Problem with remote session using Azure AD credentials

Welcome Forums General PowerShell Q&A Problem with remote session using Azure AD credentials

This topic contains 0 replies, has 1 voice, and was last updated by  phil_gt62 3 weeks, 3 days ago.

  • Author
    Posts
  • #179907

    Participant
    Topics: 1
    Replies: 0
    Points: -9
    Rank: Member

    Hi!

    I'm trying to execute commands on a remote machine.
    Both host and remote machine are AzureAD-joined to the same domain, and the user, e.g. AzureAD\TestUser, has admin rights on the remote machine, i.e. AzureAD\TestUser shows up when I do a net localgroup Administrators on the remote machine. There is no local domain or DC or anything, only AzureAD.

    Remoting itself seems to work correctly, as I can successfully execute
    Invoke-Command -ScriptBlock {Get-EventLog system -Newest 10} -ComputerName -Authentication Negotiate -Credential local_admin
    where local_admin is a local admin account on the remote machine (for testing purposes).

    However, trying the same command with -Credential AzureAD\TestUser gives me an "Access is denied".

    I even added (with some extra effort) the AzureAD\TestUser to the PSSessionConfiguration, i.e.
    Get-PSSessionConfiguration -Name Microsoft.Powershell on the remote machine gives
    Permission : NT AUTHORITY\INTERACTIVE AccessAllowed, BUILTIN\Administrators AccessAllowed, BUILTIN\Remote
    Management Users AccessAllowed, AzureAD\TestUser AccessAllowed
    ,
    but this should be redundant as the AzureAD user is already in the Admin group.

    There also exists a user profile for AzureAD\TestUser on the remote machine (as well as the host machine), so this user has successfully physically logged into both machines prior to attempting the remoting.

    There must be something I'm missing. Thanks for any pointers.

You must be logged in to reply to this topic.