Pass variable to invoke script

Welcome Forums General PowerShell Q&A Pass variable to invoke script

Viewing 6 reply threads
  • Author
    Posts
    • #34093
      Participant
      Topics: 2
      Replies: 5
      Points: 0
      Rank: Member

      I am sure this is a Newbie question...
      I need to add a user to a group across several AD Domains.
      I have a script that prompts to enter user & group names.
      that invokes a script that is run on a DC in each domain.

      My first script looks like this

      Set-StrictMode -Version Latest
      
      $CertChk = (New-PSSessionOption -SkipCNCheck -SkipCACheck -SkipRevocationCheck)
      $Script = "$env:USERPROFILE\Scripts\Add_To_Group_Menu.ps1"
      $User = Read-Host 'Please enter the logon name of the user to add'
      $DestGroup = Read-Host 'Please enter the name of the group to add the user to'
      
      Invoke-Command -Filepath "$Script" -ComputerName $DC -Credential $Creds -UseSSL -SessionOption $CertChk -EA 0
      

      The problem is that if I try to dot source the variables when it is run on the remote DC it is not running the script.
      If I run it locally, it works.
      My second script looks like this.

      Set-StrictMode -Version Latest
      Import-Module ActiveDirectory
      
      $Script = "$env:USERPROFILE\Scripts\Add_To_Group.ps1"
      {. .\$Script}
      
      $UserName = ((Get-ADUser $User).Name)
      $GroupDn = ((Get-ADGroup $DestGroup).DistinguishedName)
      $GroupName = ((Get-ADGroup $DestGroup).Name)
      
      
      If ((Get-ADUser $User -Properties memberof).memberof -like "$GroupDn") 
          {
          Write-Host "$UserName is already a member of $GroupName!"-ForegroundColor Yellow
          }
          Else {
          Write-Host "Adding $UserName to $GroupName!" -ForegroundColor Green
          Get-ADGroup $DestGroup | Add-ADGroupMember -Members $User 
      }
      

      I am sure this is related to how I am trying to pass the variables.
      I appreciate any help.

    • #34095
      Member
      Topics: 9
      Replies: 2322
      Points: 0
      Rank: Member

      Variables that exist in your local session do not exist on the remote computer. Your second script needs to accept the $User and $DestGroup variables as parameters, instead of just requiring those variables to exist somewhere. Your first script has the same problem as well; it's using a $DC variable which is not defined as a parameter or anywhere else in the script.

      When you get to the point where you're putting code into functions and scripts for reuse, you should get into the habit of having all of those function's inputs coming via parameters. For your second script, that might consist of a parameter block like this at the beginning of the file:

      [CmdletBinding()]
      param (
          [Parameter(Mandatory = $true)]
          [string] $User,
      
          [Parameter(Mandatory = $true)]
          [string] $DestGroup
      )
      
    • #34097
      Participant
      Topics: 2
      Replies: 5
      Points: 0
      Rank: Member

      Thanks for the info!
      Sorry I pared down the first script for readability
      So, the first script looks like the this:

      Set-StrictMode -Version Latest
      
      $CertChk = (New-PSSessionOption -SkipCNCheck -SkipCACheck -SkipRevocationCheck)
      $Script = "$env:USERPROFILE\Scripts\Add_To_Group_Menu.ps1"
      $User = Read-Host 'Please enter the logon name of the user to add'
      $DestGroup = Read-Host 'Please enter the name of the group to add the user to'
      
      Function Domain1 {
      $DC = 'server.domain.com'
      $Creds = IMPORT-CLIXML "$env:USERPROFILE\creds.xml"
      Invoke-Command -Filepath "$Script" -ComputerName $DC -Credential $Creds -UseSSL -SessionOption $CertChk -EA 0
      }
      

      There is a function for each domain.
      I am looping through all of the functions.
      Would I change the Invoke-Cmd to look like this?

      Invoke-Command -Filepath "$Script" -ComputerName $CorpDC -Credential $CorpCreds -UseSSL -SessionOption $CertChk -EA 0 -ArgumentList $User,$DestGroup
      

      My Seconds script now looks like this:

      [CmdletBinding()]
      param (
          [Parameter(Mandatory = $true)]
          [string] $User,
      
          [Parameter(Mandatory = $true)]
          [string] $DestGroup
      )
      
      Set-StrictMode -Version Latest
      Import-Module ActiveDirectory
      
      #$Script = "$env:USERPROFILE\Scripts\Add_To_Group.ps1"
      #{. .\$Script}
      
      $UserName = ((Get-ADUser $User).Name)
      $GroupDn = ((Get-ADGroup $DestGroup).DistinguishedName)
      $GroupName = ((Get-ADGroup $DestGroup).Name)
      
      
      If ((Get-ADUser $User -Properties memberof).memberof -like "$GroupDn") 
          {
          Write-Host "$UserName is already a member of $GroupName!"-ForegroundColor Yellow
          }
          Else {
          Write-Host "Adding $UserName to $GroupName!" -ForegroundColor Green
          Get-ADGroup $DestGroup | Add-ADGroupMember -Members $User 
      } 
      

      I am still seeing the same results.

    • #34098
      Member
      Topics: 9
      Replies: 2322
      Points: 0
      Rank: Member

      What errors are you getting? If you've added the param block to the second script and you've added -ArgumentList to your Invoke-Command call, then you should be all set.

    • #34099
      Participant
      Topics: 2
      Replies: 5
      Points: 0
      Rank: Member

      Thanks again Dave,
      I am not getting any errors, it just appears to not be running, but I think my logic may be what wrong. if the script is being run on a remote server then, maybe it only the return information that I am expecting that is not happening. Perhaps I need to change this to run as a job and return the job info?

    • #34110
      Participant
      Topics: 3
      Replies: 10
      Points: 0
      Rank: Member

      Could it be the execution policy ? what is the execution policy set to on your remote computers?

    • #34183
      Participant
      Topics: 2
      Replies: 5
      Points: 0
      Rank: Member

      I just wanted to update this post. Dave, your answer was correct. It turns out one of the network admins did not know what port 5986 was being used for and closed it on some of the firewalls. that's why I was getting weird results.
      Thanks again for your help!

Viewing 6 reply threads
  • The topic ‘Pass variable to invoke script’ is closed to new replies.