The secret to being able to run AD enumeration commands from the AD Powershell module on a system without RSAT installed, is the DLL located in C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.ActiveDirectory.Management on a system that has the RSAT installed. This means that we can just grab the DLL from a system with RSAT and drop it on a system we want to enumerate from that does not have RSAT installed. No need to install RSAT.

This repository contains a Microsoft signed DLL for the ActiveDirectory PowerShell module. Basically just a backup from a Microsoft Windows Server 2019 with RSAT from the following locations:

• C:\Windows\System32\WindowsPowerShell\v1.0\Modules\ActiveDirectory
• C:\Windows\WinSxS\*\Microsoft.ActiveDirectory.Management.dll
• C:\Windows\WinSxS\*\Microsoft.ActiveDirectory.Management.resources.dll

# clone the repository
git clone https://github.com/l4rm4nd/ADModule

# change directory
cd ADModule

# import dlls and modules
Import-Module .\Microsoft.ActiveDirectory.Management.dll -verbose
Import-Module .\ActiveDirectory.psd1 -Verbose

# list imported ad modules
Get-Command -Module ActiveDirectory

# verify that rsat works
Get-ADDomain