Remote session to a Domain controller

This topic contains 6 replies, has 4 voices, and was last updated by Profile photo of Richard Siddaway Richard Siddaway 5 months, 2 weeks ago.

  • Author
    Posts
  • #63238
    Profile photo of marius
    marius
    Participant

    I need to create a remote PowerShell session to a Domain Controller.
    I need to specify the IP address of the DC while opening the connection, so my command looks like:

    New-PSSession -ComputerName 192.168.1.1 -Credential (Get-Credential)

    I know the domain name (let's say, mydomain.local), the DC name (let's say, mydc.maydomain.local), the Administrator's user name and the password. What is the right syntax to specify them while opening the remore session?

    Regards

    marius

  • #63240
    Profile photo of Alex
    Alex
    Participant
    $username = "Username"
    $Password = ConvertTo-SecureString -String "password" -AsPlainText -force
    
    $credentials =  New-Object System.Management.Automation.PSCredential -ArgumentList $username, $password
    
    New-PSSession -ComputerName 192.168.1.1 -Credential $credentials
    

    I believe that is what you are looking for. Not great as its username/password in plain text.

  • #63241
    Profile photo of Aapeli Hietikko
    Aapeli Hietikko
    Participant

    I agree with Alex. Don't store the domain admin password – never ever.

    This would pop up you to type in password but would auto fill username.

    New-PSSession -ComputerName 192.168.1.1 -Credential (Get-Credential domain\admin)
    
    • #63294
      Profile photo of marius
      marius
      Participant

      Thank you for the hints.
      I performed the suggested steps in a small lab environment (so, no problem with the Domain Administrator's password) but I get the following error:

      PS C:\Users\user> $username = "Administrator"
      PS C:\Users\user> $Password = ConvertTo-SecureString -String "XXXXXXXX" -AsPlainText -force
      PS C:\Users\user> $credentials =  New-Object System.Management.Automation.PSCredential -ArgumentList $username, $pass
      word
      PS C:\Users\user> New-PSSession -ComputerName 192.168.1.1 -Credential $credentials
      New-PSSession : [192.168.1.1] Connecting to remote server 192.168.1.1 failed with the following error message : The
      WinRM client cannot process the request. If the authentication scheme is different from Kerberos, or if the client
      computer is not joined to a domain, then HTTPS transport must be used or the destination machine must be added to the
      TrustedHosts configuration setting. Use winrm.cmd to configure TrustedHosts. Note that computers in the TrustedHosts
      list might not be authenticated. You can get more information about that by running the following command: winrm help
      config. For more information, see the about_Remote_Troubleshooting Help topic.
      At line:1 char:1
      + New-PSSession -ComputerName 192.168.1.1 -Credential $credentials
      + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
          + CategoryInfo          : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [New-PSSession], PSRemotin
         gTransportException
          + FullyQualifiedErrorId : ServerNotTrusted,PSSessionOpenFailed
      
      PS C:\Users\user>

      Please consider that neither the client PC or the client user are members of the AD domain.
      By the way, I got the same error after entering the same command with a wrong IP address.
      I don't think, however, it's a network issue because I can ping the IP address of the DC and (in the lab enviromnent) the firewall on the DC is disabled.
      While moving to the production environment I'll need to face a more complex networking configuration, but at the moment I'd like to start from a simpler lab environmet.
      How can I troubleshoot the problem?
      Regards
      marius

    • #63295
      Profile photo of Alex
      Alex
      Participant

      Can you run the command:

      New-PSSession -ComputerName 192.168.1.1 -Credential (get-credentials)
      

      Input the credentials, do you still get the same issue?

      If you do then you might need to run enable-psremoting on the machine you are trying to connect to.

  • #63292
    Profile photo of Alex
    Alex
    Participant

    Another method you could try is:

    ##This stores the username and password object in a XML file
    $path = C:\SomePlaceOnMyCDrive
    $cred = Get-Credential
    $cred | Export-Clixml "$path\Password.xml"
    
    ##Import the XML file and use the username and password from it
    ##Only the user that created the XML file can decrypt it.
    $UserDetails = Import-Clixml $path\Password.xml
    $LoginDeets =  New-Object System.Management.Automation.PSCredential -ArgumentList $UserDetails.username,$UserDetails.password
    
    
    New-PSSession -ComputerName 192.168.1.1 -Credential $LoginDeets
    
    

    This is another method that does not store the Username and Password in plain text. It does require the same user to login though.

  • #63319
    Profile photo of Richard Siddaway
    Richard Siddaway
    Moderator

    use the computer name rather than the IP address. Why do you say you need to specify the IP address. New-PsSession expects a name by default. If you want to start using IP addresses you need to think about trusted hosts and possibly encrypting the connection

You must be logged in to reply to this topic.