Import module from remote comptuer

This topic contains 10 replies, has 3 voices, and was last updated by Profile photo of Daniel Krebs Daniel Krebs 2 years, 3 months ago.

  • Author
    Posts
  • #18536
    Profile photo of David Jones
    David Jones
    Participant

    I'm trying to use remoting to use 2012 ActiveDirectory module from a windows 7 machine with WMF 4.0 installed. I have enabled CredSSP on the member server that has ActiveDirectory module and set it up on the workstation I'm testing from.
    On the server:

    Enable-WSManCredSSP –Role server

    On the test workstation:

    Enable-WSManCredSSP –Role client –DelegateComputer ps-script01.domain.com

    And then I try to import the module.

    PS H:\> $cred = Get-Credential domain/user
    PS H:\> $session = New-PSSession -ComputerName ps-script01.domain.com -Authentication Credssp -Credential $cred
    
    PS H:\> import-module -PSSession $session -Name ActiveDirectory
    import-module : Failed to generate proxies for remote module 'ActiveDirectory'.  The specified path, file name, or
    both are too long. The fully qualified file name must be less than 260 characters, and the directory name must be less
    than 248 characters.
    At line:1 char:1
    + import-module -PSSession $session -Name ActiveDirectory
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : NotSpecified: (:) [Import-Module], InvalidOperationException
        + FullyQualifiedErrorId : CmdletProviderInvocationException,Microsoft.PowerShell.Commands.ImportModuleCommand

    I"m at a loss on this one.

    The reason I'm doing this with a member server is we don't have the user that will eventual run the script to have access to the DC.

  • #18539
    Profile photo of Daniel Krebs
    Daniel Krebs
    Participant

    David,

    I think we need to understand what you're actually trying to achieve in the end. Which tasks do you want to perform against Active Directory from the workstations? Please provide a full list to give us a better picture of your scenario.

    Thanks
    Daniel

  • #18541
    Profile photo of CTX_Christian
    CTX_Christian
    Participant

    There is a JumpStart webcast about this topic @ http://www.microsoftvirtualacademy.com/training-courses/getting-started-with-powershell-3-0-jump-start

    Getting Started with PowerShell 3.0 Jump Start
    Module 09 | Introducing scripting and toolmaking

    Starting: [13:33] | PowerShell remote CMDLETs

    Maybe this gives you a more deeper insight.

    Regards

    Christian

  • #18542
    Profile photo of David Jones
    David Jones
    Participant

    Basically We have a scheduled script that sets logon hours based on a CSV file provided by HR. However the names provided are not always the same as what is in AD. So I need the HR person to be able to run

    get-aduser -filter {GivenName -like $FirstName -and SN -like $LastName}

    as part of a script to validate the CSV data.
    they are on windows 7 with WMF 4.0 installed.

  • #18564
    Profile photo of David Jones
    David Jones
    Participant

    @Christian Francke

    That video was a life saver. I have it working via credssp.

    using Import-PSSession i was able to import the module and use it from the member server.

    Now I would like to be able to do it withe Kerberos Constrained deligation. Any takers on how to do that?

    I tried to setup WSMAN to the DC on the member server's AD object. but I still get this error

    Unable to contact the server. This may be because this server does not exist, it is currently down, or it does not
    have the Active Directory Web Services running.
        + CategoryInfo          : ResourceUnavailable: (pds-admin75:ADComputer) [Get-ADComputer], ADServerDownException
        + FullyQualifiedErrorId : ActiveDirectoryServer:0,Microsoft.ActiveDirectory.Management.Commands.GetADComputer
        + PSComputerName        : ps-script01.pinnaclebancorp.com
  • #18581
    Profile photo of Daniel Krebs
    Daniel Krebs
    Participant

    David,

    Have you considered to install the Remote Server Administration Tools (RSAT) and enable the AD PowerShell module on the HR Windows 7 machines?

  • #18638
    Profile photo of David Jones
    David Jones
    Participant

    It's my understanding that Microsoft does not recommend using the down version RSAT with a newer Domain. I know this function in question is a read but i'm trying to stick to the tools that match the DC.

  • #18639
    Profile photo of David Jones
    David Jones
    Participant

    Strange It looks like it's working now.

    PS C:\WINDOWS> $s = New-PSSession -ComputerName ps-script01
    PS C:\WINDOWS> import-pssession -Session $s -Module ActiveDirectory -Prefix Remote
    
    ModuleType Version    Name                                ExportedCommands
    --------- ------    -----                               ----------------
    Script     1.0        tmp_4jss0rk1.4sz                    {Add-RemoteADCentralAccessPolicyMember, Add-RemoteADComput.

    I'm betting the changes in AD did not take effect last week due to the life time of the Kerberose tickets.

    Does any one know how / where to clear Kerberos tickets?

  • #18640
    Profile photo of Daniel Krebs
    Daniel Krebs
    Participant

    You can run the command line utility "klist" which comes bundled with Windows. Since Windows 7 if I'm correct.

    klist purge

    To show your tickets just run

    klist

  • #18641
    Profile photo of David Jones
    David Jones
    Participant

    I came across that, and last Friday I tried to purge on the member server. Am I supposed to run that on the workstation to? I cant imagine wanting to run it on the DC with a flat purge.

  • #18642
    Profile photo of Daniel Krebs
    Daniel Krebs
    Participant

    klist only affects the session of the current user as far as I know. You need to purge on the workstation or from where you're connecting to the PowerShell remoting endpoint.

You must be logged in to reply to this topic.