The DSInternals PowerShell Module has been released

February 28, 2015 | Michael Grafnetter

I have decided to publish the DSInternals PowerShell Module, which contains a few cmdlets I use during my lectures about Active Directory security. You can find it in the Downloads section. It currently lacks any documentation, so Get-Help won’t give you nice results, but I am working on that.


Error reporting

If you find an error in the DSInternals Powershell Module, I would be glad if you sent me an e-mail.

Planned features

I am currently working on these new features, but it will take me some time until they are production-ready:

  • Offline modification of the ntds.dit file, including the sIDHistory and primaryGroupID attributes. Done
  • Attribute-level authoritative restore of AD objects
  • Remote export of account password hashes using the MS-DRSR protocol. Done
  • Fully functional Get-Help
  • MSI installer. Deprecated in favor of PowerShellGet.

Tags: , ,

4 comments on “The DSInternals PowerShell Module has been released

  1. What permissions are necsesary to execute this. So far, I can run this as the domain administrator, but not a normal domain user, even for it’s own account.

    • Michael Grafnetter says:

      You would need at least the Reset Password right on that particular account, which only Domain Admins + Account Operators have by default. I am not sure if anything else is required.

  2. Tuyen Nguyen says:

    What permissions should be set to allow a user to run this? I don’t want to have to use a Domain Administrator privilege account to set this. I tried adding the user to Account Operators group but it did not work. Do you know what permissions should be delegated for it to work? Thank you.

Leave a Reply

Your email address will not be published.