Is there a way to point PowerShell to ARS instead of AD.

like...Add-QADGroupMember?

NAME
Add-QADGroupMember

SYNOPSIS
Add one or more objects to a group in Active Directory. Supported are both Active Directory Domain Services (AD DS) and Active Directory Lightweight
Directory Services (AD LDS).

SYNTAX
Add-QADGroupMember [-Identity] <IdentityParameter> [-Member] <IdentityParameter[]> [-Connection <ArsConnection>] [-ConnectionAccount <string>]
[-ConnectionPassword <SecureString>] [-Control <hashtable>] [-Credential <PSCredential>] [-Proxy] [-Service <string>] [-UseGlobalCatalog] [-Confirm]
[-WhatIf] [<CommonParameters>]

not to AD native group. I need to add an object to ARS group. Powershell needs to connect ARS server and write it to ARS DB

OK - that's exactly what my command line will do.  If you run it, you will even get back a message from Active Roles saying that the action is subject to approval.

HOWEVER, the above is only true IF the person executing the script is delegated "regular user" access within Active Roles and is NOT an Active Roles Admin.

any idea how to let user add group member using powershell without having ARS consol installed? It doesn't work even if it's installed. 

Add-QADGroupMember works if I run it on the ARS server itself.

Many thanks

Yes - you can install the Powershell module by itself on a user PC.

You also need to install the "ADSI Provider".

thanks, and how can I point a user PC to ARS server?

That -proxy switch I told you about tells the command to go looking for an ARS server.

The running ARS server name is published in Active Directory's System container so the cmdlet will find it there and then try to connect to that server.

thank you, let me test it today, and I'll let you know

that;s what I'm getting:

Add-QADGroupMember :
The remote endpoint does not exist or could not be located.

So you installed both the ADSI Provider and the Powershell module?

Can you please share the actual command line that yielded the above error.

yes, I installed both the ADSI and Powershell to the user PC

Add-QADGroupMember -proxy -Identity SCE-Folder-RW -Member alextest

Add-QADGroupMember :
The remote endpoint does not exist or could not be located.
At line:1 char:2
+ Add-QADGroupMember -proxy -Identity SCE-Folder-RW -Member alextest
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Add-QADGroupMember], COMException
+ FullyQualifiedErrorId : System.Runtime.InteropServices.COMException,ActiveRoles.ManagementShell.Commands.AddGroupMemberCmdlet2

yes, I installed both the ADSI and Powershell to the user PC

Add-QADGroupMember -proxy -Identity SCE-Folder-RW -Member alextest

Add-QADGroupMember :
The remote endpoint does not exist or could not be located.
At line:1 char:2
+ Add-QADGroupMember -proxy -Identity SCE-Folder-RW -Member alextest
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Add-QADGroupMember], COMException
+ FullyQualifiedErrorId : System.Runtime.InteropServices.COMException,ActiveRoles.ManagementShell.Commands.AddGroupMemberCmdlet2

Your group name has dashes in it and therefore must be enclosed in single quotes:

Add-QADGroupMember -proxy -Identity 'SCE-Folder-RW' -Member alextest

it helped, thanks!!