Import-PSSession-抛出凭证掩码

时间:2018-09-17 09:36:15

标签: powershell powershell-remoting

我在我们的域中使用Powershell脚本创建新用户时遇到了问题: 服务台将以管理员身份调用.bat,该bat会调用脚本文件以自动执行创建。在此脚本中,创建和导入了两个会话,以在本地使用Exchange和AD-cmdlet。 在导入期间/之后,将抛出第二个/第三个凭据掩码,但是单击“取消”将不起作用,脚本将无任何问题地运行。但是,这使服务台很烦。 直接从ISE运行.ps1时,不会显示掩码。另外,当将脚本的“创建/导入”部分C&P压缩为新文件并以与以前相同的方式调用它时,也不会显示这些掩码。

这是.ps1-文件的一部分:

<#
.DESCRIPTION
    Creates a new standard user
.NOTES
    Requires        : Exchange 2016 Remote Session
    Req.OS Version  : not tested
    Req.PS Version  : not tested
.EXAMPLE
    Create-User.ps1 -datapath \\path\to\userdata.csv -credentialobject $cred
 #>
Param (
    [string]$datapath, <#Folder where the CSVs sit #>
    [System.Management.Automation.CredentialAttribute()]$credentialobject = $null
)
#region SET global var definitions
$ErrorActionPreference = "Continue"
Start-Transcript -path $ScriptLogPath  # | out-null

#endregion

#region SET var definitions

$userfile = "$datapath\userdata.txt"
$groupfile = "$datapath\groupdata.txt"

#Exchange
$MSXremotingserver = "exchangehostname"
$MSXdatabasenames = @("msx_db")

#AD
$domaincontroller = "dchostname"
$ADremotingserver = $domaincontroller
$BaseDN = "OU=Users,DC=domain,DC=local"

#endregion

#region Import Userdata
# CSV's are getting imported here - WORKING
#endregion

#region INIT Remotesession

#Get AD Creds / use given AD Creds
if (($credentialobject -ne $null) -and (($credentialobject.GetType()).name -eq "PSCredential")){
    $UserCredential = $credentialobject
}else{
    $UserCredential = Get-Credential
        # Get credentials to create the remote-sessions. Seems to be working.
}

$MSXSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionURI http://$MSXremotingserver/powershell -Credential $UserCredential
echo "import..."
$null = Import-PSSession $MSXSession -AllowClobber -DisableNameChecking  # | out-null
# After the import (Progress bars running through on top of the PS) another credential-mask appearing, "Cancel" makes the script run through without further errors.
echo "OK"

$ADSession = New-PSsession -Computername $ADremotingserver -Credential $UserCredential
Invoke-Command -Command {Import-Module ActiveDirectory -DisableNameChecking} -Session $ADSession  # | out-null
echo "import..."
Import-PSSession -Session $ADSession -Module "ActiveDirectory" -Prefix Remote -AllowClobber -DisableNameChecking  # | out-null
# After the import (Progress bars running through on top of the PS) another credential-mask appearing, "Cancel" makes the script run through without further errors.
echo "OK"


#AD-user already existing?
if ([bool](get-remoteaduser -LDAPFilter "(SamAccountName=$($userdata.Kuerzel))")){
    #Throw custom error - AD-User bereits vorhanden! 
}


#build Account...

# AD-user and Mailbox are created and configured. WORKING!


#endregion 

#region END Script

Get-PSSession | Remove-PSSession
Stop-Transcript
Write-Host "Beende Skript..."
start-sleep -Seconds 3
exit 10000

#endregion

.ps1的调用方式如下:

%systemroot%\System32\WindowsPowerShell\v1.0\powershell.exe -executionpolicy bypass -file \\helpdeskserver\powershell_userdata$\Create-User.ps1 \\helpdeskserver\path\to\csv"

我不知道该怎么办。尝试了每个命令的许多不同版本,尝试管道输入/输出,无济于事。 Google似乎不知道这种行为,Stackoverflow上的任何人都没有。.

感谢您的提示和帮助,我会很感激!

关于Ting3l

编辑:在没有管理权限的情况下启动.bat文件时(或右键单击->其他用户。-> admin-account),第二个/第三个凭据对话框不会出现,而是显示“索引超出范围”-例外。

1 个答案:

答案 0 :(得分:0)

也许无关紧要,但是您可以尝试通过Exit-PSSession退出会话。之后,使用exit 1000。当您在会话中使用exit时,Becoaser会完成会话(其中之后的所有代码将被忽略,但脚本将成功完成)