I am still researching the best way to do this. If anyone has a suggestion please let me know.
I am looking to pass PowerShell commands to a remote machine and receive verification that the command was successful.
The script should not proceed until result is received.
If command fails it should attempt again until it is successful on the remote computer, failure may occur if AD and Skype replication has not completed.
Here is what I have so far.
Not quite working but the above 3 rules. If there is a better way of doing this I am all ears.
$SkypeFeRemoteComputers = Get-SkypeRegistrarPoolInfo -Pool $RegistrarPool
$RemoteFEComputerCompletedSuccessfull = $false
foreach ($Computer in $SkypeFeRemoteComputers) {
if ($RemoteFEComputerCompletedSuccessfull -eq $false) {
try {
Invoke-Command -ComputerName $Computer -AsJob -JobName myJob_NewCommonAreaPhone -ErrorAction Stop -ArgumentList $LineURI,$RegistrarPool, $OU_CommonArea, $Description, $DisplayName, $DisplayNumber, $SIP -ScriptBlock {
Param($R_LineURI, $R_RegistrarPool, $R_OU_CommonArea, $R_Description, $R_DisplayName, $R_DisplayNumber, $R_SIP)
New-CsCommonAreaPhone -LineUri $R_LineURI -RegistrarPool $R_RegistrarPool -OU $R_OU_CommonArea -Description $R_Description -DisplayName $R_DisplayName -DisplayNumber $R_DisplayNumber -SipAddress $R_SIP -WhatIf;
Move-CsCommonAreaPhone -Identity $R_SIP -Target $R_RegistrarPool;
Grant-CsClientPolicy -PolicyName "SkypeUI" -Identity $R_SIP;
Grant-CsVoicePolicy -PolicyName "NA-TX-LAP" -Identity $R_SIP;
Grant-CsDialPlan -PolicyName "NA-TX-LAP" -Identity $R_SIP;
Set-CsClientPin -Identity $R_SIP -Pin 1111;
}
Get-Job
$Result = Invoke-Command -Session $Session -ScriptBlock {
Receive-Job -Name myJob_NewCommonAreaPhone -Keep
}
if ($Result -eq $true) {
$RemoteFEComputerCompletedSuccessfull = $true
}
} catch {
Add-Content Unavailable-Computers.txt $Computer
}
}
}
Write-Host "New-CsCommonAreaPhone -LineUri $lineuri -RegistrarPool $SFBFQDNRegistrarPool -OU $OU -Description $Description -DisplayName $DisplayName -DisplayNumber $DisplayNumber -SipAddress $SIP"
} else {
Write-Host "Set-CsCommonAreaPhone -identity $sip -sipaddress $sip -DisplayName $phone.Display -DisplayNumber $phone.Display"
}
}
Somethings I am researching to do this is perhaps also Invoke-Expression.
I have not yet found a solution to validate the script sent ran successfully or not. However the next best item I could come up with was to test that WinRM I could communicate and would accept commands. Then I guess I have to just trust WinRM completed the Invoke Command.
Function Enable-CommonAreaPhones
{
[CmdletBinding()]
param
(
#[Parameter(Position = 2)]
[Parameter(Mandatory)]
$DisplayName,
[Parameter(Mandatory)]
$SIP,
[Parameter(Mandatory)]
$LineURI,
[Parameter(Mandatory)]
$OU_CommonArea,
[Parameter(Mandatory)]
$CreateNewCAP = $true,
[Parameter(Mandatory)]
$RegistrarPool,
[Parameter(Mandatory)]
$DisplayNumber,
[Parameter(Mandatory)]
$Description
)
<#
dynamicparam {
#https://mcpmag.com/articles/2016/10/06/implement-dynamic-parameters.aspx
#https://stackoverflow.com/questions/42318419/powershell-using-dynamic-parameters-value
#https://github.com/PowerShell/PowerShell/issues/3704
$ParameterName_SFBRegistrarPool = 'SFBRegistrarPool'
$ParamAttrib = New-Object System.Management.Automation.ParameterAttribute
$ParamAttrib.Mandatory = $true
$ParamAttrib.ParameterSetName = '__AllParameterSets'
$AttribColl = New-Object System.Collections.ObjectModel.Collection[System.Attribute]
$AttribColl.Add($ParamAttrib)
$ValidateItems = (get-csservice -Registrar).PoolFqdn
