使用Powershell远程调用Azure中的命令

Question

我正在编写一系列自动化脚本，这些脚本将允许我们的开发人员在Azure中建立一个简单的开发环境。此环境有3个主要属性：

1. 有一台客户端计算机（Windows 10），其中包含IDE和代码等开发工具。
2. 有一台服务器计算机（Windows Server 2016），其脚本将以此为目标。
3. 这两台计算机都位于同一个域中，并且可以使用1个域管理员用户。

我已经完成了第1步和第2步的编写，但目前是3个混乱。由于脚本设计为可以在Developer的本地工作站上运行，因此我需要将脚本远程连接到Windows Server并运行一些命令来设置域控制器。

这是我目前的代码：

Invoke-Command -ComputerName "$RGName-$VMPurpose" -ScriptBlock 
{
    $ADFeature = Install-WindowsFeature AD-Domain-Services
    If ($ADFeature.Success -eq $true)
    {
        Import-Module ADDSDeployment
        Install-ADDSForest -CreateDnsDelegation:$false -DatabasePath 
"C:\Windows\NTDS" -DomainMode "Win2016R2" -DomainName "$project.com" -
DomainNetbiosName "$project" -ForestMode "Win2016R2" -InstallDns:$true -
LogPath "C:\Windows\NTDS" -NoRebootOnCompletion $false -sysvolpath 
"C:\Windows\SYSVOL" -force $true
        $domUserPassword = ConvertTo-SecureString "Th1s is a bad password" -
AsPlainText -Force
        New-ADUser -Name "$VMPurpose-DomAdm" -AccountPassword 
$domUserPassword
        Add-ADGroupMember -Name "Administrators" -Member {Get-ADUser 
"$VMPurpose-DomAdm"}
    }
} -Credential $Cred

当我尝试运行此操作时，出现错误，表明WinRM无法连接，特别是此错误：

[Foo] Connecting to remote server Foo failed with the following error 
message : WinRM cannot process the request. The following error with 
errorcode 0x80090311
occurred while using Kerberos authentication: There are currently no logon 
servers available to service the logon request.
 Possible causes are:
  -The user name or password specified are invalid.
  -Kerberos is used when no authentication method and no user name are 
specified.
  -Kerberos accepts domain user names, but not local user names.
  -The Service Principal Name (SPN) for the remote computer name and port 
does not exist.
  -The client and remote computers are in different domains and there is no 
trust between the two domains.
 After checking for the above issues, try the following:
  -Check the Event Viewer for events related to authentication.
  -Change the authentication method; add the destination computer to the 
WinRM TrustedHosts configuration setting or use HTTPS transport.
 Note that computers in the TrustedHosts list might not be authenticated.
   -For more information about WinRM configuration, run the following 
command: winrm help config. For more information, see the 
about_Remote_Troubleshooting Help topic.
    + CategoryInfo          : OpenError: (Foo:String) [], 
PSRemotingTransportException
    + FullyQualifiedErrorId : AuthenticationFailed,PSSessionStateBroken

我将目标计算机（Foo）添加到WinRM中的TrustedHosts配置设置中（我实际上添加了IP地址以确保没有发生任何DNS问题），然后我收到此错误：

[Foo's IP] Connecting to remote server <Foo's IP> failed with the following 
error message : WinRM cannot complete the operation. Verify that the 
specified computer name is valid, that the
computer is accessible over the network, and that a firewall exception for 
the WinRM service is enabled and allows access from this computer. By 
default, the WinRM firewall exception for public
profiles limits access to remote computers within the same local subnet. For 
more information, see the about_Remote_Troubleshooting Help topic.
    + CategoryInfo          : OpenError: (Foo's Ip[:String) [], 
PSRemotingTransportException
    + FullyQualifiedErrorId : WinRMOperationTimeout,PSSessionStateBroken

有什么想法吗？我试图通过Powershell无法工作吗？

Answer 1

根据您的错误消息，我们可以使用此PowerShell脚本调用Azure命令：

$username = 'jason'
$pass = ConvertTo-SecureString -string 'password' -AsPlainText -Force
$cred = New-Object -typename System.Management.Automation.PSCredential -argumentlist $username, $pass
$s = New-PSSession -ConnectionUri 'http://23.99.82.2:5985' -Credential $cred -SessionOption (New-PSSessionOption -SkipCACheck -SkipCNCheck -SkipRevocationCheck)
Invoke-Command -Session $s -ScriptBlock {Get-Process PowerShell}

PowerShell结果如下：

有关invoke命令的更多信息，请参阅此answer。