question

net1994-7989 avatar image
0 Votes"
net1994-7989 asked KelvinKleinfall-8979 edited

Issues running on-prem AD Powershell module from an Azure AD joined device.

Hello All - We have a Pc that is Azure AD joined (via Autopilot). It is on a regular internet connection. When running the AD powershell module (as an admin) as soon as I open the module it gives me an error: Error initializing default drive: 'Unable to find a default server with Active Directory Web Services running.' Basically the PC can't find/contact a domain controller. Odd as I can use ADUC console just fine connected to my domain.

This must be an Azure AD device issue as our on-prem domain joined PCs can run these commands fine. VPN has been ruled out as the possible cause. Any thoughts on what the issue could be?

azure-active-directorywindows-server-powershellwindows-active-directoryazure-ad-device-management
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Removing the Intune tag as this has nothing to do with Intune.

0 Votes 0 ·
NickHogarth-MVP avatar image
1 Vote"
NickHogarth-MVP answered KelvinKleinfall-8979 edited

So you are connected to the VPN when you try? Which account are you logged into the Azure AD Joined device with, is it an account that has been synced from on-prem AD to Azure AD by Azure AD Connect? And are you logged in using a password or Windows Hello for Business?

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hello Nick - The account I'm using on my AAD laptop is my domain admin account synced from our on-prem AD. I use this account when I launch the AD powershell module. I am connected via VPN and I can use the ADUC and Group Policy consoles connected to our domain.

0 Votes 0 ·

Ran into the same problem, but found the following solution:

Run Powershell as Administrator
Run the following command:

runas /user username@domain.com /netonly powershell.exe

Enter your password, and it should open a new powershell window
Run these commands in the new window:

Import-Module ActiveDirectory

New-PSDrive -Name AD -PSProvider ActiveDirectory -Server "servername.domain.com" -Scope Global -root "//RootDSE/"

Set-Location AD:

DIR

You should now see the list of your Active Directory folders if it worked.



















0 Votes 0 ·
Jason-MSFT avatar image
0 Votes"
Jason-MSFT answered

My guess here is that this is a limitation in PowerShell remoting as using PowerShell doesn't connect or operate the same as using the GUI tools.

Have you tried launching PowerShell using runas and the netonly switch and then trying to connect (I don't know if that'll help of not, but the results may yield more information to go off of)?

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

net1994-7989 avatar image
0 Votes"
net1994-7989 answered

One of our AD admins (not me) told me the reason for the error was that our internal domain DCs don't have AD Web Services running for a variety of good reasons. At this time, it's not an issue for all users, just an inconvenience for me. I didn't mention the person with the issue was me on my own new work laptop that was Azure AD joined via AutoPilot. There may be a workaround without AD Web Services running, perhaps? The powershell script I had to run was a one-off and not regularly used. I still have many options (use an older domain joined PC via VPN or RDP or a citrix session). We'll have to still figure out this long term for other IT folks. I am literally the first person in IT that has had this issue.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.