Author Posts

October 21, 2015 at 6:14 am

Hi,
I am trying the code fragment below to try to wrap Powershell around DCPRomo to promote a new domain controller in an existing domain, I am able to build the unattend file, pass it to the remote server, then use the invoke-command to start DCPromo succesfully.
But DCPromo itself is failing with the error (second quote below)

$AdminCred=Get-Credential -Message 'Please provide user credentials with privileges for AD Promotion'
$AdminUsername = $admincred.username
$AdminPassword = $AdminCred.GetNetworkCredential().password
Invoke-Command -Session $s -ScriptBlock {param($AdminUsername,$AdminPassword) dcpromo.exe /unattend:$MyUnattend /UserName:"$AdminUsername" /Password:"$AdminPassword"}

Below the specific error:

dcpromoui 974.314 020C 09:50:42.692 Enter CLdapOperationConnect::Execute target=$(domainDnsName), options=0x10
dcpromoui 974.314 020D 09:50:42.708 DsGetDcNameW() returned TESTAD2K8.contoso.com
dcpromoui 974.314 020E 09:50:42.723 Calling ldap_bind_sW(ld, NULL, pCreds, 1158)
dcpromoui 974.314 020F 09:50:42.739 LDAP connect(TESTAD2K8.contoso.com) succeeded
dcpromoui 974.314 0210 09:50:42.739 _lastLdapError_ < - "0" dcpromoui 974.314 0211 09:50:42.739 Enter CLdapOperationRead::Execute dcpromoui 974.314 0212 09:50:42.739 ldap_search("", 0, "objectClass=*", "defaultNamingContext;configurationNamingContext;schemaNamingContext;rootDomainNamingContext;dsServiceName;domainControllerFunctionality;domainFunctionality;forestFunctionality;tokenGroups;dnsHostName") dcpromoui 974.314 0213 09:50:42.755 _lastLdapError_ <- "1" dcpromoui 974.314 0214 09:50:42.770 ldap_search() failed, err=1 000004DC: LdapErr: DSID-0C0906E8, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v1db1 dcpromoui 974.314 0215 09:50:42.770 ***** EXCEPTION: 8007006e ldap_search() failed, err=1 000004DC: LdapErr: DSID-0C0906E8, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v1db1 dcpromoui 974.314 0216 09:50:42.770 Enter CLdapOperationDisconnect::Execute dcpromoui 974.314 0217 09:50:42.770 ExecuteScript() failed: ldap_search() failed, err=1 000004DC: LdapErr: DSID-0C0906E8, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v1db1 dcpromoui 974.314 0218 09:50:42.770 ExamineForest failed. The error is ldap_search() failed, err=1 000004DC: LdapErr: DSID-0C0906E8, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v1db1 dcpromoui 974.314 0219 09:50:42.770 performed state 11, next state 37 dcpromoui 974.314 021A 09:50:42.770 Enter State::GetHadNonCriticalFailures dcpromoui 974.314 021B 09:50:42.770 bHadNonCriticalFailures = false dcpromoui 974.314 021C 09:50:42.770 Enter State::UnbindFromReplicationPartnetDC dcpromoui 974.314 021D 09:50:42.770 Exit code is 78 dcpromoui 974.314 021E 09:50:42.770 Failed to examine the Active Directory forest. dcpromoui 974.314 021F 09:50:42.770 closing log dcpromoui 974.314 0031 09:50:42.786 Exit code is 78 dcpromoui 974.314 0032 09:50:42.786 closing log

October 21, 2015 at 6:15 am

I forgot to mention, the exact command when executed locally works just fine.

October 21, 2015 at 7:22 am

Nevermind, figured what the error was and it is the damned parameter variable passing of the Invoke-Command. It now looks like:

Invoke-Command -Session $s -ScriptBlock {param($AdminUsername,$AdminPassword) dcpromo.exe /unattend:$MyUnattend /UserName:"$AdminUsername" /Password:"$AdminPassword"} -ArgumentList $AdminUsername, $AdminPassword