Goatee PFE

Blog of Microsoft Premier Field Engineer Ashley McGlone featuring PowerShell scripts for Active Directory.

Blogs

Step-by-Step: How to use Active Directory PowerShell cmdlets against 2003 domain controllers

  • Comments 12
  • Likes

Irish Soda Bread with Guinness Reduction Dip.  Doesn't that sound good?  It makes my mouth water just thinking about it.  Recently I used my frequent flier points to take the family to Disney, and the best food we ate all week was at the Raglan Road Irish Pub in Downtown Disney. We liked the bread and dip so much that our waitress, Wendy, explained that we could email the company for the recipe.  So we did!  Now this recipe had some ingredients that I wasn't familiar with, and when I made it at home it didn't quite match the experience back at the pub.  But who can complain when it has Guinness in it.

This is a lot like guidance from TechNet articles.  Sometimes they call for odd "ingredients" that you have to hunt and download, and then the result is not always what you expected.  Sometimes finding the right article on TechNet is like being down on your hands and knees crawling through grandma's yard looking for a four leaf clover.

This blog post is all about giving you the exact steps and removing the mystery from the process, so that you can use the Active Directory PowerShell cmdlets in your 2003 environment today.  It may look like a lot of steps, but you can get this done in less than an hour.  (This same process should work for 2008 (pre-R2) DCs as well, just read the ADMGS guide and hotfixes for the specifics.)

Recipe: AD PowerShell cmdlets on 2003 DCs


Ingredients:

  • 1 - 2003 DC (Use the fictitious domain name of your choice, like "RaglanRoad.Pub".)
  • 1 - Windows 7 client joined to the domain
  • 2.8MB - .NET 3.5.1
  • 220MB - RSAT for Windows 7
  • 1MB - ADMGS
  • 3 - Hotfixes
  • 1 - Leprechaun

Instructions:

  • Combine all of the download ingredients into an ISO file for easy access in your virtual lab. (HyperV, of course.  I used freeware ImgBurn to create the ISO.)
  • Follow the detailed instructions below. 

 

Step 1:  Gather the Ingredients

Go download all of these files and hotfixes first:  (Note that the hotfix downloads are a little tricky.  They require you to study the KB article to find a link, and then you have to do an email dance to get the files and a password.)

Read over the ADMGS install guide.

 

Step 2:  Build Your 2003 Forest

I did this in the lab first.  This is safer than going straight to production.  Labbing it gives you a chance to make mistakes in a safe environment.  The installs are all proven, but there is always room for a "user moment" in production.  Nothing in these steps should damage a production server, since we are only adding functionality.

  • Install 2003 SP2 in your lab.
  • Run DCPROMO and create a test AD forest. (RaglanRoad.Pub would be a spectacular domain name.)
  • Install .NET 3.5.1.
  • Install hotfix KB 969166.
  • Install hotfix KB 969429.  (Or KB967574 if you're running 2008 RTM or 2008 SP1.)
  • Install the appropriate version of ADMGS KB 968934.
  • Go to Services and observe that the Active Directory Web Service is now installed and started.

Note that we are not installing PowerShell on the 2003 server.  Even if we did we couldn't run the AD cmdlets from there, because they are only supported on Windows Server 2008 R2 or Windows 7.  You're welcome to install PowerShell 2.0 for other purposes.

 

Step 3:  Build Your Admin Workstation

  • Install Windows 7 in your lab. (2008 R2 Server will also work.)
  • Join it to the new 2003 AD domain.
  • Install the appropriate version of Windows 7 RSAT.
  • Add these Windows 7 RSAT features bolded below (Control Panel, Programs, Turn Windows features on or off):
    • Remote Server Administration Tools
    • - Role Administration Tools
    • - - AD DS and AD LDS Tools
    • - - - Active Directory Module for Windows PowerShell
    • - - - AD DS Tools
    • - - - - Active Directory Administrative Center
    • - - - - AD DS Snap-ins and Command-line Tools

