Automate the installation of Active Directory tools with PowerShell

Automate the installation of Active Directory tools with PowerShell

Summary: The remote administration features of Windows Server 2008 allow the core tools to be run on any server. IT pro Rick Vanover shows how to automate the process.

When Windows Server 2008 was released, one of my observations was that Microsoft brought Server Manager back. Server Manager for Windows Server 2008 is much different than the tool of the same name in Windows NT Server, but you can still do a lot of administrative work in the console.

In many domain environments, I like having the Active Directory tools available on my favorite administrative servers. It is easy to add the Active Directory tools through the Remote Administration feature of Server Manager, but you can automate this configuration with PowerShell on Windows Server 2008.

You cannot add features directly through something like Group Policy, but you can use a script that will add the tools you use most on an administrative server. In my Windows administration practice, this includes the DNS console, the Active Directory Users And Computers snap-in, and the other core Active Directory tools. This PowerShell script will add these features:

Import-Module Servermanager
Add-WindowsFeature RSAT-DNS-Server -restartAdd-WindowsFeature RSAT-ADDS-Tools -restart
Add-WindowsFeature RSAT-AD-AdminCenter -restart
Add-WindowsFeature RSAT-SNIS -restart

Note: These features require Windows to be restarted, so be advised that Windows may restart without prompting when passing the command to add these features in through PowerShell.

Iterating this script in PowerShell (saved as a .PS1 file) will proceed as shown in Figure A.

Figure A

Click the image to enlarge

This script can be coupled on to a server build script or passed as a one-time iteration through Group Policy if you see the need for a number of servers to use the Active Directory tools.


By installing these tools on a dedicated administrative server, you’ll be following a practice that many administrators use. Basically, one or more Windows Servers are dedicated for administrative tasks on a server class system, yet this system is not a server itself. Examples include being able to run this dedicated administration server centrally, such as a virtual machine, and leave it powered on at all times for things like scripts, process watchdogs, and management interfaces.

Furthermore, having all of the administrative tools centrally located on one or more dedicated administrative servers can help with firewall rules for certain administrative tasks if the need arises. This is due to a single IP address for the administrative tasks and tools in use.

Rick Vanover is an IT infrastructure manager for a financial services organization in Columbus, Ohio. He has years of IT experience and focuses on virtualization, Windows-based server administration and system hardware.


Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s