Mark Minasi's Reader Forum
Mark Minasi's Reader Forum
Home | Profile | Register | Active Topics | Active Polls | Members | Search | FAQ | Minasi Forum RSS Feed
 All Forums
 HALP! Questions on Windows and Windows Server
 PowerShell
 invoke-command

Note: You must be registered in order to post a reply.
To register, click here. Registration is FREE!

Screensize:
UserName:
Password:
Format Mode:
Format: BoldItalicizedUnderlineStrikethrough Align LeftCenteredAlign Right Horizontal Rule Insert HyperlinkInsert EmailInsert Image Insert CodeInsert QuoteInsert List
   
Message:

* HTML is OFF
* Forum Code is ON
Smilies
Smile [:)] Big Smile [:D] Cool [8D] Blush [:I]
Tongue [:P] Evil [):] Wink [;)] Clown [:o)]
Black Eye [B)] Eight Ball [8] Frown [:(] Shy [8)]
Shocked [:0] Angry [:(!] Dead [xx(] Sleepy [|)]
Kisses [:X] Approve [^] Disapprove [V] Question [?]

 
Note: please do not cross-post.
Cross-postings will be deleted and ignored.
Thanks for helping to keep this forum junk-free!
 Check here to subscribe to this topic.
   

T O P I C    R E V I E W
Nodgiles Posted - 08/07/2012 : 5:22:54 PM
I have a script that I created for managers in my company to extend or disable temporary user accounts. Since the managers do not have this level of access I'm using an invoke-command -computername PDC01 -credential $cred -ScriptBlock command.

Getting this to work has been a real pain. I kept getting errors connecting to the domain controller to run the commands. I found that my errors were due to UAC being enabled on the DC and winrm not being configured. The Domain admins did not want to disable UAC or run winrm /quickconfig on the DC so I created a new 2008r2 server to run my scripts against. I was able to resolve most of the errors until I got to one stating that active directory web services wasn't running.

As far as I can see the only way I can get AD web services running is to promote the server to a domain controller. Is this right? If I promote this server to an RODC I'll lose some task scheduling functions I wrote in my script. Is there a way I can configure Web Services on my machine for PowerShell without promoting it to a DC?
7   L A T E S T    R E P L I E S    (Newest First)
Nodgiles Posted - 08/09/2012 : 5:50:04 PM
quote:
Originally posted by Jazzy

To answer your initial question first: no, you need to dcprimo the server to allow ADWS to run. Maybe you can look at the Active Directory Management Gateway Service (http://www.microsoft.com/en-us/download/details.aspx?id=2852) designed for environments without Server 2008 R2 domain controllers.

Looks like thats a no go as well.

"you can install Active Directory Management Gateway Service only if you promote your server to domain controller by running Dcpromo.exe or if you create an AD LDS instance (or ADAM instance) on this server."
Nodgiles Posted - 08/09/2012 : 11:29:39 AM
quote:
Originally posted by Xenophane

Can you post the script, so we can see what is happening ?


Some of this may not make complete sense as I pulled from various functions in my Primal Forms project.


$peons = invoke-command -computername myserver -credential $cred -scriptblock {param($myname, $peons)
import-module activedirectory
add-pssnapin quest.activeroles.admanagement
get-qaduser -manager $myname | select-object -expandproperty name
} -arg $myname, $peons

$array2 = invoke-command -computername myserver -credential $cred -scriptblock {param($myname, $array2)
import-module activedirectory
add-pssnapin quest.activeroles.admanagement
get-qaduser -manager $myname | select-object -expandproperty SamAccountName
} -arg $myname, $array2


$date = $monthcalendar1.SelectionEnd.Date
$user = $listbox1.SelectedIndex
$user2 = $array2[$user]

If ($listbox1.items.count -gt 1) {
invoke-command -computername myserver -credential $cred -scriptblock {param($date, $user, $user2)
import-module activedirectory
add-pssnapin quest.activeroles.admanagement
Set-QADUser $user2 -AccountExpires $date} -arg $date,$user,$user2
$donemsg = "Changed $user2 Expiration DateTime to $date"
$d = $msgbox.popup($donemsg)
}
Else {$user2 = $array2
invoke-command -computername myserver -credential $cred -scriptblock {param($date, $user, $user2, $array2)
import-module activedirectory
add-pssnapin quest.activeroles.admanagement
Set-QADUser $array2 -AccountExpires $date} -arg $date,$user,$user2,$array2
$donemsg = "Changed $array2 Expiration DateTime to $date"
$d = $msgbox.popup($donemsg)
}
Jazzy Posted - 08/08/2012 : 3:43:25 PM
To answer your initial question first: no, you need to dcprimo the server to allow ADWS to run. Maybe you can look at the Active Directory Management Gateway Service (http://www.microsoft.com/en-us/download/details.aspx?id=2852) designed for environments without Server 2008 R2 domain controllers.
Xenophane Posted - 08/08/2012 : 3:34:30 PM
Can you post the script, so we can see what is happening ?
Xenophane Posted - 08/08/2012 : 3:33:12 PM
The Quest AD cmdlets does not use the Microsoft Active Directory Web Service, only the Microsoft AD cmdlets..
Nodgiles Posted - 08/08/2012 : 11:51:19 AM
I am using Quest cmdlets but I receive this error

WARNING: Error initializing default drive: 'Unable to contact the server. This may be because this server does not exist, it is currently down, or it does not have the Active Directory Web Services running.'.
Xenophane Posted - 08/08/2012 : 06:53:27 AM
Is using the Quest AD cmdlets an option ? They do not require the AD webservice

Mark Minasi's Reader Forum © 2002-2011 Mark Minasi Go To Top Of Page
This page was generated in 0.08 seconds. Snitz Forums 2000