Author Posts

November 6, 2014 at 8:39 am

Hi,

I'm in the process of writing a script that handles username changes in AD and other Microsoft products...ex Lync, Exchange, SharePoint.

The idea is to run the script from one central location and have it tied to the various servers and run their commands (lync, exchange, Sharepoint) via ps remoting.
I've been successful in doing this with Exchange and Lync by using New-PSSession and Import-PSSession, but for sharepoint i was thinking of using invoke-command since we have a few different farms.

2 farms are on SharePoint 2007 with Windows Server 2003 R2 with powershell 2.0 installed
2 farms are on SharePoint 2010 with Windows Server 2008 R2

So since SharePoint 2007 doesn't have any native powershell cmdlets i figured i would use invoke-command with stsadm

# SharePoint 2007
$username = "Domain\FarmAdmin"
$password = "password"

# Convert the password to a secure string
$securePassword = ConvertTo-SecureString -AsPlainText "$password" -Force

# Define the credential
$cred = New-Object -typename System.Management.Automation.PSCredential -ArgumentList $username, $securePassword
Invoke-Command -ComputerName SharePointAppServer -ScriptBlock {stsadm.exe -o migrateuser -oldlogin domain\test -newlogin domain\test1 -ignoresidhistory}

My issue is that when i try to run this command i get the following error

Object reference not set to an instance of an object.
+ CategoryInfo : NotSpecified: (Object referenc...e of an object.:String) [], RemoteException
+ FullyQualifiedErrorId : NativeCommandError
+ PSComputerName : SharePointAppServer

NonSpécifié : (:) [], RemoteException

I checked to make sure that psremoting was enabled and that fire wall exception were there, and i am able to run other powershell commands with invoke-command against this server just not stsadm.

Next i tried this against the SharePoint 2010 server and had the same result. I know that there is the Move-SPUser cmdlet, but it's more a pain to use since you have to specify the website and use get-spuser instead of simply specifying the username.

After a bit of reading i found this article (http://blogs.msdn.com/b/opal/archive/2010/03/07/sharepoint-2010-with-windows-powershell-remoting-step-by-step.aspx) which describes a few extra steps needed for sharepoint when enabling psremoting....mainly Enable-WSManCredSSP –Role Server

The problem with windows 2003 r2 is that this command doesn't work

So my next though was to use psexec in powershell but it seems to throw an error even though the command completes.

So i'm wondering if anyone has any ideas how to get this working

Thanks

November 6, 2014 at 2:11 pm

You're likely running into a double-hop authentication problem, which is what that MSDN blog article describes. Unfortunately, CredSSP was introduced in Win2008/Vista, and isn't available on older versions of Windows. That's one of the downsides of continuing to use an older operating system – some of the fancier new stuff, like remoting, can't be made to work reliably.