$AttribColl.Add((New-Object System.Management.Automation.ValidateSetAttribute($ValidateItems)))
$RuntimeParam = New-Object System.Management.Automation.RuntimeDefinedParameter($ParameterName_SFBRegistrarPool, [string], $AttribColl)
$RuntimeParamDic = New-Object System.Management.Automation.RuntimeDefinedParameterDictionary
$RuntimeParamDic.Add($ParameterName_SFBRegistrarPool, $RuntimeParam)
return $RuntimeParamDic
}
begin
{$RegistrarPool = $PsBoundParameters[$ParameterName_SFBRegistrarPool]}
process
{}
End
{}
#>
if ($CreateNewCAP)
{
<#
#$Description = "Huddle-N405-172B"
#$DisplayName = "(713)577-3160"
#$DisplayNumber = "+1-713-577-3160"
#$LineURI = 'tel:+17135773160;ext=3160'
#$SIP = 'sip:Huddle-N405-172B.BR172B#mrcglobal.com'
#$OU = "OU=172B LA PORTE -- TX,OU=Gulf Coast,OU=CAP,OU=Lync,DC=mcjunkinredman,DC=com"
#$RegistrarPool = 'hexlsfepool.mcjunkinredman.com'
#>
param($LineURI,$RegistrarPool, $OU_CommonArea, $Description, $DisplayName, $DisplayNumber,$SIP )
write-host "New-CsCommonAreaPhone -LineUri $lineuri -RegistrarPool $SFBFQDNRegistrarPool -OU $OU -Description $Description -DisplayName $DisplayName -DisplayNumber $DisplayNumber -SipAddress $SIP"
New-CsCommonAreaPhone -LineUri $LineURI -RegistrarPool $RegistrarPool -OU $OU_CommonArea -Description $Description -DisplayName $DisplayName -DisplayNumber $DisplayNumber -SipAddress $SIP -WhatIf;
Grant-CsClientPolicy -PolicyName "SkypeUI" -Identity $SIP;
Grant-CsVoicePolicy -PolicyName "NA-TX-LAP" -Identity $SIP;
Grant-CsDialPlan -PolicyName "NA-TX-LAP" -Identity $SIP;
#Set-CsClientPin –Identity $SIP -Pin 1111;
#Move-CsCommonAreaPhone -Identity $SIP -Target $R_RegistrarPool;
}
Else
{
#Get-CsCommonAreaPhone | Set-CsCommonAreaPhone -Enabled $True
#Get-CsCommonAreaPhone -Filter {Description -eq $Null} | Set-CsCommonAreaPhone -Description "Common area phone"
#Get-CsCommonAreaPhone -Filter {LineUri -eq "tel:+14255556710"} | Set-CsCommonAreaPhone -DisplayName "Employee Lounge"
}
}
function invoke-SkypeObject_RemoteModification_CommonAreaPhones
{
#Finds all Front End Servers
$SkypeFeRemoteComputers = Get-SkypeRegistrarPoolInfo -Pool $RegistrarPool
$RemoteFEComputerCompletedSuccessfull = $false
ForEach ($Computer in $SkypeFeRemoteComputers)
{
#Validates Command has only ran on 1 machine
#Validates the computer exists and can accept invoke commands via the WinRM Command
If ((!($RemoteFEComputerCompletedSuccessfull)) -and (Test-Connection -ComputerName $env:COMPUTERNAME -Quiet) -and (Test-WSMan -ComputerName $computer -ErrorAction Ignore))
{
#https://ss64.com/ps/syntax-functions.html
$scriptblock = $executioncontext.InvokeCommand.NewScriptBlock(${function:Enable-CommonAreaPhones})
Invoke-Command -Session $allsession -ScriptBlock $scriptblock -ArgumentList $R_LineURI,$R_RegistrarPool, $R_OU_CommonArea, $R_Description, $R_DisplayName, $R_DisplayNumber,$R_SIP -ErrorVariable errorMsg
Invoke-Command -Session $allsession -ScriptBlock ${function:Enable-CommonAreaPhones} -ArgumentList $R_LineURI,$R_RegistrarPool, $R_OU_CommonArea, $R_Description, $R_DisplayName, $R_DisplayNumber,$R_SIP -ErrorVariable errorMsg
$RemoteFEComputerCompletedSuccessfull = $true
}
}
}
Related
My workflow:
check if server is pingable
find if they are domain connected or not and perform a task accordingly. if Operating system 2012 and/or R2 ,2016 or 2019 newer OSes then I will run Get-SmbServerConfiguration cmdlet. if machine is not a part of default domain then else block will run.
if Operating system 2003 or 2008 oldest OSes then I will run Get-Wmi cmdlet. if machine is not a part of default domain then else block will run.
