powershell脚本无法进行Windows身份验证

时间:2017-09-05 19:26:58

标签: sql-server powershell sql-server-2012

我们已经创建了PowerShell脚本,它运行特定文件夹中的所有脚本。

$server = Read-Host -Prompt 'Please enter server name'
$usrname = Read-Host -Prompt 'Please enter user name'
$passwd = Read-Host -Prompt 'Please enter password' -assecurestring
$dbname = Read-Host -Prompt 'Please enter DB name'
$ScriptFolder = Read-Host -Prompt 'Please enter the folder path'

$passwd =[Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($passwd))

$logfile = "$ScriptFolder"+"\Scripts_Log_"+(Get-
 Date).ToString("yyyyMMdd")+".txt"

"$(Get-Date) : Queries to be executed for Database $dbname on $server " >> $logfile

try{
 $SqlConnection = New-Object System.Data.SqlClient.SqlConnection
 $SqlConnection.ConnectionString = "Server=$server;Database=$dbname;trusted_connection=true;User ID=$usrname;Password=$passwd;"
 $SqlConnection.Open()
 $SqlCmd = New-Object System.Data.SqlClient.SqlCommand

foreach ($query in Get-ChildItem -path $ScriptFolder -Filter *.sql)
{
    $qu = Get-Content $query.FullName

    try{

        $command = $SqlConnection.CreateCommand()
        $command.CommandText = $qu

        $Reader = $Command.ExecuteReader()

        $Reader

        "$(Get-Date) : $query - Successfully executed`n" >> $logfile
        write-host "$query - Successfully executed`n" -foregroundcolor "Green"

        $Reader.close()

        }



 catch{
        write-host "Unable to execute - $query :" -foregroundcolor "Red"
        write-host "$_.Message`n" -foregroundcolor "Red"
        "$(Get-Date) : $query - Script failed due to:" >> $logfile
        "$_.Message`n" >> $logfile
    }
}
}

  catch{
    write-host "Login failed:" -foregroundcolor "Red"
    write-host "$_.Message`n" -foregroundcolor "Red"
    "$(Get-Date) : login failedn:" >> $logfile
    "$_.Message`n" >> $logfile
}

$SqlConnection.Close()

write-host "All the process has been completed" -foregroundcolor "Yellow"
"$(Get-Date) : All the process has been completed" >> $logfile

但是当这个脚本在我有Windows身份验证的数据库服务器上运行时,它在每个循环内部都没有做任何事情也没有失败。有没有办法让这个脚本适用于Windows和SQL身份验证

1 个答案:

答案 0 :(得分:1)

在PowerShell远程会话中,$ScriptFolder是第三个服务器的UNC路径吗?如果是这样,这可能是two-hop kerberos problem

您无法在第三台服务器上列出文件,因此循环将循环显示空集。您可以使用CredSSP或其他各种技术来解决它,但它们在设置IMX时都会有不同程度的痛苦。他们上面推荐的方法,基于资源的Kerberos约束委派,是一种我没有使用但需要Windows Server 2012的域控制器的方法。

您可以通过将第三个服务器的文件共享权限授予您正在运行的计算机帐户来解决此问题,但根据您正在执行的操作,可能无法正常工作。

$using:cred方法也可以正常工作,但是当你的至少一个域控制器是Server 2012时,显然它不起作用(或者你不应该使用它......文章有点含糊不清)或以后。在这一点上,这当然应该是真的。

# This works without delegation, passing fresh creds            
# Note $Using:Cred in nested request            
$cred = Get-Credential Contoso\Administrator            
Invoke-Command -ComputerName ServerB -Credential $cred -ScriptBlock {            
    hostname            
    Invoke-Command -ComputerName ServerC -Credential $Using:cred -ScriptBlock {hostname}            
}

这是另一篇文章,讨论了解决这个问题的方法的优缺点:

Making the second hop in PowerShell Remoting

相关问题
最新问题