Solved

Powershell Invoke-Command headache

Posted on 2014-03-19
3
397 Views
Last Modified: 2014-03-20
Writing a powershell script that I can schedule to run automagically, every couple weeks.  Script is to enumerate all servers on the network, enumerate services running with domain accounts, generate a new password, update AD and then update the service.

Through much troubleshooting I've basically identified that one line quite plainly isn't running.  Yet when I do it manually it does run.

I have tried the invocations from two methods, which I assume are transparent, but tested anyways:
$ses=New-PSSession -ComputerName $service.SystemName
Invoke-Command -Session $ses -ScriptBlock {}

#and

Invoke-Command -ComputerName $service.SystemName -ScriptBlock {}

Open in new window


So, here we go.  New-Password is a string generator that I wrote to meet my password requirements.  The line which I believe is not working correctly is line 11.
		foreach ($service in $managerservices){
			Write-Verbose "Beginning Service $($service.name)"
			$password = New-Password 10
			$secureADpassword = ConvertTo-SecureString -String $password -AsPlainText -force
			Set-ADAccountPassword -Identity $service.StartName.Split("\")[1] -NewPassword $secureADpassword -reset
			Write-Verbose "Invoking on $($service.SystemName)"
			Invoke-Command -ComputerName $Service.SystemName -ScriptBlock {
				param($service,$password)
				$secureServicepassword= ConvertTo-SecureString -String $password -Force -AsPlainText;
				$newservice=get-wmiobject win32_service -filter "name='$($service.name)'";
				$newservice.Change($null,$null,$null,$null,$null,$null,$newservice.StartName,$secureServicepassword,$null,$null,$null);#THIS LINE DOES NOT WORK
				$newservice.StopService();
				$newservice.StartService();
			} -ArgumentList $service,$password
			write-verbose "Adding $($service.Name) to array"
			$servlog = New-Object System.Object
			$servlog | add-member -type NoteProperty -name Server -value $service.SystemName
			$servlog | add-member -type NoteProperty -name Service -value $service.Name
			$servlog | add-member -type NoteProperty -name Username -value $service.StartName
			$servlog | add-member -type NoteProperty -name Password -value $password
			$servicesmanaged+=$servlog;
			
			$MASTERLIST +=$servlog
		}

Open in new window


I'm probably doing something stupid.  But I can't seem to see it.

Interestingly, the return output for the commands is (apart from the startservice method) entirely what I would expect to see.

It's being tested on a service with a manual startup, presently stopped.

WMI response for the change command is status code 0 (worked?!)
WMI response for the stop command is status code 5 (cannot accept control).  That said, if I start the service, it returns status code 0.
WMI response for the start command is status code 15 (invalid login)

If I manually type the new password into the service via the services.msc I am able to start the service
0
Comment
Question by:lunanat
3 Comments
 
LVL 39

Accepted Solution

by:
footech earned 500 total points
Comment Utility
It wouldn't surprise me if the command doesn't accept the password as a secure string.  I would try just specifying a plain text password in the command to see if it works.
0
 
LVL 68

Expert Comment

by:Qlemo
Comment Utility
... which means just use $password in the WMI call instead of $secureServicepassword.
0
 
LVL 1

Author Closing Comment

by:lunanat
Comment Utility
I guess that's what I get for expecting Microsoft to be secure.  Thanks!
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Active Directory replication delay is the cause to many problems.  Here is a super easy script to force Active Directory replication to all sites with by using an elevated PowerShell command prompt, and a tool to verify your changes.
Create and license users in Office 365 in bulk based on a CSV file. A step-by-step guide with PowerShell script examples.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now