| Author |
 Topic  |
|
|
Nodgiles
Welcome Newcomer
USA
12 Posts
Status: offline |
 Posted - 08/07/2012 : 5:22:54 PM
|
I have a script that I created for managers in my company to extend or disable temporary user accounts. Since the managers do not have this level of access I'm using an invoke-command -computername PDC01 -credential $cred -ScriptBlock command.
Getting this to work has been a real pain. I kept getting errors connecting to the domain controller to run the commands. I found that my errors were due to UAC being enabled on the DC and winrm not being configured. The Domain admins did not want to disable UAC or run winrm /quickconfig on the DC so I created a new 2008r2 server to run my scripts against. I was able to resolve most of the errors until I got to one stating that active directory web services wasn't running.
As far as I can see the only way I can get AD web services running is to promote the server to a domain controller. Is this right? If I promote this server to an RODC I'll lose some task scheduling functions I wrote in my script. Is there a way I can configure Web Services on my machine for PowerShell without promoting it to a DC?
|
The true sign of intelligence is not knowledge but imagination. -Albert Einstein |
|
|
Xenophane
Honorable But Hopeless Addict
Denmark
3070 Posts
Status: offline |
Posted - 08/08/2012 : 06:53:27 AM
|
| Is using the Quest AD cmdlets an option ? They do not require the AD webservice |
Microsoft Powershell MVP
SIG> George Bernard Shaw : The power of accurate observation is commonly called cynicism by those who have not got it. </SIG>
You can read my blog at www.xipher.dk |
 |
|
|
Nodgiles
Welcome Newcomer
USA
12 Posts
Status: offline |
Posted - 08/08/2012 : 11:51:19 AM
|
I am using Quest cmdlets but I receive this error
WARNING: Error initializing default drive: 'Unable to contact the server. This may be because this server does not exist, it is currently down, or it does not have the Active Directory Web Services running.'.
|
The true sign of intelligence is not knowledge but imagination. -Albert Einstein |
|
|
|
Xenophane
Honorable But Hopeless Addict
Denmark
3070 Posts
Status: offline |
Posted - 08/08/2012 : 3:33:12 PM
|
The Quest AD cmdlets does not use the Microsoft Active Directory Web Service, only the Microsoft AD cmdlets..
|
Microsoft Powershell MVP
SIG> George Bernard Shaw : The power of accurate observation is commonly called cynicism by those who have not got it. </SIG>
You can read my blog at www.xipher.dk |
|
|
|
Xenophane
Honorable But Hopeless Addict
Denmark
3070 Posts
Status: offline |
Posted - 08/08/2012 : 3:34:30 PM
|
| Can you post the script, so we can see what is happening ? |
Microsoft Powershell MVP
SIG> George Bernard Shaw : The power of accurate observation is commonly called cynicism by those who have not got it. </SIG>
You can read my blog at www.xipher.dk |
|
|
|
Jazzy
Administrator
Netherlands
1932 Posts
Status: offline |
|
|
Nodgiles
Welcome Newcomer
USA
12 Posts
Status: offline |
Posted - 08/09/2012 : 11:29:39 AM
|
quote:
Originally posted by Xenophane
Can you post the script, so we can see what is happening ?
Some of this may not make complete sense as I pulled from various functions in my Primal Forms project.
$peons = invoke-command -computername myserver -credential $cred -scriptblock {param($myname, $peons)
import-module activedirectory
add-pssnapin quest.activeroles.admanagement
get-qaduser -manager $myname | select-object -expandproperty name
} -arg $myname, $peons
$array2 = invoke-command -computername myserver -credential $cred -scriptblock {param($myname, $array2)
import-module activedirectory
add-pssnapin quest.activeroles.admanagement
get-qaduser -manager $myname | select-object -expandproperty SamAccountName
} -arg $myname, $array2
$date = $monthcalendar1.SelectionEnd.Date
$user = $listbox1.SelectedIndex
$user2 = $array2[$user]
If ($listbox1.items.count -gt 1) {
invoke-command -computername myserver -credential $cred -scriptblock {param($date, $user, $user2)
import-module activedirectory
add-pssnapin quest.activeroles.admanagement
Set-QADUser $user2 -AccountExpires $date} -arg $date,$user,$user2
$donemsg = "Changed $user2 Expiration DateTime to $date"
$d = $msgbox.popup($donemsg)
}
Else {$user2 = $array2
invoke-command -computername myserver -credential $cred -scriptblock {param($date, $user, $user2, $array2)
import-module activedirectory
add-pssnapin quest.activeroles.admanagement
Set-QADUser $array2 -AccountExpires $date} -arg $date,$user,$user2,$array2
$donemsg = "Changed $array2 Expiration DateTime to $date"
$d = $msgbox.popup($donemsg)
} |
The true sign of intelligence is not knowledge but imagination. -Albert Einstein |
|
|
|
Nodgiles
Welcome Newcomer
USA
12 Posts
Status: offline |
Posted - 08/09/2012 : 5:50:04 PM
|
quote:
Originally posted by Jazzy
To answer your initial question first: no, you need to dcprimo the server to allow ADWS to run. Maybe you can look at the Active Directory Management Gateway Service (http://www.microsoft.com/en-us/download/details.aspx?id=2852) designed for environments without Server 2008 R2 domain controllers.
Looks like thats a no go as well.
"you can install Active Directory Management Gateway Service only if you promote your server to domain controller by running Dcpromo.exe or if you create an AD LDS instance (or ADAM instance) on this server." |
The true sign of intelligence is not knowledge but imagination. -Albert Einstein |
|
|
| |
Topic |
|
invoke-command