Finally , I will concentanate $results variable.
My question is :
1- How can we get remotely regedit value for 2003 or 2008 oldest OSes IS NOT a part of default domain insie else block?
Also , Condition will be like below.
if SMB1 value is "0" then result will be `false`
if SMB1 value is "1" then result will be `true`
if SMB1 value is not exist then result will be `not exist value`
2- How can I create object properties $SMBAudit variable ? because , I will concentanate all outputs inside $results variable.
$reg = [wmiclass]"\\$computer\root\default:StdRegProv"
$SMBAudit = $reg.GetStringValue($basekey, $subkey, $value).sValue
My desired output :
Computername,SMB1Enabled
Host01,True
Host02,False
I will write so far a script like below. but I am stucking somethings.
Script :
# Computer List
$allComputers = Get-Content .\path\to\computers.txt
read-host -assecurestring | convertfrom-securestring | out-file C:\mysecurestring_domain.txt
read-host -assecurestring | convertfrom-securestring | out-file C:\mysecurestring_local.txt
# Create empty array of results
$Results = #()
# Loop through computers
foreach($computer in $allComputers) {
# check if server is pingable before running the query on the server
if (Test-Connection $computer -Count 1 -Quiet) {
Write-Host "`n`n$computer is online!" -BackgroundColor Green -ForegroundColor Black
}
if(Get-ADComputer -Filter {Name -eq $computer -and OperatingSystem -notlike '*Windows*Server*2003*' -and OperatingSystem -notlike '*Windows*Server*2008*'})
{
#"machine $_ is a part of default domain"
# The command we want to run
$username = "domain01\admin01"
$password = Get-Content 'C:\mysecurestring_domain.txt' | ConvertTo-SecureString
$cred = new-object -typename System.Management.Automation.PSCredential -argumentlist $username, $password
$SMB = Invoke-Command -ComputerName $computer -Credential $cred -ScriptBlock {Get-SmbServerConfiguration | Select EnableSMB1Protocol }
# Create properties
$Properties = #{
# Populate the properties "Computername" and "SMB1Enabled" with variables
Computername = $Computer
SMB1Enabled = $SMB.EnableSMB1Protocol
}
# Add the properties to the result for each object
$Results += New-Object psobject -Property $Properties
}
else
{
#"machine $_ IS NOT a part of default domain"
$username = "localadmin01"
$password = Get-Content 'C:\mysecurestring_local.txt' | ConvertTo-SecureString
$cred = new-object -typename System.Management.Automation.PSCredential -argumentlist $username, $password
$SMB = Invoke-Command -ComputerName $computer -Credential $cred -ScriptBlock {Get-SmbServerConfiguration | Select EnableSMB1Protocol }
# Create properties
$Properties = #{
# Populate the properties "Computername" and "SMB1Enabled" with variables
Computername = $Computer
SMB1Enabled = $SMB.EnableSMB1Protocol
}
# Add the properties to the result for each object
$Results += New-Object psobject -Property $Properties
}
# Oldest OSes
if(Get-ADComputer -Filter {Name -eq $computer -and OperatingSystem -notlike '*Windows*Server*2012*' -and OperatingSystem -notlike '*Windows*Server*2016*' -and OperatingSystem -notlike '*Windows*Server*2019*'})
{
#"machine $_ is a part of default domain"
# The command we want to run
<# HKEY_CLASSES_ROOT (2147483648 (0x80000000))
HKEY_CURRENT_USER (2147483649 (0x80000001))
HKEY_LOCAL_MACHINE (2147483650 (0x80000002))
HKEY_USERS (2147483651 (0x80000003))
HKEY_CURRENT_CONFIG (2147483653 (0x80000005))
#>
$basekey = [uint32]'0x80000002'
$subkey = 'SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters'
$value = 'SMB1'
$reg = [wmiclass]"\\$computer\root\default:StdRegProv"
$SMBAudit = $reg.GetStringValue($basekey, $subkey, $value).sValue
}
else
{
