PSSession to multiple domain controllers

Welcome Forums General PowerShell Q&A PSSession to multiple domain controllers

Viewing 1 reply thread
  • Author
    Posts
    • #214509
      Participant
      Topics: 66
      Replies: 71
      Points: 510
      Rank: Major Contributor

      I have an interesting problem where I have been tasked to run a simple PS script remotely on multiple severs.¬† The script is inconsequential, however the challenge is that even though we can manually remotely enter a session on each server (Enter-PSsession) due to the fact that we have a VPN to each site, each server is on a completely different domain…meaning the administrator credentials to each server requires different “domain name “/administrator¬† and passswords.

      Usually if I create an automated script that needs to reach out to a different server like this, I create a secure password file and then use that to authenticate, however there are 60 + servers to connect to, which implies I would have to create 60 + secure password files.

      Is there any other easier way to accomplish this?

       

       

    • #214548
      Participant
      Topics: 12
      Replies: 524
      Points: 1,220
      Helping Hand
      Rank: Community Hero

      You can use the Get-SBCredential function of the AZSBTools PS module.
      The script may go something like this:

      # Install-Module -Name AZSBTools
      
      [CmdletBinding(ConfirmImpact='Low')] 
      Param(
          [Parameter(Mandatory=$false)][HashTable[]]$ComputerList = @(
              @{ ComputerName = 'Server1.domain1.com'; AdminName = 'domain1\admin1'}
              @{ ComputerName = 'Server2.domain2.com'; AdminName = 'domain2\admin2'}
              @{ ComputerName = 'Server3.domain3.com'; AdminName = 'domain3\admin3'}
          ), 
          [Parameter(Mandatory=$false)][ValidateScript({Test-Path $_})][String]$KeyChainFolder = 'd:\Sandbox\KeyChain'
      )
      
      foreach ($ComputerITem in $ComputerList) {
          $Cred = Get-SBCredential -UserName $ComputerITem.ComputerName -CredPath $KeyChainFolder 
          Invoke-Command -ComputerName $ComputerITem.ComputerName -Credential $Cred -ScriptBlock {
              Get-ADUser 'samb' -Properties LastLogon # or some other task
          }
      }
      

      The first time a credential is used you will be prompted to type in the pwd. It will be saved in an encrypted file in the $KeyChain folder

Viewing 1 reply thread
  • You must be logged in to reply to this topic.