Pass variable to invoke script

This topic contains 6 replies, has 3 voices, and was last updated by Profile photo of Bret Robinson Bret Robinson 10 months, 2 weeks ago.

  • Author
    Posts
  • #34093
    Profile photo of Bret Robinson
    Bret Robinson
    Participant

    I am sure this is a Newbie question...
    I need to add a user to a group across several AD Domains.
    I have a script that prompts to enter user & group names.
    that invokes a script that is run on a DC in each domain.

    My first script looks like this

    Set-StrictMode -Version Latest
    
    $CertChk = (New-PSSessionOption -SkipCNCheck -SkipCACheck -SkipRevocationCheck)
    $Script = "$env:USERPROFILE\Scripts\Add_To_Group_Menu.ps1"
    $User = Read-Host 'Please enter the logon name of the user to add'
    $DestGroup = Read-Host 'Please enter the name of the group to add the user to'
    
    Invoke-Command -Filepath "$Script" -ComputerName $DC -Credential $Creds -UseSSL -SessionOption $CertChk -EA 0
    

    The problem is that if I try to dot source the variables when it is run on the remote DC it is not running the script.
    If I run it locally, it works.
    My second script looks like this.

    Set-StrictMode -Version Latest
    Import-Module ActiveDirectory
    
    $Script = "$env:USERPROFILE\Scripts\Add_To_Group.ps1"
    {. .\$Script}
    
    $UserName = ((Get-ADUser $User).Name)
    $GroupDn = ((Get-ADGroup $DestGroup).DistinguishedName)
    $GroupName = ((Get-ADGroup $DestGroup).Name)
    
    
    If ((Get-ADUser $User -Properties memberof).memberof -like "$GroupDn") 
        {
        Write-Host "$UserName is already a member of $GroupName!"-ForegroundColor Yellow
        }
        Else {
        Write-Host "Adding $UserName to $GroupName!" -ForegroundColor Green
        Get-ADGroup $DestGroup | Add-ADGroupMember -Members $User 
    }
    

    I am sure this is related to how I am trying to pass the variables.
    I appreciate any help.

  • #34095
    Profile photo of Dave Wyatt
    Dave Wyatt
    Moderator

    Variables that exist in your local session do not exist on the remote computer. Your second script needs to accept the $User and $DestGroup variables as parameters, instead of just requiring those variables to exist somewhere. Your first script has the same problem as well; it's using a $DC variable which is not defined as a parameter or anywhere else in the script.

    When you get to the point where you're putting code into functions and scripts for reuse, you should get into the habit of having all of those function's inputs coming via parameters. For your second script, that might consist of a parameter block like this at the beginning of the file:

    [CmdletBinding()]
    param (
        [Parameter(Mandatory = $true)]
        [string] $User,
    
        [Parameter(Mandatory = $true)]
        [string] $DestGroup
    )
    
  • #34097
    Profile photo of Bret Robinson
    Bret Robinson
    Participant

    Thanks for the info!
    Sorry I pared down the first script for readability
    So, the first script looks like the this:

    Set-StrictMode -Version Latest
    
    $CertChk = (New-PSSessionOption -SkipCNCheck -SkipCACheck -SkipRevocationCheck)
    $Script = "$env:USERPROFILE\Scripts\Add_To_Group_Menu.ps1"
    $User = Read-Host 'Please enter the logon name of the user to add'
    $DestGroup = Read-Host 'Please enter the name of the group to add the user to'
    
    Function Domain1 {
    $DC = 'server.domain.com'
    $Creds = IMPORT-CLIXML "$env:USERPROFILE\creds.xml"
    Invoke-Command -Filepath "$Script" -ComputerName $DC -Credential $Creds -UseSSL -SessionOption $CertChk -EA 0
    }
    

    There is a function for each domain.
    I am looping through all of the functions.
    Would I change the Invoke-Cmd to look like this?

    Invoke-Command -Filepath "$Script" -ComputerName $CorpDC -Credential $CorpCreds -UseSSL -SessionOption $CertChk -EA 0 -ArgumentList $User,$DestGroup
    

    My Seconds script now looks like this:

    [CmdletBinding()]
    param (
        [Parameter(Mandatory = $true)]
        [string] $User,
    
        [Parameter(Mandatory = $true)]
        [string] $DestGroup
    )
    
    Set-StrictMode -Version Latest
    Import-Module ActiveDirectory
    
    #$Script = "$env:USERPROFILE\Scripts\Add_To_Group.ps1"
    #{. .\$Script}
    
    $UserName = ((Get-ADUser $User).Name)
    $GroupDn = ((Get-ADGroup $DestGroup).DistinguishedName)
    $GroupName = ((Get-ADGroup $DestGroup).Name)
    
    
    If ((Get-ADUser $User -Properties memberof).memberof -like "$GroupDn") 
        {
        Write-Host "$UserName is already a member of $GroupName!"-ForegroundColor Yellow
        }
        Else {
        Write-Host "Adding $UserName to $GroupName!" -ForegroundColor Green
        Get-ADGroup $DestGroup | Add-ADGroupMember -Members $User 
    } 
    

    I am still seeing the same results.

  • #34098
    Profile photo of Dave Wyatt
    Dave Wyatt
    Moderator

    What errors are you getting? If you've added the param block to the second script and you've added -ArgumentList to your Invoke-Command call, then you should be all set.

  • #34099
    Profile photo of Bret Robinson
    Bret Robinson
    Participant

    Thanks again Dave,
    I am not getting any errors, it just appears to not be running, but I think my logic may be what wrong. if the script is being run on a remote server then, maybe it only the return information that I am expecting that is not happening. Perhaps I need to change this to run as a job and return the job info?

  • #34110
    Profile photo of Stuart Fleck
    Stuart Fleck
    Participant

    Could it be the execution policy ? what is the execution policy set to on your remote computers?

  • #34183
    Profile photo of Bret Robinson
    Bret Robinson
    Participant

    I just wanted to update this post. Dave, your answer was correct. It turns out one of the network admins did not know what port 5986 was being used for and closed it on some of the firewalls. that's why I was getting weird results.
    Thanks again for your help!

You must be logged in to reply to this topic.