell script to pull AdObject without installing RSAT:
@stess said in Local powershell script to pull AdObject without installing RSAT:
So... after checking out Dafyre's ADSI suggestion... ADSI managed to pull the properties attribute.
I still need to decipher what these codes mean. But thought I should share.Here's the script I found:
$searcher = [adsisearcher]'(&(objectCategory=User)(objectclass=person))'
$searcher.SearchRoot = [adsi]'LDAP://OU=Users,OU=Production,DC=Domain,DC=Local'
$searcher.SearchScope = 'OneLevel'
$searcher.FindAll() |
ForEach-Object{
[pscustomobject]@{
Name =$.properties['name'][0]
EmployeeID = $.properties['ipphone'][0]
}
}@dustinb3403 said in Local powershell script to pull AdObject without installing RSAT:
@stess tell your manager to understand the technical limitations of an old ass operating system. And without either making changes to what is installed on the system or replacing the system entirely that this isn't possible.
I agree. But I also understand it's no my ass that's on the line when IT screwed up... it's his ass. So, I don't feel like going against him much. I want him to run the department to his heart content. If anything happens my hands are clean. At least this is what I have in my mind.
sure, this totally makes sense. But you can't give him something that isn't possible by the same token...
Same token?
It's an American euphemism - a token has two sides - one side is you doing what he says, so he takes all blame, other side of token is that what he wants might be impossible, so you can't give him what he wants.
-
@dustinb3403 said in Local powershell script to pull AdObject without installing RSAT:
You could try using psexec to call powershell to do this. .
Just a thought
where would you be calling it to? Wherever you call - you have to have the correct permissions, and the AD commandlets have to be there.
