This guide covers the installation and setup of adPEAS v2.

• Operating System: Windows 10/11, Windows Server 2016/2019/2022/2025
• PowerShell Version: 5.1 or higher (Windows PowerShell)
• .NET Framework: 4.5+ (included in Windows)

• TCP port 389 (LDAP) or 636 (LDAPS) to Domain Controller
• TCP port 88 (Kerberos) for Kerberos authentication
• TCP port 445 (SMB/CIFS) for SYSVOL/NETLOGON access (GPO analysis, credential scanning)
• TCP port 80 (HTTP) and 443 (HTTPS) to ADCS and Exchange
• TCP port 3268 (GC) or 3269 (GC over SSL) - optional, for cross-domain/forest SID resolution
• DNS resolution to target domain

adPEAS does not require:

• Active Directory PowerShell module
• RSAT (Remote Server Administration Tools)
• PowerView or other third-party modules
• Domain-joined system (works from non-domain-joined machines)

Download the latest version from the GitHub Releases page.

git clone https://github.com/61106960/adPEAS.git
cd adPEAS

# Download readable version
Invoke-WebRequest -Uri "https://raw.githubusercontent.com/61106960/adPEAS/main/adPEAS.ps1" -OutFile "adPEAS.ps1"

# Or download obfuscated version (smaller)
Invoke-WebRequest -Uri "https://raw.githubusercontent.com/61106960/adPEAS/main/adPEAS_obf.ps1" -OutFile "adPEAS_obf.ps1"

Choose the version that best fits your needs:

# Import the module
Import-Module .\adPEAS.ps1

# Verify it's loaded
Get-Command Invoke-adPEAS

If you encounter execution policy restrictions:

powershell -ExecutionPolicy Bypass
# Then inside the new session:
Import-Module .\adPEAS.ps1

Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser

Unblock-File -Path .\adPEAS.ps1

After loading adPEAS, verify that the main functions are available:

# List all adPEAS functions
Get-Command -Module adPEAS

# Or check specific functions
Get-Command Invoke-adPEAS
Get-Command Connect-adPEAS
Get-Command Get-DomainUser

Expected output should include functions like:

• Invoke-adPEAS - Main execution function
• Connect-adPEAS - Authentication function
• Get-DomainUser - User enumeration
• Get-DomainComputer - Computer enumeration
• Get-DomainGroup - Group enumeration
• And many more...

The main branch contains only source files (src/). Pre-built release files are attached to each GitHub Release. To build from the latest source yourself, use the included build script:

git clone https://github.com/61106960/adPEAS.git
cd adPEAS
.\Build-Release.ps1

This produces all four variants in the repository root:

Requires Windows PowerShell 5.1 and no additional dependencies.

adPEAS uses an RSA-SHA256 signature-based license system. A valid license replaces the default disclaimer in console output and HTML reports with a personalized message ("Licensed to {Licensee} - Valid until {ValidUntil}"). All features remain fully available regardless of license status.

The recommended approach is to embed the license during the build process. This produces standalone .ps1 files that already contain the license - no additional parameters needed at runtime.

.\Build-Release.ps1 -License .\license.json

The build output confirms the embedding:

[Build]   - Embedding license from: .\license.json
[Build]     Licensee: Acme GmbH
[Build]     Valid until: 2027-06-30

All four output variants (adPEAS.ps1, adPEAS_min.ps1, adPEAS_ultra.ps1, adPEAS_obf.ps1) will contain the embedded license.

If you are using a build without embedded license, you can provide the license file at runtime. There are two options:

Option 1: Two-step workflow (Connect + Invoke separately)

Connect-adPEAS -Domain "contoso.com" -UseWindowsAuth -License .\license.json
Invoke-adPEAS

Option 2: Single command

Invoke-adPEAS -Domain "contoso.com" -UseWindowsAuth -License .\license.json

Both options load the license from the specified file path and apply it to the current session.

When multiple license sources are available, the following priority applies:

A license file is a JSON file with three fields:

{
  "Licensee": "Company Name",
  "ValidUntil": "2027-06-30",
  "Signature": "Base64-encoded RSA-SHA256 signature"
}

License files are issued by the adPEAS author. The signature is verified against a public key embedded in the tool.

For complete licensing details, see the documents in the license/ directory:

In short: Internal security assessments of your own organization are free. Consultants, MSPs, and service providers using adPEAS in customer environments or paid engagements require a commercial license. All commercial licenses include e-mail support and updates for the duration of the license term.

To update to a newer version:

1. Close any PowerShell sessions using adPEAS
2. Replace the .ps1 file with the new version
3. Re-import the module

# Remove old module from memory
Remove-Module adPEAS -ErrorAction SilentlyContinue

# Import new version
Import-Module .\adPEAS.ps1

Symptom: Import-Module fails or functions are not available

Solutions:

1. Check PowerShell version: $PSVersionTable.PSVersion
2. Verify file integrity (not corrupted during download)
3. Try dot-sourcing: . .\adPEAS.ps1

Symptom: "cannot be loaded because running scripts is disabled"

Solution: Use one of the execution policy bypass methods above

Symptom: "cannot find path" error

Solution: Use full path or navigate to the correct directory

# Use full path
Import-Module C:\Tools\adPEAS.ps1

# Or navigate first
cd C:\Tools
Import-Module .\adPEAS.ps1

• Previous: Home
• Next: Quick-Start
• Back to Home