Problem running PS script from PS web

This topic contains 5 replies, has 3 voices, and was last updated by Profile photo of Nathan W Nathan W 1 year, 11 months ago.

  • Author
    Posts
  • #21352
    Profile photo of Nathan W
    Nathan W
    Participant

    I just recently setup a PS Web server for my team to be able to share PS scripts. On two of my scripts that manupliate AD I am getting errors.
    I have verified that the AD module is available.
    Here is one of the errors

    Get-ADComputer : Unable to contact the server. This may be because this server does not exist, it is currently down,
    or it does not have the Active Directory Web Services running.
    At C:\PSScripts\Create Server LADM Groups.ps1:1 char:19
    + $ServerAccounts = Get-ADComputer -Filter * -SearchBase 'OU=Servers,DC=info,DC=co ...
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : ResourceUnavailable: (:) [Get-ADComputer], ADServerDownException
    + FullyQualifiedErrorId : ActiveDirectoryServer:0,Microsoft.ActiveDirectory.Management.Commands.GetADComputer

    Thanks in advance.

  • #21359
    Profile photo of Richard Siddaway
    Richard Siddaway
    Moderator

    Are you hosting the scripts in a web service?

    Can you run the scripts in a normal PowerShell console from the web server?

    Is the web server part of the domain?

    Do any other scripts that access AD work?

  • #21515
    Profile photo of Nathan W
    Nathan W
    Participant

    Not sure I know what you mean by hosting the scripts in a web service.
    Yes, I can run all the components of the script from the PS web.
    Yes.
    No.

    Thanks in advance 🙂

  • #21519
    Profile photo of Will Anderson
    Will Anderson
    Keymaster

    Hey there Nathan,

    Would it be possible to see the script code? I've got a PSWA server in my test environment, so I can test and see if I can duplicate the issue.

  • #21520
    Profile photo of Will Anderson
    Will Anderson
    Keymaster

    Actually, I was able to duplicate it just running Get-ADComputer "%servername%". A couple of things to check:

    Make sure that at least one of your DCs is running Active Directory Web Services. You won't be able to connect without it.
    Use the -Server parameter to specify the DC running ADWS.

    Alternatively, you could use PSWA to connect to domain controller (you'll have to make sure it's in a PswaAuthorizationRule before you can access it), and execute the script from there.

  • #21558
    Profile photo of Nathan W
    Nathan W
    Participant

    So I have tried your suggestions and it still fails to run for PSWEB.
    Here is a copy of my script that I am trying to execute from PSWEB
    $GroupVar=Read-Host "Enter Computer name"
    $UserVar=Read-Host "Enter Local Admin User ID"
    $ErrorActionPreference = "SilentlyContinue"
    $DoesUserExist=(Get-ADUser -Identity $UserVar -Server DC05 -ErrorAction SilentlyContinue)
    $DoesGroupExist=(Get-ADGroup -Identity "$GroupVar – LADM" -Server DC05 -ErrorAction SilentlyContinue)
    $UserInGroup=(Get-ADGroupMember -Identity "$GroupVar – LADM" -Server DC05 | Where-Object {$_.SamAccountName -eq $UserVar} -ErrorAction SilentlyContinue)
    $ErrorActionPreference = "Ignore"
    if ($DoesUserExist.SamAccountName -eq $UserVar)
    {
    Write-Host -ForegroundColor Green "User account Found. Will try to add to group"
    }
    Else
    {
    Write-Warning "User Account does not exist. Will creat one now"
    $UserGivenNameVar=Read-Host "Enter Users First Name"
    $UserSurNameVar=Read-Host "Enter Users Last Name"
    $PasswordVar=(ConvertTo-SecureString 'Password01' -AsPlainText -force)
    New-ADUser -Name "$UserGivenNameVar $UserSurNameVar – Local Admin" -SamAccountName $UserVar -UserPrincipalName "$UserVar@internal.domain.com" -AccountPassword $PasswordVar -ChangePasswordAtLogon 1 -GivenName $UserGivenNameVar -Surname $UserSurNameVar -DisplayName "$UserGivenNameVar $UserSurNameVar – Local Admin" -Path 'OU=Workstation Local Admin Users,OU=People,DC=internal,DC=domain,DC=com' -Enabled $true -Server DC05
    Write-Host -ForegroundColor Green "User Account Created"
    }
    if ($DoesGroupExist.SamAccountName -eq $GroupVar)
    {
    Write-Host -ForegroundColor Green "Group Found. Will Try to add user to group."
    }
    Else
    {
    Write-Warning "Group Not found. Will create now"
    New-ADGroup -Name "$GroupVar – LADM" -GroupScope Global -GroupCategory Security -Path 'OU=Workstation Local Admin Computers,OU=Groups,DC=internal,DC=domain,DC=com' -Server DC05
    Write-Host -ForegroundColor Green "Group Created"
    }
    if ($UserInGroup.SamAccountName -eq $UserVar)
    {
    Write-Warning "User account already in group. No further action needed"
    }
    Else
    {
    Add-ADGroupMember -Identity "$GroupVar – LADM" -Members $UserVar -Server DC05
    Write-Host -ForegroundColor Green "Account added to group"
    }

You must be logged in to reply to this topic.