Manage a Windows 2003 Active Directory Domain with PowerShell?

windows active-directory powershell windows-server-2008-r2 windows-server-2003

Can you manage a Windows 2003 functional level domain with the Active Directory PowerShell modules?

The modules were introduced with Server 2008 R2, so they don't work on Server 2003, but I have read about doing this with the AD management gateway service. I'm not clear if this would work if I just have Windows 2003 domain controllers and no Windows 2008 R2 domain controllers.

Does anyone out there know for sure?


Solution 1:

Aha!

Yes, you can manage a 2003 FL domain with the AD PowerShell Modules. (I do it myself... well, 2k3 R2... and check this [old] thread at PowerShell Community.)

However, the modules themselves are intended to be installed on Server 2k8 or Win7, and though I've seen reference to hacks to install it on XP or 2k3, that seems pretty foolish to me. Get a Win7 workstation and you can manage your 2k3 domain from it with the AD PowerShell Module you mention.

Also, as from that PS Community thread, you will require ADWS, which is available for Server 2003, and your DCs may also require some patches and updates to the .NET 3.5 framework. Two years later, I'd hope that's already the case in your environment, but you never know.

EDIT: And here's a technet blog about how to set it up, the important bits of which are posted below in case the link goes dead or whatever.

Required tools/patches:

  1. Remote Server Administration Tools (RSAT) for Windows 7
  2. Active Directory Management Gateway Service (ADMGS) (Active Directory Web Service for Windows Server 2003 and Windows Server 2008) and Install Guide
  3. Microsoft .NET Framework 3.5 Service Pack 1
  4. KB969166 - A hotfix rollup package for Active Directory Web Service is available for the .NET Framework 3.5 SP1
  5. KB969429 - Windows 7 clients cannot locate the Active Directory Management Gateway service that is installed on Windows Server 2003-based domain controllers
  6. KB967574 - Windows 7 clients cannot locate the Active Directory Management Gateway Service installed on Windows Server 2008-based domain controllers

[And as usual, you only want to install the hotfixes if you need them, and you have to hunt through the KB article and then go through the email-us-to-get-a-download-link junk to actually download them.]

Installation/Setup:

On your 2003 DC:

  1. Install .NET 3.5.1 (SP1 for .NET 3.5)
  2. Install hotfix KB 969166
  3. Install hotfix KB 969429
  4. Install the appropriate version of ADMGS KB 968934
  5. Go to Services and observe/ensure that the Active Directory Web Service is now installed and started.

On your Windows 7 workstation:

  1. Install Windows 7 RSAT.

  2. Add the Windows 7 RSAT features bolded below (Control Panel, Programs, Turn Windows features on or off):

    Remote Server Administration Tools

    • Role Administration Tools
      • AD DS and AD LDS Tools
        • Active Directory Module for Windows PowerShell
        • AD DS Tools
          • Active Directory Administrative Center
          • AD DS Snap-ins and Command-line Tools

Fire up PowerShell and punch in Import-Module ActiveDirectory. Sure beats VB or ADSI Edit, huh?

Related

Cannot administer services on remote Windows machine due to security issue
How can I prevent the locally administered bit being set on network bridge MAC addresses in Windows?
Is there a way for BIND 9 to automatically dump it's cache to a file before terminating and reloading it upon starting
WPA2 Enterprise without a Client-End Certificate
DNS Server Behind NAT
decommissioning WINS
CentOS iscsi initiator has session but there is no block device
Can't reload supervisor with supervisorctl 'reload' command
How to install Ubuntu Server 12.04 in a Virtualbox VM with UEFI boot enabled [closed]
How are the hashes in /etc/shadow generated?
How do I poll the ARP table with an SNMP OID?
Network bandwidth usage per process Windows Server 2003