#"machine $_ IS NOT a part of default domain"
}
# Output
$Results | Select-Object Computername, SMB1Enabled | Out-File -Filepath c:\temp\smb1-computers.txt
I think you are over complicating this and although not tested by me, you could try this:
# Computer List
$allComputers = Get-Content '.\path\to\computers.txt'
# get credentials for domain-joined machines and for local machines
$domainCred = Get-Credential -UserName "domain01\admin01" -Message "Please enter the DOMAIN password"
$localCred = Get-Credential -UserName "localadmin01" -Message "Please enter the LOCAL password"
# loop through the list of computers and collect output in variable $Results
$Results = foreach($computer in $allComputers) {
# check if server is pingable before running the query on the server
if (Test-Connection -ComputerName $computer -Count 1 -Quiet) {
Write-Host "$computer is online!" -BackgroundColor Green -ForegroundColor Black
$server = Get-ADComputer -Filter "Name -eq '$computer'" -Properties OperatingSystem -ErrorAction SilentlyContinue
# if domain joined, use $domainCred, otherwise $localCred
if ($server) {
$cred = $domainCred
$version = ([regex]'Windows Server (\d+)').Match($server.OperatingSystem).Groups[1].Value
}
else {
$cred = $localCred
$info = Get-WmiObject -ComputerName $computer -Credential $cred -Class Win32_OperatingSystem
$version = ([regex]'Windows Server (\d+)').Match($info.Caption).Groups[1].Value
}
if ($version -eq '2003') {
# try reading the registry
try {
$RegBase = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('LocalMachine', $Computer)
$RegKey = $RegBase.OpenSubKey("SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters")
$SMB = $RegKey.GetValue("SMB1")
[PsCustomObject]#{ ComputerName = $computer; SMB1Enabled = ($null -eq $SMB -or [int]$SMB -eq 1) }
}
catch {
[PsCustomObject]#{ ComputerName = $computer; SMB1Enabled = 'Could not read Remote Registry' }
}
finally {
if ($RegBase) { $RegBase.Close() }
if ($RegKey) { $RegKey.Close() }
}
}
elseif ($version -eq '2008') {
# Older OS
try {
# try via WinRM
$SMB = Invoke-Command -ComputerName $computer -Credential $cred -ScriptBlock {
Get-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters' -Name SMB1
} -ErrorAction Stop
# output an object
[PsCustomObject]#{ ComputerName = $computer; SMB1Enabled = ($null -eq $SMB -or [int]$SMB -eq 1) }
}
catch {
# try reading the registry
try {
$RegBase = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('LocalMachine', $Computer)
$RegKey = $RegBase.OpenSubKey("SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters")
$SMB = $RegKey.GetValue("SMB1")
[PsCustomObject]#{ ComputerName = $computer; SMB1Enabled = ($null -eq $SMB -or [int]$SMB -eq 1) }
}
catch {
[PsCustomObject]#{ ComputerName = $computer; SMB1Enabled = 'Could not read Remote Registry' }
}
finally {
if ($RegBase) { $RegBase.Close() }
if ($RegKey) { $RegKey.Close() }
}
}
}
else {
# Newer OS
$SMB = Invoke-Command -ComputerName $computer -Credential $cred -ScriptBlock { Get-SmbServerConfiguration | Select-Object EnableSMB1Protocol }
# output an object
[PsCustomObject]#{ ComputerName = $computer; SMB1Enabled = $SMB.EnableSMB1Protocol }
}
}
else {
Write-Warning "Computer $computer is off-line"
# output an object anyway, so that in the CSV it is known that the computer didn't ping
[PsCustomObject]#{ ComputerName = $computer; SMB1Enabled = 'Off-Line' }
}
}
# Output on screen
$Results | Format-Table -AutoSize
# Output to CSV file
$Results | Export-Csv -Path 'c:\temp\smb1-computers.csv' -NoTypeInformation -UseCulture
Simple PowerShell script to create a computer group in AD. If the group exists, print already exists else create new. But something is wrong and its not creating a new group.
