Powershell Module and Remoting

Tagged: 

This topic contains 5 replies, has 3 voices, and was last updated by Profile photo of Max Kozlov Max Kozlov 1 year, 8 months ago.

  • Author
    Posts
  • #27522
    Profile photo of Dan Davis
    Dan Davis
    Participant

    I am looking at creating a powershell module that needs some AD commands from a machines that does not have AD modules installed.

    I think that I am misunderstanding the remoting concepts, as I assume it should be straight forward.

    I tried to pull down the AD modules and then run the commands

            # Create a session to DC
            $S = New-PSSession -ComputerName $DC
            # Load AD Modules
            Invoke-Command -Session $S {Import-Module ActiveDirectory}
            # Export the AD cmdlet from remote to local powershell instance
            Export-PSSession -Session $S -CommandName *AD* -OutputModule RemAD -AllowClobber -Force
            # Remove the session to the DC
            Remove-PSSession $S
            # Load the local copy of the remote AD modules.
            Import-Module RemAD
    
    foreach ($ADG in $ADGroupFilter) {
                $Group += Get-ADGroup -Filter {name -like $ADG} | select -ExpandProperty DistinguishedName
                $Group
            }
    

    The problem that I have is the module complains that the remote computer doesn't know what is in $ADG

    I also tried with Invoke-Command scriptblock {} but seem to have similar issues.

    Is there away to pass variables collected from the module parameters to the remote host after you have pulled down the AD modules.

    I assume that its a fairly common thing to do but seem to be going around in circles trying to figure it out.

    Cheers.

  • #27523
    Profile photo of Max Kozlov
    Max Kozlov
    Participant

    I try to use string instead scriptblock in filter and it works 🙂

    Get-ADGroup -Filter "name -like '$ADG'" | select -ExpandProperty DistinguishedName

    I already have some problems with remote scriptblocks. I think they interpreted on remote side and thus not have local variables

  • #27524
    Profile photo of Don Jones
    Don Jones
    Keymaster

    Correct. This is covered at https://powershell.org/kb/remote-variables-and-invoke-command/, along with workarounds. This applies to implicit remoting as well.

    Dan, your problem is that you're closing the PSSession. When you import modules via implicit remoting (in v3 and higher, it's easier to use Import-Module with the -PSSession parameter, BTW), the commands don't "copy" to your computer. They still run remotely, and so the session needs to remain open. If you close the session, the local "shadow module" is removed.

  • #27526
    Profile photo of Dan Davis
    Dan Davis
    Participant

    Max,
    Thanks for the tip, all working now.

    Don,
    Thanks for the link.

    With regard to closing the session the code below seems to work if Remove-PSSession is before or after the Get-ADGroup. I don't know if its what you would expect?

    Also about the module being removed when the session is closed, that is not what I am seeing.

    My code now,

    function Test-Connect4 {
    
            $DC = 'EUKDC6'
    
            # Create a session to DC
            $S = New-PSSession -ComputerName $DC
            # Load AD Modules
            Invoke-Command -Session $S {Import-Module ActiveDirectory}
            # Export the AD cmdlet from remote to local powershell instance
            Import-PSSession -Session $S -Module ActiveDirectory
            # Remove the session to the DC
            Remove-PSSession $S
    
            # Long Test
            $ADGroupFilter = "VPN*","Citrix*"
    
            foreach ($ADG in $ADGroupFilter) {
                # Output filters if using -Verbose
                Write-Host "`$ADG is $ADG"
                # Put the groups into $group
                $Group += Get-ADGroup -Filter "name -like '$ADG'" | select -ExpandProperty DistinguishedName
            }
            $Group
    }
    

    If I run the function the second time I get

    WARNING: Proxy creation has been skipped for the following command: 'Add-ADCentralAccessPolicyMember,
    Import-PSSession : No command proxies have been created, because all of the requested remote commands would shadow existing local commands. Use the AllowClobber

    This would imply that the module is not remove when I Remove-PSSession, or i am removing it incorrectly. (I can obviously suppress with the allowclobber as suggested)
    Its removed when I start a new instance of powershell as it doesn't error the first time i run the function.

    Dont know if this is something i should worry about or if its just a technicallity

    With the code that i post first with

     IExport-PSSession -Session $S -CommandName *AD* -OutputModule RemAD -AllowClobber -Force 

    That seems to download the module to my local machine. so even after the session is removed I have access to AD commands that run against the DC i pulled them from. This caused me a bit of head scratching yesterday when trying to troubleshoot this.

    Again, not sure if this is something I need to worry about as I will use the second method. just seemed at odds with what you are expecting.

    Cheers.

  • #27527
    Profile photo of Don Jones
    Don Jones
    Keymaster

    If you import a module, and then close the session, the "shadow" module remains for the current PowerShell runspace. Attempting to use the commands from that module will just re-open the session – so closing it is actually just wasting time.

  • #27551
    Profile photo of Max Kozlov
    Max Kozlov
    Participant

    Don, in above example
    `Get-ADGroup -Filter {name -like $using:ADG} ` doesn't solve the remoting problem. May be because PS doens'n know that this scriptblock will be runned remotely?
    Do You know any way to solve it besides converting scriptblock to string ? (Yes, I know, that Get-ADGroup want [string] -Filter property, it just an example)

You must be logged in to reply to this topic.