 

Step 4:  Kick Up Your Heels

  • Go to the PowerShell Console on your Windows 7 workstation (Click Start, type "Power"; or find it under Accessories).
  • Type "Import-Module ActiveDirectory"
  • Gaze gleefully at the green zipper zipping across the screen.
  • Type "Get-ADForest".  (You may need to use the -server parameter if other 2003 DCs in your environment do not have ADMGS installed yet.)
  • Dance your favorite Irish jig.
  • As a side benefit you can now use the new Active Directory Administrative Center (ADAC) against the 2003 DC.  Give it a try.

 

You are now ready to leverage all of the PowerShell AD cmdlets against your 2003 envrionment.  You no longer have to be green with envy towards the fancy pants 2008 R2 DCs running PowerShell support.  Unleash the code!

Mmmm mmm.  Smell that?  PowerShell goodness straight from the oven!  Just save some of the Guiness dip for me.

To learn more about AD Web Services read the TechNet article here:
http://technet.microsoft.com/en-us/library/dd391908(WS.10).aspx

Can you help me?  Yes!

If you would like to have me or another Microsoft PFE visit your company and assist with the ideas presented in this blog post, then contact your Microsoft Premier Technical Account Manager (TAM) for booking information.

For more information about becoming a Microsoft Premier customer email PremSale@microsoft.com.  Tell them GoateePFE sent you.

Sharing Links
Comments
  • I followed your instructions to the letter however when I execute the install for ADMGS KB 968934, it fails stating I am missing a prerequisite. I've ran Windows update until there is nothing left to install and still get the same error.

  • Hi Tom,

    A couple questions to clarify:

    1.  Which OS and service pack level are you installing on?

    2.  What prerequisite does it specifically say you are missing?

    3.  Are you running the correct install for your OS and CPU (ie. 2003 32 bit, etc.)?

    Please reply.  Thanks,

    Ashley

  • sounds good but I'm trying to learn how to compute in this world. I'm illiterate about this business, & am trying to figure out this power shell stuff that just showed up on my computer. Old,slow fogey trying to adapt to a computer world. R.

  • Seems like a few folks are running into the "missing prerequisite" issue.  I know this sounds simple, but if you go through the steps in the exact order listed everything should work.  The order does matter.  Also, you can try following the steps outlined in the ADMGS Install Guide one at a time.  They are the same steps, but sometimes it helps to see them from a different angle.  Let me know if you're still having issues after trying this.

    Ashley

  • I ran into the "missing prerequisite" issue, and it was because I did not reboot after installing 969429 (even though that install does request it). After a reboot, ADWS then installed fine. For clarity, it may be worth adding this as a (required) step at that time.

    Otherwise, great article, simple and very helpful.

    Much appreciated.

  • j'ai bien aimer votre article mais ...

    ca ne marche pas :-(

  • Very helpful stuff..thanks

  • Very helpful stuff..thanks

  • Works like a charm.. Sir thank you so much.. greatly appreciate this article.. rarely we find clean ones like this.

  • Wow I had no idea this was possible on Server 2003! How many years have I been suffering with no AD powershell! A bit too late to only just discover it now but hey, maybe it will help with our Server 2003 migration!

    I was led here by this technet article from a colleague of yours http://blogs.technet.com/b/askds/archive/2011/04/12/you-probably-don-t-need-acctinfo2-dll.aspx but I was failing on the pre-req error (turns out it was the .Net rollup)

    Thanks
    @thommck

  • All I am still unable to use pwowershell command on my computer. I have gone through these steps, but AMGS does not get fully installed.. I just falshes so quick and fast that I don't see anything.

    Can someone please help me. I need to run the report quickly.

    thanks

  • I followed this post and sucessfully installed the but some commands can not work as expected. For example: Get-ADDefaultDomainPasswordPolicy: can not find an object with identity....

    So I can not query the max password age of the domain password policy. Anyone can help?

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment