Put the AD Module in the PowerShell plugin?

If you could somehow include this into the powershell plugin I would sing your praises for lifetimes…

The problem is installing the AD Module in PowerShell these days is just a crap show… correct me anyone if that’s not correct…

I don’t believe this is possible. It’s backed with a DLL and we’re using PowerShell core on Linux/OSX…Thus I think it’s incompatible.

We’ll look further into it, but I’m not optimistic.

What you should do, if you want this kind of functionality, host your PS scripts on one of your windows servers/machines and use the PowerShell plugin to kick them off.

1 Like

PS C:> iex (new-Object Net.WebClient).DownloadString(‘https://raw.githubusercontent.com/samratashok/ADModule/master/Import-ActiveDirectory.ps1’);Import-ActiveDirectory

could try this. I think this guy is legit, I just want to read through what Im importing first…

From the InsightConnect workflow, we run our Powershell AD Module code remotely on a separate Windows Server. However, this is by definition “Remote Code Execution” and our EDR protection platform doesn’t like that. I can see the benefit of this being ported over, but there may be other security trade-offs that would need to be carefully checked. Risk vs Reward

1 Like

I use CredSSP to a Windows box with the PowerShell plugin that has restrictions to only allow connections from my orchestrator. this allows be to also make calls that use Windows Integrated Authentication. We have our EDR on this box and it doesn’t trigger any detections.

1 Like

I went and installed the AD Module on a 2016 Server then embedded the binary data of the single dll in a PowerShell script. I want to try testing it today to see what happens…

I am trying to do this same thing but can’t seem to get it to work, can you give me an example of the command you are using inside the powershell plugin with CredSSP?

you need to suppress the progress bars using
$ProgressPreference = 'SilentlyContinue'
Other than that I just load the module and run the commands

little off topic but slighty related. I’m having issue loading the module “ExchangeOnlineManagement”. I can see that the module was installed by using “get-installedmodule”. However when I try to import it. I see this error: “odule ‘ExchangeOnlineManagement’ was not loaded because no valid module file was found in any module directory.” I used the command “Import-Module ExchangeOnlineManagement” . I also tried “Import-Module -Name ExchangeOnlineManagement” . Both failed.

PowerShell is version 7 core running on CentOS, so not all modules will load.
I have never gotten the RSAT tools to load and wouldn’t expect the exchange one either.