Automate the installation of Active Directory tools with PowerShell

The remote administration features of Windows Server 2008 allow the core tools to be run on any server. IT pro Rick Vanover shows how to automate the process.

When Windows Server 2008 was released, one of my observations was that Microsoft brought Server Manager back. Server Manager for Windows Server 2008 is much different than the tool of the same name in Windows NT Server, but you can still do a lot of administrative work in the console.

In many domain environments, I like having the Active Directory tools available on my favorite administrative servers. It is easy to add the Active Directory tools through the Remote Administration feature of Server Manager, but you can automate this configuration with PowerShell on Windows Server 2008.

You cannot add features directly through something like Group Policy, but you can use a script that will add the tools you use most on an administrative server. In my Windows administration practice, this includes the DNS console, the Active Directory Users And Computers snap-in, and the other core Active Directory tools. This PowerShell script will add these features:

Import-Module Servermanager


Add-WindowsFeature RSAT-DNS-Server -restartAdd-WindowsFeature RSAT-ADDS-Tools -restart

Add-WindowsFeature RSAT-AD-AdminCenter -restart

Add-WindowsFeature RSAT-SNIS -restart
Note: These features require Windows to be restarted, so be advised that Windows may restart without prompting when passing the command to add these features in through PowerShell. Iterating this script in PowerShell (saved as a .PS1 file) will proceed as shown in Figure A. Figure A

Click the image to enlarge.

This script can be coupled on to a server build script or passed as a one-time iteration through Group Policy if you see the need for a number of servers to use the Active Directory tools.

By installing these tools on a dedicated administrative server, you'll be following a practice that many administrators use. Basically, one or more Windows Servers are dedicated for administrative tasks on a server class system, yet this system is not a server itself. Examples include being able to run this dedicated administration server centrally, such as a virtual machine, and leave it powered on at all times for things like scripts, process watchdogs, and management interfaces. Further, having all of the administrative tools centrally located on one or more dedicated administrative servers can help with firewall rules for certain administrative tasks if the need arises. This is due to a single IP address for the administrative tasks and tools in use.

Do you automate feature configuration such as this with PowerShell? How would you deploy this configuration to additional Windows Servers? Share your comments in the discussion.