Microsoft signed DLL for the ActiveDirectory PowerShell module
Just a backup for the Microsoft’s ActiveDirectory PowerShell module from Server 2016 with RSAT and module installed. The DLL is usually found at this path: C:WindowsMicrosoft.NETassemblyGAC_64Microsoft.ActiveDirectory.Management
and the rest of the module files at this path: C:WindowsSystem32WindowsPowerShellv1.0ModulesActiveDirectory
Usage
You can copy this DLL to your machine and use it to enumerate Active Directory without installing RSAT and without having administrative privileges.
PS C:> Import-Module C:ADModuleMicrosoft.ActiveDirectory.Management.dll -Verbose
To be able to list all the cmdlets in the module, import the module as well. Remember to import the DLL first.
PS C:> Import-Module C:ADModuleMicrosoft.ActiveDirectory.Management.dll -Verbose
PS C:> Import-Module C:ADToolsADModuleActiveDirectoryActiveDirectory.psd1
PS C:> Get-Command -Module ActiveDirectory
Benefits
There are many benefits like very low chances of detection by AV, very wide coverage by cmdlets (I leave the usage of cmdlets for a later post :P), good filters for cmdlets, signed by Microsoft etc. The most useful one, however, is that this module works flawlessly from PowerShell’s Constrained Language Mode
Blog
https://www.labofapenetrationtester.com/2018/10/domain-enumeration-from-PowerShell-CLM.html
Add Comment