Put the AD Module in the PowerShell plugin?

If you could somehow include this into the powershell plugin I would sing your praises for lifetimes…

The problem is installing the AD Module in PowerShell these days is just a crap show… correct me anyone if that’s not correct…

I don’t believe this is possible. It’s backed with a DLL and we’re using PowerShell core on Linux/OSX…Thus I think it’s incompatible.

We’ll look further into it, but I’m not optimistic.

What you should do, if you want this kind of functionality, host your PS scripts on one of your windows servers/machines and use the PowerShell plugin to kick them off.

1 Like

PS C:> iex (new-Object Net.WebClient).DownloadString(‘https://raw.githubusercontent.com/samratashok/ADModule/master/Import-ActiveDirectory.ps1’);Import-ActiveDirectory

could try this. I think this guy is legit, I just want to read through what Im importing first…

From the InsightConnect workflow, we run our Powershell AD Module code remotely on a separate Windows Server. However, this is by definition “Remote Code Execution” and our EDR protection platform doesn’t like that. I can see the benefit of this being ported over, but there may be other security trade-offs that would need to be carefully checked. Risk vs Reward

1 Like

I use CredSSP to a Windows box with the PowerShell plugin that has restrictions to only allow connections from my orchestrator. this allows be to also make calls that use Windows Integrated Authentication. We have our EDR on this box and it doesn’t trigger any detections.

I went and installed the AD Module on a 2016 Server then embedded the binary data of the single dll in a PowerShell script. I want to try testing it today to see what happens…