I'm dealing with a situation where privileged users have three different accounts: one for their EUC devices, one for member servers, and one for domain controllers. This setup is complicating the process of using New-PSSession in my script since it only handles one set of credentials at a time. When I'm trying to hook up to different servers, often the initial credentials don't work. I'm wondering if there's a more efficient approach to managing this credential mess instead of using multiple try/catch blocks in my script. Any suggestions?
3 Answers
Assuming you know which credentials go with which machines, there are a few approaches you could take. You could use a switch/case statement based on the machine name to assign the right credentials or make a function that accepts the server name and the credentials as parameters.
Are all these machines domain-joined? If so, you might want to check some details about the target machines before you attempt a connection. Domain controllers typically reside in the Domain Controllers OU, so if your servers are organized that way, you might have a better handle on which credentials to use for each machine. Otherwise, you could do a quick lookup to see which one works before connecting.
And with the strict RBAC policies in place, I’m not sure what info I can even pull programmatically.
If you can connect successfully at all, does it mean one credential is guaranteed to work per machine? A simpler approach might be something like this:
$ComputerName = 'computer1', 'computer2', 'computer3'
$credList = $cred1, $cred2, $cred3
$sessionList = $credList | ForEach-Object {
New-PSSession -ComputerName $ComputerName -Credential $_ -ErrorAction SilentlyContinue
}
Invoke-Command -Session $sessionList {
"Doing stuff on $env:COMPUTERNAME"
}
Remove-PSSession $sessionList
This way, you loop through the credentials and try to establish sessions without getting stuck on errors.
Yeah, they're all domain-joined, but honestly, the OU structure is a bit chaotic, so I can't rely on it completely!