Import-Module ActiveDirectory
Import-Module Centrify.DirectControl.PowerShell
Clear-Variable -Name "Result"
Clear-Variable -Name "JSONOutput"
Clear-Variable -Name "ErrorMessage"
Clear-History
$username='<>';
$password='<>';
$computerGroup = 'Sample-New-Role';
# ************* SET CREDENTIALS *************************************
$Password = ConvertTo-SecureString $password -AsPlainText -Force
$global:Cred = New-Object System.Management.Automation.PSCredential($username,$Password)
Set-CdmCredential -Domain (Get-WmiObject Win32_ComputerSystem).Domain -Credential $Cred
$global:DomainController = Get-ADDomain -Current LocalComputer
Set-CdmPreferredServer -Domain (Get-WmiObject Win32_ComputerSystem).Domain -Server $global:DomainController.InfrastructureMaster
$global:OUPath = Get-ADOrganizationalUnit -Filter 'Name -like "Role Groups-Computer"'
# ************************ Create Zone ******************************
try{
if(Get-ADGroup -filter {Name -eq $computerGroup} -ErrorAction Continue)
{
$Result = "Already_Exists"
} else
{
New-ADGroup -Name $computerGroup -GroupScope Global -GroupCategory Security -Path $global:OUPath -Credential $Cred
$Result = 'Success'
}
}
catch{
$ErrorMessage = $_.Exception
}
# ************************* Result *********************************
$JSONOutput = #{"result"=$Result;"error"=$ErrorMessage} | ConvertTo-Json -Compress
Write-Output $JSONOutput
Output: If Group already exist then just create new else print 'Already_Exists'
It works fine if group already exists but failed and error out when new group. Instead of an error, it should create the group. Anything wrong with the condition?
{"error":{"Message":"Cannot find an object with identity: \u002709328-Sample-New-Role\u0027 ....
Import-Module ActiveDirectory
Import-Module Centrify.DirectControl.PowerShell
Clear-Variable -Name "Result"
Clear-Variable -Name "JSONOutput"
Clear-Variable -Name "ErrorMessage"
Clear-History
$username='<>';
$password='<>';
$computerGroup = 'Sample-New-Role';
# ************* SET CREDENTIALS *************************************
$Password = ConvertTo-SecureString $password -AsPlainText -Force
$global:Cred = New-Object System.Management.Automation.PSCredential($username,$Password)
Set-CdmCredential -Domain (Get-WmiObject Win32_ComputerSystem).Domain -Credential $Cred
$global:DomainController = Get-ADDomain -Current LocalComputer
Set-CdmPreferredServer -Domain (Get-WmiObject Win32_ComputerSystem).Domain -Server $global:DomainController.InfrastructureMaster
$global:OUPath = Get-ADOrganizationalUnit -Filter 'Name -like "Role Groups-Computer"'
# ************************ Create Zone ******************************
try{
if(Get-ADGroup -filter {Name -eq $computerGroup} -ErrorAction Continue)
{
$Result = "Already_Exists"
} else
{
New-ADGroup -Name $computerGroup -GroupScope Global -GroupCategory Security -Path $global:OUPath -Credential $Cred
$Result = 'Success'
}
}
catch{
$ErrorMessage = $_.Exception
}
# ************************* Result *********************************
$JSONOutput = #{"result"=$Result;"error"=$ErrorMessage} | ConvertTo-Json -Compress
Write-Output $JSONOutput
It seems to be strange but I can't assign a value to variable inside of Invoke-Command. Here is the code below but when print out $targetComputerPath it's simply empty. What's wrong?
foreach ($item in $computersPath){
$computername = $item.Name
$username = $item.UserID
Write-Host computer $computername and user $username
if (Test-Connection -ComputerName $computername -Count 1 -ErrorAction SilentlyContinue)
{
if ($((Get-Service WinRM -ComputerName $computername).Status) -eq "stopped")
{
(Get-Service WinRM -ComputerName $computername).Start()
}
Invoke-Command -ComputerName $computername -ScriptBlock {
if ($((Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion").ReleaseId) -eq "1903" )
{
$targetComputerPath = "\\"+$computername+"\c$\Users\"+$username+"\Desktop\"
write-host "1903"
}
else
{
$targetComputerPath = "\\"+$computername+"\c$\Users\"+$username+"\Desktop\"
write-host "something else"
}
}
}
write-host $targetComputerPath
}
The point of WinRM is that you take a script block, and execute it on a different machine.
None of the variables you define in the host script will be available on the remote machine.
