Try to import module ActiveDirectory on a linux powershell

In my webpage I wanted to change the password of some accounts. So I got a script powershell. In this one I need to import the module Active-Directory to change the password of accounts. My server is on CentOS, so I install powershell on it. But when I do : Import-Module ActiveDirectory, the console return 'Import-Module: The specified module 'ActiveDirectory' was not loaded because no valid module file was found in any module directory.' Thanks

1 answer

  • answered 2021-04-21 16:19 Cpt.Whale

    The short answer is... you can't. The centos platform version of .net does not support the [System.DirectoryServices] types/classes yet, and I doubt they'll be migrated over soon. Powershell's ActiveDirectory module requires those to run, so this cannot currently be done in Powershell:

    [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()
    MethodInvocationException: Exception calling "GetCurrentDomain" with "0" argument(s): "System.DirectoryServices is not supported on this platform."
    

    An alternative is using ldap commands from centos packages. Here's some examples:

    # Change a password that you already know - works with almost any configuration
    # You can provide the password from a file or as a parameter. By default it will prompt.
    # part of package samba-common-tools
    
    smbpasswd -U MyUsername -r ad.domain.tld
      Old SMB password:
      New SMB password:
      Retype new SMB password:
    

    Changing a password for an AD user when you don't know the current one is more complicated and requires a much more specific configuration on your machine, but can be done with just passwd if:

    • your centos machine is joined to the domain correctly
    • you are using an admin account with write permission to AD
    • You have sssd configured with chpass_provider=ad in \etc\sssd\sssd.conf
    passwd DOMAIN\\SomeUsername
    

    Otherwise, the best option on linux is through python's ldap module. I'm not as familiar with it, so I'm only linking working example code from a similar question: Modifying Active Directory Passwords via ldapmodify