Author Posts

February 1, 2017 at 4:22 pm

I need to create a remote PowerShell session to a Domain Controller.
I need to specify the IP address of the DC while opening the connection, so my command looks like:

New-PSSession -ComputerName 192.168.1.1 -Credential (Get-Credential)

I know the domain name (let's say, mydomain.local), the DC name (let's say, mydc.maydomain.local), the Administrator's user name and the password. What is the right syntax to specify them while opening the remore session?

Regards

marius

February 1, 2017 at 4:32 pm

$username = "Username"
$Password = ConvertTo-SecureString -String "password" -AsPlainText -force

$credentials =  New-Object System.Management.Automation.PSCredential -ArgumentList $username, $password

New-PSSession -ComputerName 192.168.1.1 -Credential $credentials

I believe that is what you are looking for. Not great as its username/password in plain text.

February 1, 2017 at 5:03 pm

I agree with Alex. Don't store the domain admin password – never ever.

This would pop up you to type in password but would auto fill username.

New-PSSession -ComputerName 192.168.1.1 -Credential (Get-Credential domain\admin)

February 2, 2017 at 8:13 am

Another method you could try is:

##This stores the username and password object in a XML file
$path = C:\SomePlaceOnMyCDrive
$cred = Get-Credential
$cred | Export-Clixml "$path\Password.xml"

##Import the XML file and use the username and password from it
##Only the user that created the XML file can decrypt it.
$UserDetails = Import-Clixml $path\Password.xml
$LoginDeets =  New-Object System.Management.Automation.PSCredential -ArgumentList $UserDetails.username,$UserDetails.password


New-PSSession -ComputerName 192.168.1.1 -Credential $LoginDeets

This is another method that does not store the Username and Password in plain text. It does require the same user to login though.

February 2, 2017 at 10:10 am

Thank you for the hints.
I performed the suggested steps in a small lab environment (so, no problem with the Domain Administrator's password) but I get the following error:

PS C:\Users\user> $username = "Administrator"
PS C:\Users\user> $Password = ConvertTo-SecureString -String "XXXXXXXX" -AsPlainText -force
PS C:\Users\user> $credentials =  New-Object System.Management.Automation.PSCredential -ArgumentList $username, $pass
word
PS C:\Users\user> New-PSSession -ComputerName 192.168.1.1 -Credential $credentials
New-PSSession : [192.168.1.1] Connecting to remote server 192.168.1.1 failed with the following error message : The
WinRM client cannot process the request. If the authentication scheme is different from Kerberos, or if the client
computer is not joined to a domain, then HTTPS transport must be used or the destination machine must be added to the
TrustedHosts configuration setting. Use winrm.cmd to configure TrustedHosts. Note that computers in the TrustedHosts
list might not be authenticated. You can get more information about that by running the following command: winrm help
config. For more information, see the about_Remote_Troubleshooting Help topic.
At line:1 char:1
+ New-PSSession -ComputerName 192.168.1.1 -Credential $credentials
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [New-PSSession], PSRemotin
   gTransportException
    + FullyQualifiedErrorId : ServerNotTrusted,PSSessionOpenFailed

PS C:\Users\user>

Please consider that neither the client PC or the client user are members of the AD domain.
By the way, I got the same error after entering the same command with a wrong IP address.
I don't think, however, it's a network issue because I can ping the IP address of the DC and (in the lab enviromnent) the firewall on the DC is disabled.
While moving to the production environment I'll need to face a more complex networking configuration, but at the moment I'd like to start from a simpler lab environmet.
How can I troubleshoot the problem?
Regards
marius

February 2, 2017 at 10:42 am

Can you run the command:

New-PSSession -ComputerName 192.168.1.1 -Credential (get-credentials)

Input the credentials, do you still get the same issue?

If you do then you might need to run enable-psremoting on the machine you are trying to connect to.

February 2, 2017 at 1:24 pm

use the computer name rather than the IP address. Why do you say you need to specify the IP address. New-PsSession expects a name by default. If you want to start using IP addresses you need to think about trusted hosts and possibly encrypting the connection