This becomes more apparent when you separate the "task", a.k.a the script block, from the Invoke-Command, like this:
$task = {
$version = Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion"
if ($version.ReleaseId -eq "1903") {
# note that `$username` cannot be available here, it's never been defined!
return "\\$env:COMPUTERNAME\c$\Users\$username\Desktop"
} else {
return "\\$env:COMPUTERNAME\c$\Users\$username\Desktop"
}
}
foreach ($item in $computersPath) {
$computername = $item.Name
$username = $item.UserID
Write-Host computer $computername and user $username
if (Test-Connection -ComputerName $computername -Count 1 -ErrorAction SilentlyContinue) {
$winrm = Get-Service WinRM -ComputerName $computername
if ($winrm.Status -eq "stopped") { $winrm.Start() }
$targetComputerPath = Invoke-Command -ComputerName $computername -ScriptBlock $task
Write-Host "The machine returned: $targetComputerPath"
}
}
As you can see, you can return values from the script block and they will be available as the return value of Invoke-Command.
If you want to pass arguments to your script block, this thread talks about that: How do I pass named parameters with Invoke-Command?
I'm tying to work out how I pass a variable from an if statement into a nested if statement starting at:
If ($server -eq $env:COMPUTERNAME)
Foreach ($comp in $computer) {
$server = split-FQDN $comp -part H
$domain = Split-FQDN $comp -part D
#Set the domain based parameters
If ($domain -eq '1.fqdn.com') {
set-domparams $domain $userprompt $userpass
}
Elseif ($domain -eq '2.fqdn.com') {
set-domparams $domain $userprompt $userpass
}
Elseif ($domain -eq '3.fqdn.com') {
set-domparams $domain $userprompt $userpass
}
ElseIf ($domain -eq '4.fqdn.com') {
set-domparams $domain $userprompt $userpass
}
ElseIf ($domain -eq '5.fqdn.com') {
set-domparams $domain $userprompt $userpass
}
ElseIf ($domain -eq '6.fqdn.com') {
set-domparams $domain $userprompt $userpass
}
If ($server -eq $env:COMPUTERNAME) {
$server = $_
#clear Kerberos ticket cache
Invoke-Expression -Command:'cmd.exe /c klist purge' | Out-Null
$buildlogsuccess = check-buildlog $domain
$chocologstatus = Invoke-Command -ScriptBlock {check-choco}
$KMSvalues = Invoke-Command -ScriptBlock {get-winlicense}
$parentOU = get-ParentOU (Get-ADComputer -Server $dc -SearchBase $searchbase -Filter {name -eq $server} -Credential $fetchCreds) | select -expand parentou
$SCCMcheck = Invoke-Command -ScriptBlock {get-sccmstatus}
$scomcheck = Invoke-Command -ScriptBlock {get-scomstatus} -argumentlist $scom
$AV = Invoke-Command -ScriptBlock {get-avstatus}
$wfirewall = Invoke-Command -ScriptBlock {(get-service MpsSvc).status}
$net35 = Invoke-Command -ScriptBlock {(Get-WindowsFeature NET-Framework-Core).installed}
$admins = Invoke-Command -ScriptBlock {check-admins}
$DomainComms = Invoke-Command -ScriptBlock {get-domaininfo}
$bigfix = Invoke-Command -ScriptBlock {get-bigfix}
}
Else {
$server = $_
#clear Kerberos ticket cache
Invoke-Expression -Command:'cmd.exe /c klist purge' | Out-Null
#start running functions against target server(s) to get required info
$PSSession = New-PSSession -ComputerName $comp -Credential $fetchCreds -Name $server
$buildlogsuccess = check-buildlog $domain
$chocologstatus = Invoke-Command -Session $pssession -ScriptBlock ${function:check-choco}
$KMSvalues = Invoke-Command -Session $PSSession -ScriptBlock ${Function:get-winlicense}
$parentOU = get-ParentOU (Get-ADComputer -Server $dc -SearchBase $searchbase -Filter {name -eq $server} -Credential $fetchCreds) | select -expand parentou
$SCCMcheck = Invoke-Command -Session $PSSession -ScriptBlock ${Function:get-sccmstatus}
$scomcheck = Invoke-Command -Session $PSSession -ScriptBlock ${function:get-scomstatus} -argumentlist $scom
$AV = Invoke-Command -Session $PSSession -ScriptBlock ${Function:get-avstatus}
$wfirewall = Invoke-Command -Session $PSSession -ScriptBlock {(get-service MpsSvc).status}
$net35 = Invoke-Command -Session $PSSession -ScriptBlock {(Get-WindowsFeature NET-Framework-Core).installed}
$admins = Invoke-Command -Session $PSSession -ScriptBlock ${Function:check-admins}
$DomainComms = Invoke-Command -Session $PSSession -ScriptBlock ${Function:get-domaininfo}
$bigfix = Invoke-Command -Session $PSSession -ScriptBlock ${Function:get-bigfix}
#clean up the remote session
Remove-PSSession -Name $server
}
I already have some global variables in use that are passed by a loaded function, but I'm trying to avoid do the same for this bit of code and understand how to pass my remaining variables ($comp, $computer and $domain) correctly to the next inner loop.
