Remote session to a Domain controller

This topic contains 6 replies, has 4 voices, and was last updated by  Richard Siddaway 7 months, 3 weeks ago.

  • Author
  • #63238


    I need to create a remote PowerShell session to a Domain Controller.
    I need to specify the IP address of the DC while opening the connection, so my command looks like:

    New-PSSession -ComputerName -Credential (Get-Credential)

    I know the domain name (let's say, mydomain.local), the DC name (let's say, mydc.maydomain.local), the Administrator's user name and the password. What is the right syntax to specify them while opening the remore session?



  • #63240

    $username = "Username"
    $Password = ConvertTo-SecureString -String "password" -AsPlainText -force
    $credentials =  New-Object System.Management.Automation.PSCredential -ArgumentList $username, $password
    New-PSSession -ComputerName -Credential $credentials

    I believe that is what you are looking for. Not great as its username/password in plain text.

  • #63241

    Aapeli Hietikko

    I agree with Alex. Don't store the domain admin password – never ever.

    This would pop up you to type in password but would auto fill username.

    New-PSSession -ComputerName -Credential (Get-Credential domain\admin)
    • #63294


      Thank you for the hints.
      I performed the suggested steps in a small lab environment (so, no problem with the Domain Administrator's password) but I get the following error:

      PS C:\Users\user> $username = "Administrator"
      PS C:\Users\user> $Password = ConvertTo-SecureString -String "XXXXXXXX" -AsPlainText -force
      PS C:\Users\user> $credentials =  New-Object System.Management.Automation.PSCredential -ArgumentList $username, $pass
      PS C:\Users\user> New-PSSession -ComputerName -Credential $credentials
      New-PSSession : [] Connecting to remote server failed with the following error message : The
      WinRM client cannot process the request. If the authentication scheme is different from Kerberos, or if the client
      computer is not joined to a domain, then HTTPS transport must be used or the destination machine must be added to the
      TrustedHosts configuration setting. Use winrm.cmd to configure TrustedHosts. Note that computers in the TrustedHosts
      list might not be authenticated. You can get more information about that by running the following command: winrm help
      config. For more information, see the about_Remote_Troubleshooting Help topic.
      At line:1 char:1
      + New-PSSession -ComputerName -Credential $credentials
      + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
          + CategoryInfo          : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [New-PSSession], PSRemotin
          + FullyQualifiedErrorId : ServerNotTrusted,PSSessionOpenFailed
      PS C:\Users\user>

      Please consider that neither the client PC or the client user are members of the AD domain.
      By the way, I got the same error after entering the same command with a wrong IP address.
      I don't think, however, it's a network issue because I can ping the IP address of the DC and (in the lab enviromnent) the firewall on the DC is disabled.
      While moving to the production environment I'll need to face a more complex networking configuration, but at the moment I'd like to start from a simpler lab environmet.
      How can I troubleshoot the problem?

    • #63295


      Can you run the command:

      New-PSSession -ComputerName -Credential (get-credentials)

      Input the credentials, do you still get the same issue?

      If you do then you might need to run enable-psremoting on the machine you are trying to connect to.

  • #63292


    Another method you could try is:

    ##This stores the username and password object in a XML file
    $path = C:\SomePlaceOnMyCDrive
    $cred = Get-Credential
    $cred | Export-Clixml "$path\Password.xml"
    ##Import the XML file and use the username and password from it
    ##Only the user that created the XML file can decrypt it.
    $UserDetails = Import-Clixml $path\Password.xml
    $LoginDeets =  New-Object System.Management.Automation.PSCredential -ArgumentList $UserDetails.username,$UserDetails.password
    New-PSSession -ComputerName -Credential $LoginDeets

    This is another method that does not store the Username and Password in plain text. It does require the same user to login though.

  • #63319

    Richard Siddaway

    use the computer name rather than the IP address. Why do you say you need to specify the IP address. New-PsSession expects a name by default. If you want to start using IP addresses you need to think about trusted hosts and possibly encrypting the connection

You must be logged in to reply to this topic.