Solved

Powershell Invoke-Command headache

Posted on 2014-03-19
3
407 Views
Last Modified: 2014-03-20
Writing a powershell script that I can schedule to run automagically, every couple weeks.  Script is to enumerate all servers on the network, enumerate services running with domain accounts, generate a new password, update AD and then update the service.

Through much troubleshooting I've basically identified that one line quite plainly isn't running.  Yet when I do it manually it does run.

I have tried the invocations from two methods, which I assume are transparent, but tested anyways:
$ses=New-PSSession -ComputerName $service.SystemName
Invoke-Command -Session $ses -ScriptBlock {}

#and

Invoke-Command -ComputerName $service.SystemName -ScriptBlock {}

Open in new window


So, here we go.  New-Password is a string generator that I wrote to meet my password requirements.  The line which I believe is not working correctly is line 11.
		foreach ($service in $managerservices){
			Write-Verbose "Beginning Service $($service.name)"
			$password = New-Password 10
			$secureADpassword = ConvertTo-SecureString -String $password -AsPlainText -force
			Set-ADAccountPassword -Identity $service.StartName.Split("\")[1] -NewPassword $secureADpassword -reset
			Write-Verbose "Invoking on $($service.SystemName)"
			Invoke-Command -ComputerName $Service.SystemName -ScriptBlock {
				param($service,$password)
				$secureServicepassword= ConvertTo-SecureString -String $password -Force -AsPlainText;
				$newservice=get-wmiobject win32_service -filter "name='$($service.name)'";
				$newservice.Change($null,$null,$null,$null,$null,$null,$newservice.StartName,$secureServicepassword,$null,$null,$null);#THIS LINE DOES NOT WORK
				$newservice.StopService();
				$newservice.StartService();
			} -ArgumentList $service,$password
			write-verbose "Adding $($service.Name) to array"
			$servlog = New-Object System.Object
			$servlog | add-member -type NoteProperty -name Server -value $service.SystemName
			$servlog | add-member -type NoteProperty -name Service -value $service.Name
			$servlog | add-member -type NoteProperty -name Username -value $service.StartName
			$servlog | add-member -type NoteProperty -name Password -value $password
			$servicesmanaged+=$servlog;
			
			$MASTERLIST +=$servlog
		}

Open in new window


I'm probably doing something stupid.  But I can't seem to see it.

Interestingly, the return output for the commands is (apart from the startservice method) entirely what I would expect to see.

It's being tested on a service with a manual startup, presently stopped.

WMI response for the change command is status code 0 (worked?!)
WMI response for the stop command is status code 5 (cannot accept control).  That said, if I start the service, it returns status code 0.
WMI response for the start command is status code 15 (invalid login)

If I manually type the new password into the service via the services.msc I am able to start the service
0
Comment
Question by:lunanat
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 40

Accepted Solution

by:
footech earned 500 total points
ID: 39941161
It wouldn't surprise me if the command doesn't accept the password as a secure string.  I would try just specifying a plain text password in the command to see if it works.
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 39942043
... which means just use $password in the WMI call instead of $secureServicepassword.
0
 
LVL 1

Author Closing Comment

by:lunanat
ID: 39942500
I guess that's what I get for expecting Microsoft to be secure.  Thanks!
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Nano Server Image Builder helps you create a custom Nano Server image and bootable USB media with the aid of a graphical interface. Based on the inputs you provide, it generates images for deployment and creates reusable PowerShell scripts that …
Recently we ran in to an issue while running some SQL jobs where we were trying to process the cubes.  We got an error saying failure stating 'NT SERVICE\SQLSERVERAGENT does not have access to Analysis Services. So this is a way to automate that wit…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question