I've tried getting $server to work doing the following but haven't had any success as of yet:
$server = $_
This is more code review opinion instead of an answer, but anyway.
Instead of long if...elseif constructs, why not use table driven programming? If there are lots of domains and they require different credentials, maintaining the if...elseif is tedious. Store the credentials in custom Powershell objects and those in a hashtable. Then lookup can be done with the domain name only. Like so,
# Declare a hashtable and add custom credential objects
$creds=#{}
$creds.Add('foo.fqdn', $(New-Object –TypeName PSObject –Prop #{'Domain'='foo.fqdn'; 'User'='foo.user'; 'Pass'='foo.pass'}))
$creds.Add('bar.fqdn', $(New-Object –TypeName PSObject –Prop #{'Domain'='bar.fqdn'; 'User'='bar.user'; 'Pass'='bar.pass'}))
$creds.Add('zof.fqdn', $(New-Object –TypeName PSObject –Prop #{'Domain'='zof.fqdn'; 'User'='zof.user'; 'Pass'='zof.pass'}))
# Later when credentials are needed, check if the domain is present
# and get the values from the hashtable.
if($creds.ContainsKey($domain) {
set-domparams $domain $creds[$domain].User $creds[$domain].Pass
} else {
write-warning "Domain $domain not found!"
}
I think this is a non-question as your variables are valid within the loops/statements they are created.
Foreach ($comp in $computer) {
$server = split-FQDN $comp -part H
$domain = Split-FQDN $comp -part D
if($true){
# $comp, $server and $domain are all in scope
Write-host "$comp $server $domain"
if($true){
# also true in nested if statements
Write-host "$comp $server $domain"
}
}
Else{
# $comp, $server and $domain are all in scope
Write-host "$comp $server $domain"
}
}
# outside, $comp is not available, only $computer
# $server and $domain will only contain the values from the last run of the foreach loop.
Using invoke-parallel in Powershell, I'm trying to get a list of hosts where a certain command works vs. does not. How can I write to a global variable inside of invoke-parallel?
$creds = Get-Credential -UserName $username -Message 'Password?'
$servers = get-content .\hosts.txt
$success = #()
$failure = #()
Invoke-Parallel -InputObject $servers -throttle 20 -runspaceTimeout 30 -ImportVariables -ScriptBlock {
try
{
$result = Invoke-Command $_ -Credential $creds -Authentication "Negotiate" -ErrorAction Stop {hostname}
$success += $result
}
catch
{
$failure += $_
}
}
write-host $success
write-host $failure
Try this:
$Results = Invoke-Parallel -InputObject $servers -throttle 20 -runspaceTimeout 30 -ImportVariables -ScriptBlock {
try
{
$Output = Invoke-Command $_ -Credential $creds -Authentication "Negotiate" -ErrorAction Stop {hostname}
}
catch
{
$Output = $_
}
#($Output)
}
Final code sample for what I ended up using.
$username = "myuser"
$creds = Get-Credential -UserName $username -Message 'Password?'
$servers = get-content .\hosts.txt
$Results = Invoke-Parallel -InputObject $servers -throttle 20 -runspaceTimeout 30 -ImportVariables -ScriptBlock {
$arr = #{}
try
{
$Output = Invoke-Command $_ -Credential $creds -Authentication "Negotiate" {hostname} -ErrorAction Stop
$arr[$_] = "successful"
}
catch
{
$arr[$_] = "failed"
}
$arr
}
$Results